Jump to content

cestmoi1337

Honorary Members
  • Posts

    65
  • Joined

  • Last visited

Everything posted by cestmoi1337

  1. I tried but I get a page that says "This account has been suspended". Please advise
  2. Hi Maurice, I've reset the setting in my browser and after that, I've successfully completed some searches and accessed the links without any problem. Thank you so much. If I see those annoying pages again I'll let you know. Thanks for your help!
  3. Hello guys, I'm using a laptop computer running Windows 7 SP1 64bit. I use Chrome as a browser. Lately, most of the time a try to access a link from a search result, it takes me to a page displaying a gray screen with some cryptic message saying that my computer is infected and advising me to call a number to have it fixed, all this while making a horrendous loud beep. The screens vary but most say SYSTEM SHUTDOWN CALL SUPPORT... It takes several clicks to make it go away. Next time I try the same link it works just fine. I ran MalwareBytes free and Spybot Search & Destroy and had a few things removed but the problem persists. I have not noted any other problem. Thanks in advance for your help. The FRST.txt file is this: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-07-2016 03 Ran by grevolorio (administrator) on TRMDU2 (18-07-2016 11:05:54) Running from C:\Users\grevolorio.trmdu2\Desktop Loaded Profiles: grevolorio & (Available Profiles: grevolorio & DefaultAppPool) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe (Stardock Corporation) F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WindowFXSRV.exe () F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\wfx32.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe (hMailServer) F:\Program Files (x86)\hMailServer\Bin\hMailServer.exe () F:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (AVG Technologies) F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (AVG Technologies) F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe () C:\Program Files\Synergy\synergyd.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ZabKat) C:\Program Files\zabkat\xplorer2\xplorer2_64.exe () C:\Program Files (x86)\Calibre2\calibre.exe () C:\Program Files (x86)\Calibre2\calibre-parallel.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Apple Inc.) C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe () C:\Program Files\Synergy\synergy.exe (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\Synergy\synergys.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] () HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [AttendeeCommunicator] => C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe [12007776 2016-03-14] (Microsoft Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [164152 2016-06-01] (Apple Inc.) Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X] Winlogon\Notify\MCPClient: C:\Program Files (x86)\Common Files\stardock\MCPStub.dll [2005-01-31] (Stardock) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe -update activex HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b93f89d9-224a-11e0-afff-f04da264333e} - E:\setup.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinSnap] => C:\Program Files\WinSnap\WinSnap64.exe [3874432 2013-06-18] (NTWind Software) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent Sync] => F:\Program Files (x86)\BitTorrent Sync\BTSync.exe [5514592 2015-06-30] (BitTorrent, Inc.) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Workrave] => F:\Program Files (x86)\Workrave\lib\workrave.exe [4480000 2013-01-13] (The Workrave development team) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [HideLogonScripts] 1 HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\MountPoints2: {6e07364a-5ca0-11e5-8a8f-0002761ce121} - E:\Setup.exe HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\MountPoints2: {bcc773c2-50b0-11e0-b28d-b7985eaf7599} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6e07364a-5ca0-11e5-8a8f-0002761ce121} - E:\Setup.exe HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bcc773c2-50b0-11e0-b28d-b7985eaf7599} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe -update activex HKU\S-1-5-18\...\MountPoints2: {b93f89d9-224a-11e0-afff-f04da264333e} - E:\setup.exe Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files (x86)\Common Files\stardock\MCPCore.dll (Stardock) SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %SystemRoot%\system32\stobject.dll (Microsoft Corporation) SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [!BTSync2.0.128Done] -> {581FFA04-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [!BTSync2.0.128RO] -> {581FFA03-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [!BTSync2.0.128RW] -> {581FFA02-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128Done] -> {581FFA04-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128RO] -> {581FFA03-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128RW] -> {581FFA02-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC-2-DB.lnk [2015-09-27] ShortcutTarget: DC-2-DB.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC-3-SP.lnk [2015-09-27] ShortcutTarget: DC-3-SP.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC_1.lnk [2015-09-27] ShortcutTarget: DC_1.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Synergy.lnk [2016-03-22] ShortcutTarget: Synergy.lnk -> C:\Windows\Installer\{68C1AA13-4370-4761-B53F-1862C2CE26CB}\synergy.ico (No File) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk [2016-07-11] ShortcutTarget: BHODemon 2.0.lnk -> C:\Program Files (x86)\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calibre - E-book management.lnk [2015-06-19] ShortcutTarget: calibre - E-book management.lnk -> C:\Program Files (x86)\Calibre2\calibre.exe () Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-02] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk [2016-07-11] ShortcutTarget: BHODemon 2.0.lnk -> C:\Program Files (x86)\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calibre - E-book management.lnk [2015-06-19] ShortcutTarget: calibre - E-book management.lnk -> C:\Program Files (x86)\Calibre2\calibre.exe () Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-02] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03}: [NameServer] 75.75.75.75 Tcpip\..\Interfaces\{2E7C3C01-490F-4425-84AD-AFDD0E4D2B58}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{5AFE6685-1C35-46C8-A029-662B58E9021D}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{64CC2F48-277C-4B3F-B096-F134D5C26275}: [NameServer] 192.168.0.1,75.75.76.76 Tcpip\..\Interfaces\{75F23FE3-1277-4A15-B393-F09B6F2535B6}: [NameServer] 192.168.0.100 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1085031214-796845957-725345543-2791\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {15261C5A-E2D7-42B4-AE84-D92AE430C800} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {15261C5A-E2D7-42B4-AE84-D92AE430C800} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-outbrowse/search/redirect/?type=default&user_id=f4948b29-18ba-4e54-80f2-876cde2854e2&query={searchTerms} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2791 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-10] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-11] (LastPass) BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-10] (Oracle Corporation) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-06-19] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-25] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-11] (LastPass) BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.) BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-25] (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-11] (LastPass) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-06-19] (Siber Systems Inc.) Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-11] (LastPass) Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) IE Session Restore: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled. IE Session Restore: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009 -> is enabled. IE Session Restore: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled. DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default FF DefaultSearchEngine.US: Google FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> F:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> F:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-10] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-11] (LastPass) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-11] (LastPass) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-08-25] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-08-25] (NVIDIA Corporation) FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-08-13] (MediaMall Technologies, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\grevolorio\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-11] (Citrix Online) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: LWAPlugin15.8 -> C:\Users\grevolorio\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-09-18] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom) FF user.js: detected! => C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\user.js [2015-06-16] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2014-11-19] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginAOC.dll [2016-03-14] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Disconnect - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\2.0@disconnect.me.xpi [2015-06-16] FF Extension: Flashblock - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-05-06] FF Extension: Turn Off the Lights - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\stefanvandamme@stefanvd.net.xpi [2016-05-06] FF Extension: LastPass - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\support@lastpass.com [2016-05-06] FF Extension: Amazon Price Tracker - Keepa.com - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\amptra@keepa.com.xpi [2016-05-06] FF Extension: PriceZombie, Price Tracker & Price Comparison - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\jid1-a36dFT994VgKDA@jetpack.xpi [2015-10-08] FF Extension: PlayOn - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\playonplugin@playon.tv [2015-06-24] [not signed] FF Extension: Video DownloadHelper - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30] FF Extension: Adblock Plus - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-22] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afproxy@anchorfree.com [2015-09-23] [not signed] FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-09-23] [not signed] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2015-09-23] [not signed] FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-12-06] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-06-19] [not signed] FF HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR DefaultSearchKeyword: Default -> lp CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11] CHR Extension: (Entanglement Web App) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-11] CHR Extension: (SearchReportRecordResult Class) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-09-16] [UpdateUrl: hxxps://clients2.google/service/cnhpbmgmfaaapmaoibgdmapbjfofolig] <==== ATTENTION CHR Extension: (Google Docs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11] CHR Extension: (Send to OneNote) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokbjibjnekbfdjilfpoknnokaffoinp [2015-07-01] CHR Extension: (Google Drive) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (Turn Off the Lights) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-06-24] CHR Extension: (YouTube) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Honey) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-07-15] CHR Extension: (Adblock Plus) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-01] CHR Extension: (Incognito-Filter) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifilbmpnkjinlkchohdfcpdkmpngiik [2015-06-11] CHR Extension: (Google Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Tampermonkey) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-16] CHR Extension: (Unlimited Hotspot Tethering) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\diddhabdhahhfajjfgepdlanilmdnogk [2015-06-24] CHR Extension: (Facebook Disconnect) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2015-06-11] CHR Extension: (Photo Zoom for Facebook) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-06-11] CHR Extension: (Google Sheets) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11] CHR Extension: (Chrome Remote Desktop) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-13] CHR Extension: (Google Docs Offline) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22] CHR Extension: (Close all Tabs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcmiphoepcihlmphakgmpapfpldlleg [2015-06-11] CHR Extension: (AdBlock) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-11] CHR Extension: (Pin It Button) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-26] CHR Extension: (TinEye Reverse Image Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-06-11] CHR Extension: (LastPass: Free Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-07-15] CHR Extension: (SuperSorter) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2015-06-11] CHR Extension: (Google Keep - notes and lists) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-07-13] CHR Extension: (Google Theme) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne [2015-06-11] CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2016-03-22] CHR Extension: (Cisco WebEx Extension) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-06-11] CHR Extension: (Speed Dial 2) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-01] CHR Extension: (Reddit Enhancement Suite) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-22] CHR Extension: (The Great Suspender) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-11-02] CHR Extension: (Roomy Bookmarks Toolbar) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfbpoigddhdibjcilijiejaidggonfc [2015-08-28] CHR Extension: (Evernote Web) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-06-11] CHR Extension: (Instapaper) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh [2016-03-04] CHR Extension: (Facebook Ads Hider) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\leeebdddeggoocipdjiokmjcpidnmoah [2015-06-11] CHR Extension: (Unicorn Smasher) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmeekapjbfjachdkgabdaoccfclpaa [2016-06-17] CHR Extension: (PlayOn) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2015-09-15] CHR Extension: (Poppit!) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-06-11] CHR Extension: (Ghostery) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-03-04] CHR Extension: (SharePoint Fix) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc [2015-11-02] CHR Extension: (deviantART muro) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2015-06-11] CHR Extension: (Save to Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-07-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-28] CHR Extension: (Hover Zoom) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2016-06-01] CHR Extension: (Evernote Web Clipper) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-07-01] CHR Extension: (Gmail) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11] CHR Extension: (Privacy Badger) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-06-01] CHR Extension: (RSS Feed Reader) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-07-11] CHR Extension: (RoboForm Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-03-22] CHR Profile: C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-01] CHR Extension: (Google Docs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-01] CHR Extension: (Google Drive) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-01] CHR Extension: (YouTube) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-01] CHR Extension: (Google Sheets) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-01] CHR Extension: (Chrome Remote Desktop) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-06-01] CHR Extension: (20 Cubed) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\geghmabifcdlkmpnkapfefbbfaonhcef [2016-06-01] CHR Extension: (Google Docs Offline) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-01] CHR Extension: (AdBlock) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-10] CHR Extension: (Slinky Wood) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcaidncenfklbfikefeppfgehcbmmecn [2016-06-01] CHR Extension: (LastPass: Free Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-24] CHR Extension: (Invite All Friends on Facebook) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-06-24] CHR Extension: (Speed Dial 2) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-01] CHR Extension: (The Great Suspender) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-06-01] CHR Extension: (PlayOn) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2016-06-01] CHR Extension: (Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-06-01] CHR Extension: (SharePoint Fix) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc [2016-06-01] CHR Extension: (Save to Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-06-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-01] CHR Extension: (Context Menu Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2016-06-01] CHR Extension: (Gmail) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-01] CHR Extension: (RSS Feed Reader) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-06-25] CHR Extension: (RoboForm Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-06-01] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-09-10] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-09-24] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22] CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-09-10] StartMenuInternet: Google Chrome.HA3GT6LIC6CKERU66IYIZVETX4 - C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe [68488 2016-04-14] (Google Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation) S4 CronService; C:\Prey\platform\windows\cronsvc.exe [19968 2011-02-15] (Fork Ltd.) [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed] R2 hMailServer; F:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [4512768 2015-07-09] (hMailServer) [File not signed] R2 KinoniSvc; f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [524800 2014-11-12] () [File not signed] R2 MBAMScheduler; f:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; f:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5933872 2015-09-18] (MediaMall Technologies, Inc.) S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () S4 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [17920 2011-09-19] (Microsoft) [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4476096 2005-09-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) S3 SandraAgentSrv; f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\RpcAgentSrv.exe [73200 2014-11-05] (SiSoftware) [File not signed] R2 SDScannerService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI) [File not signed] R2 Synergy; C:\Program Files\Synergy\synergyd.exe [312488 2016-03-18] () S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH) R2 TuneUp.UtilitiesSvc; F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies) R2 VMAuthdService; F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed] S2 VMwareHostd; F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe [15680000 2012-08-15] () [File not signed] S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2013-05-16] (Stardock Corporation) [File not signed] R2 WindowFX; F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WindowFXSRV.exe [181904 2012-03-08] (Stardock Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.) R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation) S3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2014-11-12] (Windows (R) Win 7 DDK provider) S3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2014-11-12] (Windows (R) Win 7 DDK provider) S4 LMIRfsClientNP; no ImagePath R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-18] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 SANDRA; f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () U5 UnlockerDriver5; F:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation) R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.) R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-03-22] (WinISO.com) S1 bbstlqcp; \??\C:\Windows\system32\drivers\bbstlqcp.sys [X] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] S1 ekgpaanc; \??\C:\Windows\system32\drivers\ekgpaanc.sys [X] S1 emzyrjza; \??\C:\Windows\system32\drivers\emzyrjza.sys [X] S1 fzqrwich; \??\C:\Windows\system32\drivers\fzqrwich.sys [X] S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X] S1 mttwbomv; \??\C:\Windows\system32\drivers\mttwbomv.sys [X] S1 ouqyzldm; \??\C:\Windows\system32\drivers\ouqyzldm.sys [X] S1 sesugyny; \??\C:\Windows\system32\drivers\sesugyny.sys [X] S3 SliceDisk5; \??\C:\Users\grevolorio\AppData\Local\Temp\HBCD\PartitionFindAndMount\slicedisk-x64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S1 vixxdple; \??\C:\Windows\system32\drivers\vixxdple.sys [X] S2 WGX; System32\Drivers\WGX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-18 11:05 - 2016-07-18 11:07 - 00067984 _____ C:\Users\grevolorio.trmdu2\Desktop\FRST.txt 2016-07-18 11:03 - 2016-07-18 11:03 - 02391040 _____ (Farbar) C:\Users\grevolorio.trmdu2\Desktop\FRST64.exe 2016-07-18 10:07 - 2016-07-18 10:07 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-18 10:07 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-07-16 08:38 - 2016-05-09 16:48 - 00450051 _____ C:\Windows\system32\Drivers\etc\hosts.20160716-083854.backup 2016-07-13 09:49 - 2016-07-13 09:50 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\vlc 2016-07-13 09:22 - 2016-07-13 09:22 - 00000000 ____D C:\Users\grevolorio.trmdu2\Projects Series 2016-07-13 09:22 - 2016-07-13 09:22 - 00000000 ____D C:\Users\grevolorio.trmdu2\HDR Projects 4 Pro 2016-07-13 09:20 - 2016-07-13 09:20 - 00001162 _____ C:\Users\Public\Desktop\HDR projects 4 professional (64-Bit).lnk 2016-07-13 09:20 - 2016-07-13 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis 2016-07-13 09:20 - 2016-07-13 09:20 - 00000000 ____D C:\Program Files\Franzis 2016-07-11 14:07 - 2016-07-11 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-07-11 10:48 - 2016-07-11 10:48 - 00000957 _____ C:\Users\grevolorio.trmdu2\Desktop\BHODemon 2.0.lnk 2016-07-11 10:48 - 2016-07-11 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BHODemon 2.0 2016-07-11 10:48 - 2016-07-11 10:48 - 00000000 ____D C:\Program Files (x86)\BHODemon 2 2016-07-09 08:49 - 2016-07-09 08:49 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\Program Files\iTunes 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\Program Files\iPod 2016-06-24 09:43 - 2016-07-08 21:18 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-18 11:05 - 2014-01-30 12:00 - 00000548 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108.job 2016-07-18 11:05 - 2012-05-23 18:15 - 00000000 ____D C:\FRST 2016-07-18 11:05 - 2011-08-04 09:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-18 11:01 - 2014-11-04 15:34 - 00000382 _____ C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job 2016-07-18 10:55 - 2015-09-16 12:08 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-18 10:32 - 2015-07-02 10:19 - 00000644 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108.job 2016-07-18 10:21 - 2012-07-27 08:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-18 10:08 - 2015-06-30 08:58 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-07-18 10:07 - 2014-08-20 09:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-07-18 06:15 - 2009-07-14 00:45 - 00033392 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-18 06:15 - 2009-07-14 00:45 - 00033392 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-18 02:07 - 2015-06-11 15:15 - 00000000 ____D C:\ProgramData\MediaMall 2016-07-18 01:19 - 2015-06-30 08:58 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-07-17 22:59 - 2015-09-30 10:32 - 00000000 ____D C:\Program Files\KMSpico 2016-07-17 20:05 - 2011-08-04 09:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-17 09:28 - 2009-07-14 01:13 - 00845984 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-17 09:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-07-14 20:21 - 2012-07-27 08:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-14 20:21 - 2012-04-13 10:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-14 20:21 - 2011-05-20 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-13 15:39 - 2015-06-11 20:52 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Local\CrashDumps 2016-07-13 13:18 - 2011-01-21 14:14 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-07-13 12:43 - 2015-07-07 13:19 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent 2016-07-13 09:22 - 2015-06-11 14:53 - 00000000 ____D C:\Users\grevolorio.trmdu2 2016-07-12 16:21 - 2012-01-26 17:19 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-12 16:21 - 2011-01-21 11:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-11 14:08 - 2015-06-30 08:57 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-07-11 10:59 - 2012-06-11 10:02 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-07-09 08:49 - 2015-07-07 11:43 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-07-09 08:49 - 2014-02-28 10:55 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-07-07 09:58 - 2015-06-17 13:26 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Local\calibre-cache 2016-07-07 09:22 - 2015-06-17 13:25 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\calibre 2016-07-01 13:31 - 2015-11-02 15:45 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk 2016-07-01 13:31 - 2011-06-09 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2016-07-01 13:31 - 2011-06-09 14:01 - 00000000 ____D C:\Program Files (x86)\Calibre2 2016-06-27 11:21 - 2015-09-23 03:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-27 11:21 - 2012-10-10 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-06-27 10:24 - 2015-06-11 20:51 - 00000000 ____D C:\Users\grevolorio.trmdu2\.VirtualBox 2016-06-24 17:46 - 2015-06-17 09:21 - 00143848 _____ C:\Users\grevolorio.trmdu2\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-21 05:42 - 2013-11-12 12:46 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-06-21 05:41 - 2014-03-18 09:15 - 00000000 ____D C:\Program Files\Microsoft Office 15 ==================== Files in the root of some directories ======= 2012-01-30 09:55 - 2015-06-11 15:56 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-06-12 19:46 - 2015-06-12 19:46 - 0000064 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sandra.ldb 2015-06-12 19:46 - 2015-06-12 21:14 - 14417920 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sandra.mdb 2015-08-28 17:23 - 2015-08-28 17:23 - 0000020 ___SH () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sys11965 DataCollection.dat 2015-08-28 17:23 - 2015-08-28 17:23 - 0000020 ___SH () C:\Users\grevolorio.trmdu2\AppData\Roaming\System413_DataDB.ind 2015-07-04 08:40 - 2015-07-09 19:01 - 0000600 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\winscp.rnd 2015-09-28 09:21 - 2015-09-28 09:21 - 0000038 ___SH () C:\Users\grevolorio.trmdu2\AppData\Local\5678c43253f8bbb5ed82a9.59421958 2015-07-04 08:47 - 2015-07-13 11:07 - 0000600 _____ () C:\Users\grevolorio.trmdu2\AppData\Local\PUTTY.RND 2015-09-16 12:03 - 2015-09-16 12:03 - 0045957 _____ () C:\ProgramData\HELP_DECRYPT.PNG 2015-09-16 12:03 - 2015-09-16 12:03 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL 2012-08-20 10:22 - 2012-08-28 15:25 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2014-12-18 12:06 - 2014-12-18 12:06 - 0000202 _____ () C:\ProgramData\nbinst.ini 2013-11-25 17:35 - 2013-11-25 17:35 - 0000018 _____ () C:\ProgramData\ruby-uuid Files to move or delete: ==================== C:\Users\grevolorio\SyncToy_6f9d1157-50ab-4e8a-b246-c8013fe8d91a.dat C:\Users\grevolorio\SyncToy_eb83ad46-2f1d-44ad-8333-991854e5ef51.dat Some files in TEMP: ==================== C:\Users\grevolorio\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_kz8ag.dll C:\Users\grevolorio\AppData\Local\Temp\RoboForm-Setup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-07 10:41 ==================== End of FRST.txt ============================ And the Addition.txt is: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016 03 Ran by grevolorio (2016-07-18 11:08:11) Running from C:\Users\grevolorio.trmdu2\Desktop Windows 7 Professional Service Pack 1 (X64) (2012-06-05 17:59:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3578782807-1016812498-1856270605-500 - Administrator - Disabled) grevolorio (S-1-5-21-3578782807-1016812498-1856270605-1009 - Administrator - Enabled) => C:\Users\grevolorio.trmdu2 Guest (S-1-5-21-3578782807-1016812498-1856270605-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\uTorrent) (Version: 3.4.3.40466 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.40466 - BitTorrent Inc.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics) Acute Email IDs Production Engine (HKLM-x32\...\{CB72E17B-1BCA-441F-A8A0-64C6FDF09425}) (Version: 10.3.5 - SAGAWEBS.COM) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated) Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe LiveCycle Designer 7.1 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\InstallShield_{B8420E42-9664-43AF-BD01-F7B12EBA92CF}) (Version: 7.1.0000 - Adobe) Adobe Media Player (HKLM-x32\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader 64-bit fixes (HKLM\...\{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1) (Version: - Leo Davidson / Pretentious Name) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Allway Sync version 10.3.25 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc) Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6F085FCD-4B6A-4F63-AF23-B74629C40797}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies) AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.0.0 - Wacom Europe GmbH) Hidden Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden BHODemon 2.0.0.23 (HKLM-x32\...\BHODemon_is1) (Version: - Definitive Solutions, Inc.) BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 2.0.128 - BitTorrent Inc.) Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Box Edit (HKLM-x32\...\{8887D190-E3EC-45D9-A62D-DF423B53CBEE}) (Version: 3.0.25.511 - Box) Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden calibre (HKLM-x32\...\{BA623AFD-BE42-4B5F-9B8E-01FAB9BB2B51}) (Version: 2.61.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{95EB2FCC-AE0B-40E9-B804-347C6358923B}) (Version: 51.0.2704.7 - Google Inc.) Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.) Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix) ClipX (HKLM-x32\...\ClipX) (Version: - ) Color Cop 5.4.3 (HKLM-x32\...\Color Cop_is1) (Version: - Jay Prall) Color Picker (HKLM-x32\...\ST6UNST #1) (Version: - ) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden CutePDF Professional 3.3 (HKLM-x32\...\{F10D1D8F-C20C-4F0D-B243-688C0C6873F6}) (Version: 3.30.1001 - Acro Software Inc.) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation) Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) eReader (HKLM-x32\...\{453C9E55-80DF-4BD2-9885-52A1FB0D9382}) (Version: 3.0.3 - Palm Digital Media) Evernote v. 5.2 (HKLM-x32\...\{090931D6-A2F4-11E3-AD9C-00163E98E7D0}) (Version: 5.2.0.2946 - Evernote Corp.) ExtraPutty 0.22 (HKLM-x32\...\{14C76057-E495-47E1-BDF0-1A1CC1752ADF}) (Version: 0.22 - ) Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation) Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.5.6 - Telerik) FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: - LopeSoft - Rubén López Hernández) FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse) Fine Woodworking Archive (HKLM-x32\...\{84D74E02-0F71-4107-B92F-48848C06ABB0}) (Version: 2.0.1 - Taunton) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.) Git version 1.7.6-preview20110708 (HKLM-x32\...\Git_is1) (Version: 1.7.6-preview20110708 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline) Gtk# for .Net 2.12.25 (HKLM-x32\...\{889E7D77-2A98-4020-83B1-0296FA1BDE8A}) (Version: 2.12.25 - Xamarin, Inc.) HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) HDR projects 4 professional (64-Bit) (HKLM\...\HDR_PROJECTS_4_3_3BF7CE82_is1) (Version: 4.41 - Franzis Verlag GmbH) hMailServer 5.6.4-B2283 (HKLM-x32\...\hMailServer_is1) (Version: - ) huey 1.0.5 (HKLM-x32\...\huey_is1) (Version: - Pantone & GretagMacbeth) IdeaRoom (HKLM-x32\...\{9D3E0103-F902-4368-8CAE-21EE46F2DE9E}) (Version: 1.36.0070 - Sawtooth Ideas) IETester v0.4.10 (remove only) (HKLM-x32\...\IETester) (Version: 0.4.10 - Core Services) iExplorer 3.2.2.6 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) IMG to ISO (HKLM-x32\...\{F10528D1-6478-4F67-A393-CCAC1DB958C1}_is1) (Version: - imgtoiso.com) Inkscape 0.48.1 (HKLM-x32\...\Inkscape) (Version: 0.48.1 - ) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation) iPhoneBrowser (HKLM-x32\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software) IsoBuster 3.4 (HKLM-x32\...\IsoBuster_is1) (Version: 3.4 - Smart Projects) iTunes (HKLM\...\{709990D1-03DA-4302-B364-E4D9F17E2198}) (Version: 12.4.1.6 - Apple Inc.) Java 2 Runtime Environment, SE v1.4.1 (HKLM-x32\...\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}) (Version: - ) Java 2 Runtime Environment, SE v1.4.1_07 (HKLM-x32\...\{CA532E73-1BB7-11D8-9D6A-00010240CE95}) (Version: - ) Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) Java Web Start (HKLM-x32\...\Java Web Start) (Version: - ) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle) Java(TM) 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216039FF}) (Version: 6.0.390 - Oracle) Java(TM) SE Development Kit 6 Update 39 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160390}) (Version: 1.6.0.390 - Oracle) Java(TM) SE Development Kit 7 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.) join.me (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\JoinMe) (Version: 1.17.0.156 - LogMeIn, Inc.) Keywords Studio Pro (HKLM-x32\...\Keywords Studio Pro 1.0.0) (Version: 1.0.0 - intraSEO) Keywords Studio Pro (x32 Version: 1.0.0 - intraSEO) Hidden KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni) K-Lite Codec Pack 8.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.6.0 - ) KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - ) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden LAN-Fax Utilities (HKLM\...\LAN-Fax Utilities) (Version: - ) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version: - Code Jelly) LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.71 - Alliance Software Pty Ltd) Market Samurai (x32 Version: 0.93.71 - Alliance Software Pty Ltd) Hidden Maxwell for SketchUp 2014 (HKLM-x32\...\{E3FA7086-A065-4FAF-B819-400927194F80}) (Version: 3.0.11 - Next Limit Technologies) MDF to ISO version 1.0 (HKLM-x32\...\{79DDA36F-B19E-4293-A4F2-FA3EC1C06E6E}_is1) (Version: 1.0 - mdftoiso.com) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Metalogix Content Matrix Console - File Share Edition (HKLM-x32\...\{99641A98-EE9B-4521-916C-DF09AC9DD4A3}) (Version: 6.2.0302 - Metalogix Software Corp.) Metalogix Content Matrix Console - Public Folder Edition (HKLM-x32\...\{E18CB092-505F-4FE1-B4C7-C53DBBBBA938}) (Version: 6.2.0302 - Metalogix Software Corp.) Metalogix Content Matrix Console - SharePoint Edition (HKLM-x32\...\{A4E8B4B5-C6D6-414B-A513-EDDB70F58959}) (Version: 6.2.0302 - Metalogix Software Corp.) Micro-Measure (HKLM-x32\...\{75E1D518-6772-4073-A71C-354B71181391}) (Version: 1.0.0 - Brightwell) Microsoft .NET Compact Framework 1.0 SP3 Developer (HKLM-x32\...\{6C531060-84FB-4F96-8F33-29DF020632EB}) (Version: 1.0.4292 - Microsoft Corporation) Microsoft .NET Compact Framework 2.0 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.5238 - Microsoft Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation) Microsoft Device Emulator version 1.0 - ENU (HKLM-x32\...\{78B75C6D-E53C-424C-BF83-4B63BD4A6682}) (Version: 1.0.50727.42 - Microsoft Corporation) Microsoft Document Explorer 2005 (HKLM-x32\...\Microsoft Document Explorer 2005) (Version: - Microsoft Corporation) Microsoft Exchange Web Services Managed API 2.1 (HKLM-x32\...\{24CA683D-8174-4EBF-AD4D-3F2DD7814716}) (Version: 15.0.847.30 - Microsoft Corporation) Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation) Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation) Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation) Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation) Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation) Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation) Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation) Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation) Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation) Microsoft Filter Pack 1.0 (HKLM\...\{95120000-2000-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1104 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Lync 2010 Attendee (HKLM-x32\...\{09335E49-1C8F-4973-9929-941BE9C6EF33}) (Version: 4.0.7577.4498 - Microsoft Corporation) Microsoft Lync Web App Plug-in (HKLM\...\{52CAD0B7-8759-4CE5-94D7-8825BBFD7445}) (Version: 15.8.8653.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation) Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Developer Tools for Visual Studio 2013 - November 2014 Update (HKLM-x32\...\{ac415136-ae46-4301-b23e-6559062bfa7b}) (Version: 12.0.31105.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft) Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesignerR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft) Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft) Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Robocopy GUI (HKLM-x32\...\{107C666F-63C5-4263-8D40-8B9CFB5FED08}) (Version: 1.0.0 - Microsoft) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation) Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{62D2F823-0EAA-496D-B0F9-A869BFC51550}) (Version: 8.05.2312 - Microsoft Corporation) Microsoft SQL Server 2005 Books Online (English) (September 2007) (HKLM-x32\...\{6FDD4688-E063-401D-B6BE-7234E20B9173}) (Version: 9.00.3104 - Microsoft Corporation) Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (HKLM-x32\...\{1389C6A4-4965-4AEC-9175-08B54A10FA48}) (Version: 3.0.0.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Policies (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{88CB5DFD-6CE1-486F-998C-9FC090FCE5E2}) (Version: 11.1.3128.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU (HKLM\...\{75F299F3-8234-47CD-BB40-2994C1B1105E}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual Studio 2005 Premier Partner Edition - ENU (HKLM-x32\...\{C25EF637-BE7A-4761-9B45-9069989C319F}) (Version: 8.0.50728 - Microsoft Corporation) Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) (HKLM-x32\...\KB926601.T2_29ToU260_29) (Version: 1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 SharePoint Power Tools (HKLM-x32\...\{FD84580C-12DC-3BA4-ABE8-1E337F776F1D}) (Version: 10.0.30604 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{6dff50d0-3bc3-4a92-b724-bf6d6a99de4f}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation) Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation) Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation) MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.) MoSync (HKLM-x32\...\MoSync) (Version: - Mobile Sorcery) MotoHelper 2.1.32 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola) MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) Hidden Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) MSDN Library for Visual Studio 2005 (HKLM-x32\...\MSDN Library for Visual Studio 2005) (Version: 8.0.50727.42 - Microsoft) MSDN Library for Visual Studio 2005 (x32 Version: 8.0.50727.42 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyLifeOrganized v. 4.3.1 (HKLM-x32\...\MyLife Organized) (Version: 4.3.1 - MyLifeOrganized.net) MySQL Connector/ODBC 5.3 (HKLM\...\{43E572BC-B21F-4BEC-94CA-2D4AA6F53246}) (Version: 5.3.2 - Oracle Corporation) MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.) Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG) Node.js (HKLM\...\{FC4E166C-598C-48CC-BFAC-A709121D3B2C}) (Version: 0.10.22 - Joyent, Inc. and other Node contributors) Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - ) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5951 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5951 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden OutlookTools 2 (HKLM-x32\...\{E69BB189-4B20-46AE-93CF-59099F05FC3F}) (Version: 2.3.0 - HowTo-Outlook) Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 Design-Time - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) Pandora (HKLM-x32\...\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1) (Version: 2.0.5 - Pandora Media, Inc.) Pandora (x32 Version: 2.0.5 - Pandora Media, Inc.) Hidden Paprika Recipe Manager (HKLM-x32\...\{E9AC2A1E-F693-43D0-BBF4-C57A4D9BDFCF}) (Version: 1.0.4 - Hindsight Labs LLC) ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden PDFill PDF Editor with FREE PDF Writer and Tools (HKLM-x32\...\{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}) (Version: 5.0 - PlotSoft LLC) PDFill PDF Writer (HKLM-x32\...\PDFill PDF Writer) (Version: - ) Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden PlayLater (HKLM-x32\...\{B9050F2D-0F98-4530-A494-FCA63931FBE5}) (Version: 1.6.42 - MediaMall Technologies, Inc.) PlayOn (HKLM-x32\...\{8D437274-5816-474B-B57C-C28D62433F8F}) (Version: 3.10.42 - MediaMall Technologies, Inc.) Plex (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Plex) (Version: 0.9.502 - Plex, Inc) Polipo 1.0.4.1 (HKLM-x32\...\Polipo) (Version: - ) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 2.6 pycrypto-2.3 (HKLM-x32\...\{D6242566-9EF5-426E-8F75-F4FBCC010186}) (Version: 2.3.0 - Dwayne C. Litzenberger) Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden Qdabra Rules Library (HKLM\...\{50F764E1-0DB5-4252-8AE9-780BB3A3B16C}) (Version: 2.3.0005 - Qdabra Software) Qdabra Rules Library (HKLM-x32\...\{0643AB4D-8502-47FF-AB27-FCF3649CC3C3}) (Version: 6.1.0001 - Qdabra Software) Qdabra Rules Library (HKLM-x32\...\{2CEB2CBB-6939-48B7-989A-AB01FBB6B14E}) (Version: 5.1.0000 - Qdabra Software) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RAMDisk (HKLM-x32\...\{01D5FF1F-BB19-4387-8EF1-C6319037EC12}) (Version: 3.5.130 - Dataram, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.) Recover My Files (HKLM-x32\...\Recover My Files_is1) (Version: 4.9.2.1240 - GetData Pty Ltd) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Reflector (HKLM\...\{77342B24-A2A9-4420-8C9C-C109EE201CBC}) (Version: 1.3.3.1 - Squirrels) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller 1.92 (HKLM-x32\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group) Revo Uninstaller Pro 2.4.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.4.3 - VS Revo Group, Ltd.) Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net) RoboForm 7-9-14-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-14-4 - Siber Systems) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.66.00(10/30/2014) - Samsung Electronics Co., Ltd.) Samsung M2020 Series (HKLM-x32\...\Samsung M2020 Series) (Version: 1.23 (12/24/2014) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Saver2 (HKLM-x32\...\Saver2) (Version: 1.3.2 - ZZJ) ScanSoft PDF Create! 4 (HKLM\...\{33307810-2945-4F3F-8FEA-0BF522AEFCA7}) (Version: 4.01.0069 - Nuance Communications, Inc.) Scrum Solution Starter for Microsoft Project 2010 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CC7790844E65D3F0F0686CF43FEDFB17AA666F95) (Version: 1.0.0.71 - Microsoft) SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology) Send to OneNote 2007 (HKLM-x32\...\{D0180909-85ED-4F97-B12C-C9E3129F78DC}) (Version: 1.0.0 - Microsoft Office OneNote 2007 PowerToys) SendToOneNote for Chrome (HKLM-x32\...\{62A77CC8-B17A-49C0-9BE6-E77216E86BD3}) (Version: 1.2.0 - Aspark Software) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version: - Microsoft) SharePoint Client Components (HKLM\...\{95150003-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4641.1002 - Microsoft Corporation) SharePoint Client Components (HKLM\...\{95160002-1163-0409-1000-0000000FF1CE}) (Version: 16.0.3104.1200 - Microsoft Corporation) Sharpener Pro 3.0 (HKLM-x32\...\Sharpener Pro 3.0 Stand-Alone) (Version: 3.0.0.5 - Nik Software, Inc.) Sigil 0.4.2 (HKLM\...\Sigil_is1) (Version: - John Schember) SiSoftware Sandra Business 2015 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.10.2015.1 - SiSoftware) SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited) SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited) Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0) (Version: 2.0 - Sparkol) Sparkol VideoScribe (x32 Version: 2.0 - Sparkol) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQLXML4 (HKLM\...\{DEA9F247-F832-4E36-90BF-D8EDA206521A}) (Version: 9.00.5000.00 - Microsoft Corporation) Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 8.12 - Stardock Software, Inc.) Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated) SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) Synergy (64-bit) (HKLM\...\{77865914-4067-41D2-8DE0-ACFA9C83351D}) (Version: 1.7.6 - The Synergy Project) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.62308 - TeamViewer) TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.) TopStyle (Version 3) (HKLM-x32\...\TopStyle (Version 3)) (Version: 3.1.0 - Bradbury Software, LLC) Tor 0.2.1.30 (HKLM-x32\...\Tor) (Version: - ) Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.4 - Transmission) TreeSize Free V2.6 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.6 - JAM Software) TreeSize Professional 5.3.4 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.3.4 - JAM Software) TuneUp 2.5.0.0 (HKLM-x32\...\TuneUpMedia) (Version: 2.5.0.0 - TuneUp Media, Inc.) TuneWiki (HKLM-x32\...\TuneWiki) (Version: 1.0.165.0 - TuneWiki) U2 PCAM (HKLM-x32\...\{F89DC420-FF15-485D-8254-67A27ED1313B}) (Version: 1.2.3.4 - Genesys Logic) Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft) Update or Uninstall SENukeX (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX) Update or Uninstall SENukeX (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX) Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.) Velvia Vision (HKLM-x32\...\{F02DBC56-E5AB-4F74-B995-4586F91D4BDC}) (Version: 1.0 - Fred Miranda) Vertus Fluid Mask 3 2.100.2-RC2 (HKLM-x32\...\VertusFluidMask3) (Version: 2.100.2-RC2 - ) Vidalia 0.2.12 (HKLM-x32\...\Vidalia) (Version: - ) Video Enhancer 1.9.6 (HKLM-x32\...\Video Enhancer_is1) (Version: - Infognition Co. Ltd.) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes) Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.0 - VMware, Inc) VMware Workstation (Version: 9.0.0 - VMware, Inc.) Hidden WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation) Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation) WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinDirStat 1.1.2 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - ) WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun) WindowFX (x32 Version: 5.01 - Stardock Corporation) Hidden Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5) (HKLM\...\929413420CDE2F0C2C08C06E73FF16D9CB6C9807) (Version: 09/17/2009 3.0.0.5 - Apple Inc.) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation) WinISO (HKLM-x32\...\WinISO) (Version: 6.3.0.4829 - WinISO Computing Inc.) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinSCP 4.3.5 (HKLM-x32\...\winscp3_is1) (Version: 4.3.5 - Martin Prikryl) WinSnap (HKLM-x32\...\WinSnap) (Version: 4.0.8 - NTWind Software) WinX DVD Author 5.8 (HKLM-x32\...\WinX DVD Author_is1) (Version: - FreetimeSoft, Inc.) Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version: - Rob Caelers & Raymond Penners) WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation) xplorer² professional 64 bit (HKLM\...\xplorer2p64) (Version: 2.5.0.2 - Zabkat) yEd Graph Editor 3.9.2 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.9.2 - yWorks GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для среды разработки набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\grevolorio\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\grevolorio\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01948B03-BD45-4976-8D31-7855925672EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {05C8BCBA-5173-4FD5-AB52-1671D7DC2D35} - System32\Tasks\{6D5E1E37-7B03-499C-9F90-D7F8A3F44FD4} => pcalua.exe -a "F:\Adobe CS4\Master Collection\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent Task: {0DA826DA-C315-408E-A81B-346FA731E686} - System32\Tasks\{4BD142E9-8A9E-4CF1-8E08-D7B5ABC463F4} => pcalua.exe -a "F:\kodiRelated\FTV v0.52\FTV\Amazon FireTV Utility App.exe" Task: {13009AEA-3E20-4C03-98ED-1DDAA2CBE59A} - System32\Tasks\{1E1D40DD-B7F0-437F-919E-7299C2A201C8} => pcalua.exe -a C:\Users\grevolorio\Desktop\vpnclient-win-msi-5.0.01.0600-k9.exe -d C:\Users\grevolorio\Desktop Task: {1CA54BD7-F8FE-43D7-A568-902BD730F451} - System32\Tasks\{C9D0DEFF-43BC-4715-854F-00A22264221D} => pcalua.exe -a F:\Downloads\Drawing\Pencil-Portrait-Tutorial--How-Beginners-Learn-To-Draw-Pencil-Portraits-Quickly-And-Easily.exe -d F:\Downloads\Drawing Task: {1D334B1E-CF07-488F-9133-6C6018482BF0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {220D5B9C-CC4B-43A8-BE1B-5AA45467AF92} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {2541E100-9850-45B0-8A0C-D00427497A49} - System32\Tasks\{2662DE15-9BFB-4C94-ABE1-B60C1CDBE28D} => pcalua.exe -a "C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3XG5VDK\lastpass_x64[1].exe" -d C:\Users\grevolorio\Desktop Task: {2A46E8FA-0109-4EB2-8581-D8E1CC3F8D47} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe Task: {2AC1D17C-EA09-4710-85F9-66D640AA0BF3} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {2C2A0C7C-A15F-473C-9A03-A80299CEEC13} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation) Task: {3100B96D-BB14-4990-BD3D-54ABC9D6445D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.) Task: {327B3BA7-B8A2-4705-A7D4-9A7536F0D564} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {379F9252-C770-44AA-AF2C-037D7FDACF84} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-06-19] (Siber Systems) Task: {384B22B0-4F48-47CA-A1B8-7D998C13032C} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {4D0D22B8-4C7A-44F5-B04F-96AB41E171EF} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22] () Task: {58289E57-EE9B-437E-9BF3-CCB6ABF1E425} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {59479587-6ECE-4E1C-9E21-55309D69125C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMKMGMNJLJIMKJJJCNOMMJOJKMCNLMJMIMJMCNGMLJIMPMCNLMJMPMMMMJKMLMOJKJKJPMIMJNJICMIMCNGMCNOMLMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMLMLMPMJNHICMEKMICNJJCKJNBJCMJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMKMKMFMPMJN (the data entry has 33 more characters). Task: {5B725530-FFAB-4A23-8563-A928DF68D79B} - System32\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108 => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-07-02] (Citrix Online, a division of Citrix Systems, Inc.) Task: {5D3FF025-C318-46AB-A7A4-5A8F209A70F7} - \SidebarExecute -> No File <==== ATTENTION Task: {6184FBBE-4AA1-42ED-A3A1-E6838CA95637} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {65EDF042-6E5E-4A9C-BCE8-01793ED9162F} - System32\Tasks\{DEDC4BB3-71C0-40D4-9A13-E7BEA775B519} => pcalua.exe -a F:\Downloads\AppleWirelessMouse64.exe Task: {6E0AF919-E2BB-4343-80BD-9DB7B1320AC0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {729AE2CB-D745-4FDE-AD60-D0A8A4636D78} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => F:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies) Task: {7CFEC956-1854-4D03-AC69-5FCACF3ED978} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {83A73D3C-C015-43F6-ABAB-27E7FC5C6590} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns Task: {88FD29A9-84EF-4B5D-B6F4-945733D892B5} - System32\Tasks\{A2F28A60-837B-4A08-93CF-C81107A19128} => pcalua.exe -a "F:\Downloads\Stardock Object Desktop Suite\Stardock Object Desktop Suite\WindowBlinds 5 [Enhanced] - With Crack\WindowBlinds 5 [Enhanced].exe" -d "F:\Downloads\Stardock Object Desktop Suite\Stardock Object Desktop Suite\WindowBlinds 5 [Enhanced] - With Crack" Task: {8B9FD64D-EE19-4346-AB88-F4084AA5EF60} - System32\Tasks\{E725F200-DE8A-4285-85FF-D7DA2DFE1545} => pcalua.exe -a F:\Downloads\solutoinstaller.exe Task: {90FFDBF2-C8F2-4A2B-99C2-BD4B2BA8849B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {92FC9152-3CF6-4DC4-A1FF-8B31A85EC68D} - System32\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB} => F:\Program Files\Allway Sync\Bin\syncappw.exe [2010-05-31] () Task: {93F228DA-AB4B-4BD9-B6D4-456EB46BA16D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {97F9187F-9225-4089-8965-5A446FE551E5} - System32\Tasks\{6C938882-44FC-4762-8288-22AC4957F8AB} => pcalua.exe -a "C:\Users\grevolorio\Desktop\MsiZap (1).exe" -d C:\Users\grevolorio\Desktop Task: {9D8F7C35-05F3-4098-A58A-CFDCE2571B56} - System32\Tasks\{A90FC29D-33BB-491B-AED4-86D69213CF61} => pcalua.exe -a "F:\Downloads\Microsoft Office 2010 Professional (No Key Required)\setup.exe" -d "F:\Downloads\Microsoft Office 2010 Professional (No Key Required)" Task: {A10AE438-01D3-48A2-B1F9-9CFCF67E0B22} - System32\Tasks\{E00AD51B-21C4-4D8F-A4AB-7CC5931C85E2} => pcalua.exe -a "C:\FTV\Amazon FireTV Utility App.exe" Task: {A2C753BE-80E2-4C1E-A35B-C6B17C5DE41F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {AD4D132B-F589-4AB7-9AC7-8E881E3CA6BA} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe Task: {AD684464-6AA5-4425-9D51-8804B6F5C03B} - System32\Tasks\{B40ADBCF-29B3-4A89-B5F3-2C6807F2DECB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall INFOPATHR /dll OSETUP.DLL Task: {AD9C8945-6414-46A1-B1CB-9348EE400E4F} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-21] () Task: {AFDFFF62-8D44-4454-8431-F540107AFF83} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMGMJJLJJMMMLJNJCNMMPMPMHMCNLMGMKMOJCNHMMMNJHMCNNMKJKJOMLMLMKMKJOMPMMJJJJNJICMIMCNOMCNPMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMIJNIKJJIAJDJAJNIGJAJJNKJCMJNNICMJNDJCMKJBJ" Task: {B421371D-E6A0-44B4-B84E-BEB704B7D919} - System32\Tasks\{DBF89E59-98BD-464C-821B-C714ACBF7D00} => pcalua.exe -a "C:\Users\grevolorio\AppData\Local\Temp\Temp1_Drivers for apple majic mouse.zip\Drivers for apple majic mouse\64bit driver.exe" Task: {B42859F1-52BE-4C0B-87A0-089A8A9525FE} - System32\Tasks\{A86051CA-CB2D-4CFC-AA2E-F97F003E332E} => pcalua.exe -a C:\Users\grevolorio.trmdu2\Downloads\VirtualBox-5.0.4-102546-Win.exe Task: {B6124405-83CA-4BD7-9DFD-1176D9CFEA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {B7D682DD-52E1-43BE-BBF8-FDC6840A7669} - System32\Tasks\{AEC957EE-1707-435F-9324-C5329BCEB8F2} => pcalua.exe -a F:\Downloads\AppleWirelessMouse64UNEASY.exe Task: {BA7A7309-376A-49C5-8980-876C5ACE8DDE} - System32\Tasks\DocumentsBackupToNetworkDrive => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation) Task: {BFAECEBD-7839-4DE8-825D-A11D11B4ABE5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI) Task: {C3513C86-0619-4FBC-B521-2594460A8AB7} - System32\Tasks\{5EF141E4-698E-4751-AFC4-21FB5FB4CCC4} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {C7E44BE0-CBC9-4833-85C7-DCDE3709A73A} - System32\Tasks\{3EE8355E-6EFE-4231-BA1C-0027510C8764} => pcalua.exe -a F:\Downloads\OfficeExcel2003XMLToolsAddin.exe -d F:\Downloads Task: {D6847D8E-3585-4794-AD85-56EB9F05F9FA} - System32\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108 => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupload.exe [2015-07-02] (Citrix Online, a division of Citrix Systems, Inc.) Task: {DDBE4BC3-4239-45EA-85A5-E4557D3F2AD6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {DE2F2154-92E1-40E2-8EB6-A80435CCCFB7} - System32\Tasks\{9AA97C05-331D-48E7-B2B6-393DA5DB59E3} => pcalua.exe -a F:\Downloads\Vertus_Fluid_Mask_3.2.1_MegaRapidshare.com\fluid_mask_3_setup_2.100.2-RC2.exe Task: {E121D49B-E0A6-45BA-9FBA-E6A579E8DCAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {E62AE87E-4B4E-4A62-A2A5-C62E351425B8} - System32\Tasks\{FB5637CE-774D-41E9-8A18-A66C6F08DE12} => pcalua.exe -a "F:\Downloads\windirstat1_1_2_setup (1).exe" -d F:\Downloads Task: {E86215D1-331F-46EA-B5D2-DD63481E1867} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.) Task: {E8FC4795-B64E-463C-96A9-BE0B8DBF960D} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {E96AA20C-5A24-4099-8877-9D626337E24D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {F0F929D8-853A-41D7-BF97-78FBA3A7E8E9} - System32\Tasks\{5F894392-522C-4E66-80C8-E72C3D3AD54E} => pcalua.exe -a F:\Downloads\applewirelessmouse.exe Task: {F379DF3B-1EC4-4330-84B3-57537B17F6CE} - System32\Tasks\CopyMyDocsToU_Drive => Task: {F787EACE-34DC-43A0-9DA4-440D0A487857} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {FC31E385-F59B-4071-A73F-53FC0F691907} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {FCAEA3E8-B27E-4792-96C7-DE1B513D73A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {FE0A6D57-BA94-4854-A4CF-ED585B3BB4B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job => F:\Program Files\Allway Sync\Bin\syncappw.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108.job => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108.job => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ParetoLogic Registration.job => rundll32.exe C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\grevolorio.trmdu2\Desktop\Gus - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9cc420c2be074d9\Identity API Scope Approval UI.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ahjaciijnoiaklcomgnblndopackapon ==================== Loaded Modules (Whitelisted) ============== 2012-05-15 13:12 - 2012-05-15 13:12 - 00385680 _____ () F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WFX32.exe 2011-01-11 10:52 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll 2015-08-28 15:35 - 2014-10-30 08:18 - 00029184 ____C () C:\Windows\System32\ssj2mlm.dll 2014-11-12 05:20 - 2014-11-12 05:20 - 00524800 _____ () f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe 2015-08-04 08:26 - 2015-08-04 08:26 - 00718040 _____ () F:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 00018600 _____ () C:\Program Files\Synergy\synwinhk.DLL 2016-03-16 06:17 - 2016-03-16 06:17 - 00052912 _____ () F:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () F:\Program Files (x86)\Unlocker\UnlockerCOM.dll 2011-02-14 17:55 - 2009-06-21 08:52 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-08-04 08:26 - 2015-08-04 08:26 - 00861912 _____ () F:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll 2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 00312488 _____ () C:\Program Files\Synergy\synergyd.exe 2015-07-08 16:59 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2010-11-08 11:15 - 2010-11-08 11:15 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll 2015-06-30 08:24 - 2015-06-30 08:24 - 00408576 _____ () F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll 2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 00171520 ____R () C:\Program Files (x86)\Calibre2\calibre.exe 2016-07-01 08:50 - 2016-07-01 08:50 - 00024576 ____R () C:\Program Files (x86)\Calibre2\calibre-parallel.exe 2016-06-17 17:07 - 2016-06-15 04:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-17 17:07 - 2016-06-15 04:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 01881256 _____ () C:\Program Files\Synergy\synergy.exe 2016-03-18 14:52 - 2016-03-18 14:52 - 00979112 _____ () C:\Program Files\Synergy\synergys.exe 2014-08-20 09:47 - 2014-05-13 12:04 - 00109400 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-20 09:47 - 2014-05-13 12:04 - 00416600 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-20 09:47 - 2014-05-13 12:04 - 00167768 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-08-20 09:47 - 2012-08-23 10:38 - 00574840 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-08-20 09:47 - 2012-04-03 17:06 - 00565640 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2012-08-15 14:11 - 2012-08-15 14:11 - 01222656 _____ () F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\libxml2.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00037376 ____R () C:\Program Files (x86)\Calibre2\calibre-launcher.dll 2014-05-03 23:25 - 2014-05-03 23:25 - 00110080 ____R () C:\Program Files (x86)\Calibre2\DLLs\pywintypes27.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00057344 ____R () C:\Program Files (x86)\Calibre2\plugins2\progress_indicator.pyd 2016-07-01 08:47 - 2016-07-01 08:47 - 00069632 ____R () C:\Program Files (x86)\Calibre2\plugins2\imageops.pyd 2016-07-01 08:50 - 2016-07-01 08:50 - 00176128 ____R () C:\Program Files (x86)\Calibre2\DLLs\libxslt.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 01069568 ____R () C:\Program Files (x86)\Calibre2\DLLs\libxml2.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 00064000 ____R () C:\Program Files (x86)\Calibre2\DLLs\libexslt.dll 2014-12-10 12:23 - 2014-12-10 12:23 - 00426496 ____R () C:\Program Files (x86)\Calibre2\DLLs\sqlite3.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00035840 ____R () C:\Program Files (x86)\Calibre2\plugins2\wpd.pyd 2014-05-03 23:29 - 2014-05-03 23:29 - 00396800 ____R () C:\Program Files (x86)\Calibre2\DLLs\pythoncom27.dll 2016-07-01 08:46 - 2016-07-01 08:46 - 00262144 ____R () C:\Program Files (x86)\Calibre2\plugins2\hunspell.pyd 2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-30 05:53 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2016-05-12 19:57 - 2016-06-06 21:58 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-07-11 14:07 - 2016-06-06 21:59 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-05-12 19:57 - 2016-06-06 21:58 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-05-12 19:57 - 2016-07-05 14:00 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-05-12 19:57 - 2016-06-06 21:59 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-07-11 14:07 - 2016-06-06 22:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-07-11 14:07 - 2016-06-06 21:59 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-07-11 14:07 - 2016-06-06 22:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-07-11 14:07 - 2016-07-05 14:00 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-07-11 14:07 - 2016-07-05 14:00 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-05-12 19:57 - 2016-06-06 21:59 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2014-08-20 09:47 - 2014-04-25 14:11 - 02972112 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll 2016-03-08 09:04 - 2016-03-08 09:04 - 02415104 _____ () C:\Program Files\Synergy\QtCore4.dll 2009-01-10 10:32 - 2009-01-10 10:32 - 00011362 _____ () C:\Program Files\Synergy\mingwm10.dll 2009-06-22 18:42 - 2009-06-22 18:42 - 00043008 _____ () C:\Program Files\Synergy\libgcc_s_dw2-1.dll 2010-02-10 14:43 - 2010-02-10 14:43 - 09515520 _____ () C:\Program Files\Synergy\QtGui4.dll 2010-02-10 14:10 - 2010-02-10 14:10 - 01148416 _____ () C:\Program Files\Synergy\QtNetwork4.dll 2013-12-17 04:42 - 2013-12-17 04:42 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows: [108] AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [125] AlternateDataStreams: C:\Users\grevolorio.trmdu2\.DS_Store:AFP_AfpInfo [122] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\bunker -> hxxps://bunker IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\calshr01 -> hxxp://calshr01 IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\calshr02 -> hxxp://calshr02 IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\emmarx.com -> hxxp://reports.emmarx.com IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\inrangesystems.com -> hxxp://intranet.inrangesystems.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-se.com -> 1-se.com There are 11773 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\greenskybrands.com -> hxxp://intranet.greenskybrands.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\greenskybrands.com -> hxxp://intranet.greenskybrands.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2011-10-28 15:03 - 2016-07-16 08:38 - 00450173 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15466 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\sharepointadmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 192.168.0.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: CronService => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: sdAuxService => 3 MSCONFIG\Services: sdCoreService => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^monitorpad.lnk => C:\Windows\pss\monitorpad.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tor.lnk => C:\Windows\pss\Tor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^grevolorio.trmdu2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup MSCONFIG\startupfolder: C:^Users^grevolorio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLO.lnk => C:\Windows\pss\MLO.lnk.Startup MSCONFIG\startupfolder: C:^Users^grevolorio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyLife Organized.lnk => C:\Windows\pss\MyLife Organized.lnk.Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplePhotoStreams => MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: AttendeeCommunicator => "C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe" /fromrunkey MSCONFIG\startupreg: BackupAndRecoveryMonitor.exe => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe MSCONFIG\startupreg: Box Edit => C:\Users\grevolorio.trmdu2\AppData\Local\Box\Box Edit\Box Edit.exe MSCONFIG\startupreg: Box Local Com Server => C:\ProgramData\Box\ComServer\Box Local Com Service.exe MSCONFIG\startupreg: ccApp => "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" MSCONFIG\startupreg: ClipToOneNote => MSCONFIG\startupreg: EEDSpeedLauncher => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MSCONFIG\startupreg: Google Desktop Search => MSCONFIG\startupreg: iCloudServices => MSCONFIG\startupreg: itype => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe MSCONFIG\startupreg: MobileDocuments => MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start MSCONFIG\startupreg: PlayOn => C:\Program Files (x86)\MediaMall\PlayOn.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SDTray => "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: Spybot-S&D Cleaning => "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: uTorrent => "C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: Vidalia => "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" MSCONFIG\startupreg: vmware-tray => MSCONFIG\startupreg: vmware-tray.exe => "F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-tray.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{2C84D7A8-185F-48F0-997F-3A814FEB1212}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe FirewallRules: [UDP Query User{76BCF8C2-EC1E-47FD-A852-CE49592796D5}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe FirewallRules: [{E4DAC48E-0F06-4425-87B9-7BD5994267BF}] => (Allow) F:\Downloads\solutoinstaller-Lc51Pys8GM.exe FirewallRules: [{DE5F8045-275F-4630-8682-8236CFC1A9FA}] => (Allow) F:\Downloads\solutoinstaller-Lc51Pys8GM.exe FirewallRules: [{3CAF5393-735B-4381-9C98-BE52D398D458}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{D093949F-C20C-4810-B36E-6B28E571CC81}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{C6F07D1B-04C4-4F10-BDA4-374E78C5EF19}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{24C77659-9DEF-4ABA-B4B9-64F8BC15A943}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B5BA6578-03EA-4F19-B6A2-C924C6C8E14F}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe FirewallRules: [{758E4422-978B-47A4-86E4-B8F589FB2F26}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe FirewallRules: [{051D6AFF-140B-4251-A785-C60079EDB7FD}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe FirewallRules: [{7AC51C86-1E31-4E96-A1FF-7A9E9D7CE9C1}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [{E82D2D2F-BFBD-41F4-A369-818C95FE2B09}] => (Allow) C:\Users\grevolorio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B9EB0C5C-06D4-405B-BFEF-E1240AFC3A92}] => (Allow) C:\Users\grevolorio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4FE7CDC6-7A33-4C99-ABED-B4C4EA2F2743}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{46A01AAE-281A-4A88-9B9E-D5E9DD8EF2B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AA765390-3C76-4719-96A5-CFF7997FFC8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{51707004-99BF-4B82-866C-6DBD656522DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6EE70C80-E842-4BB8-8FB2-4183E0A2B6CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B261E1BA-7CCA-4BDA-A864-90AD5F09B541}] => (Allow) C:\Users\grevolorio\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{B05ABD30-952F-4977-88FB-0BF6B0D8486C}] => (Allow) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe FirewallRules: [{0E804373-A724-4174-95E8-11BF1A486C38}] => (Allow) F:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{482C2904-B9EB-460A-B24A-CDE0111F39B6}] => (Allow) F:\Program Files (x86)\BitTorrent Sync\BTSync.exe FirewallRules: [{30113CC9-EA36-40C1-ACE3-9C07A0D32065}] => (Allow) F:\Program Files (x86)\BitTorrent Sync\BTSync.exe FirewallRules: [{455BC505-116E-4778-9C47-D0039C5ABD3F}] => (Allow) LPort=12292 FirewallRules: [{48E75E71-2CBD-4890-8FDF-D76036F2069D}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe FirewallRules: [{B80C427A-4A78-4C8F-8C5A-F9137515E7DA}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe FirewallRules: [{97D36CA4-D871-4663-BF1F-D7D27925F9D4}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe FirewallRules: [{53162F45-0E3E-441F-AD2A-795DD8EBAB2D}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe FirewallRules: [{CB2F542C-B0A8-44DC-87F1-457206EFAC68}] => (Allow) C:\Program Files (x86)\MediaMall\PlayLater.exe FirewallRules: [{69B9AE74-7660-4131-A026-481F146680CA}] => (Allow) f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\RpcAgentSrv.exe FirewallRules: [{8A1F8345-6A95-49F8-A078-63007A1228A3}] => (Allow) f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\WNt600x64\RpcSandraSrv.exe FirewallRules: [{C974CD50-7415-43E1-9081-9640AB51C81D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE7E25B2-F63F-4E9B-8373-0A23074C71B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{EBC71303-5F45-4EDC-8E05-A3C6405AF3E8}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [UDP Query User{49A87548-8B14-4D3A-BA89-3E30CBD64639}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [{8A45DF66-77B3-47F5-9E5B-6E67E8CD3672}] => (Block) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [{2358E7EC-EE95-49BE-8DE1-26AF8F97ADAD}] => (Block) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [TCP Query User{011516DF-6F3F-479A-8621-1D0D84A0991F}F:\program files\transmission\transmission-qt.exe] => (Allow) F:\program files\transmission\transmission-qt.exe FirewallRules: [UDP Query User{ABA9851F-F69F-4C9D-A24E-A115D08E0AB4}F:\program files\transmission\transmission-qt.exe] => (Allow) F:\program files\transmission\transmission-qt.exe FirewallRules: [{4095281A-CA21-41D6-BA24-5FE980C904D0}] => (Block) F:\program files\transmission\transmission-qt.exe FirewallRules: [{24B34338-DD29-4CA9-AD70-42F3924DD47F}] => (Block) F:\program files\transmission\transmission-qt.exe FirewallRules: [{AED27814-FFA9-4899-B195-BE194AA6F13A}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{A0DE4516-2BD6-4D21-AE2B-124A3B182B0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{E0D62CAE-785A-402E-A297-8B4033C9B7A7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{932729FC-8CEF-4D87-B35B-8778A82696D8}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1706A022-0050-4667-91AA-26B728B5ADD8}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1EBA2EAC-E1BE-48CE-A61E-C0BEF9EC4047}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{583FE798-093F-4AFC-87FB-6E46B63294A7}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EA173698-EF6B-4459-A147-42C9EDA2520C}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F3E80BF7-DA3F-42AB-84EB-C25F52B2AF47}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{71CA5F73-AFD7-40C6-BDAF-10CC1A9579E5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{4D1F3054-3DA7-46C6-BF81-7F064302A7E6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{29A5A62E-BA87-4660-B3AA-624A5051E5F2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{6369152E-C858-4EDF-BB52-6895496F3D74}] => (Allow) f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe FirewallRules: [{E78D9C97-08D7-434F-8123-13261C4D9C6A}] => (Allow) f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe FirewallRules: [{3792C9C6-450E-426B-986C-5824239E896A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F3E4F551-C952-46A2-9CD8-2A5715867AC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{02F4B432-CBA2-4E39-B3FF-F55F89EC7B68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{8A0142B3-4C3B-4255-ABA5-96A1B1BD07D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F598C328-3FB4-42B6-899B-A8D1E5B2EC43}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{7F10E473-1BCA-4539-B818-F0EF53397B0F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{CBD9A108-FE5D-4C30-A810-642437C8E1F8}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{6DD6D3DB-85B6-4E8A-B606-85CA460F802A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{20FAFEED-FBD1-44C6-8EFB-994DC36F082C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{EB4B33CD-E952-4BFC-B5DE-B6D3A09356AF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{EC02FE5E-F982-4195-96AA-CE84BEECCF6A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{21DD25A7-A8D1-4916-A603-11C1BC9AD862}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{14B43CDE-088B-4241-AE08-1E53015DBD6D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{1FBAD7D8-6F46-41E4-961C-0EAB6CA8B4BE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{B7D324F3-4B17-46E4-9913-152127D321A5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [{422A2506-3182-4452-B20C-5EC8186315FD}] => (Allow) C:\Program Files\Synergy\synergys.exe FirewallRules: [{C86D90D8-8EFA-49AF-93C1-3293B433ED7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6E079AAB-5654-4264-8491-85AF7E253C08}] => (Allow) C:\Windows\explorer.exe FirewallRules: [{98CBFD6B-3FB9-488B-A3C8-3C054460A2B1}] => (Allow) C:\Windows\system32\rundll32.exe StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Intel(R) Centrino(R) Advanced-N 6200 AGN Description: Intel(R) Centrino(R) Advanced-N 6200 AGN Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: NETw5s64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Loopback Adapter Description: Microsoft Loopback Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: msloop Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/18/2016 09:05:53 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/18/2016 04:05:57 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 11:05:25 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 10:59:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoPico.exe, version: 12.3.0.0, time stamp: 0x53b06ef5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c Exception code: 0xe0434352 Fault offset: 0x000000000001a06d Faulting process id: 0x18438 Faulting application start time: 0xAutoPico.exe0 Faulting application path: AutoPico.exe1 Faulting module path: AutoPico.exe2 Report Id: AutoPico.exe3 Error: (07/17/2016 10:59:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AutoPico.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException Stack: at System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult) at AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult) at System.Net.LazyAsyncResult.Complete(IntPtr) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Net.ContextAwareResult.Complete(IntPtr) at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) Error: (07/17/2016 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (07/17/2016 06:05:33 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 05:29:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoPico.exe, version: 12.3.0.0, time stamp: 0x53b06ef5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c Exception code: 0xe0434352 Fault offset: 0x000000000001a06d Faulting process id: 0x184bc Faulting application start time: 0xAutoPico.exe0 Faulting application path: AutoPico.exe1 Faulting module path: AutoPico.exe2 Report Id: AutoPico.exe3 Error: (07/17/2016 05:29:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AutoPico.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException Stack: at System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult) at AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult) at System.Net.LazyAsyncResult.Complete(IntPtr) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Net.ContextAwareResult.Complete(IntPtr) at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) Error: (07/17/2016 01:05:09 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. System errors: ============= Error: (07/09/2016 08:46:16 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (06/17/2016 03:52:14 PM) (Source: VDS Dynamic Provider) (EventID: 40) (User: ) Description: The remove plex operation failed to complete. status=C038003B Error: (06/17/2016 03:48:38 PM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: 490@01010004 Error: (06/17/2016 03:40:15 PM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: 490@01010004 Error: (06/13/2016 06:09:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 06:09:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 06:09:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY59 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 05:47:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the VMware Workstation Server service, but this action failed with the following error: %%193 Error: (06/13/2016 05:46:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Run the configured recovery program. Error: (06/13/2016 05:45:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) CodeIntegrity: =================================== Date: 2016-07-17 04:56:59.348 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-17 04:56:59.258 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-17 04:56:59.099 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.984 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.894 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.509 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:34.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:33.925 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:33.538 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 03:10:30.776 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz Percentage of memory in use: 93% Total physical RAM: 16316.38 MB Available physical RAM: 1045.3 MB Total Virtual: 16826.56 MB Available Virtual: 528.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:22.36 GB) NTFS Drive d: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF Drive f: (SoftRaid) (Fixed) (Total:731.32 GB) (Free:32.08 GB) NTFS Drive g: (Virtual) (Fixed) (Total:465.76 GB) (Free:412.86 GB) NTFS Drive i: (My Passport) (Fixed) (Total:930.86 GB) (Free:710.41 GB) NTFS Drive m: () (Fixed) (Total:465.75 GB) (Free:268.39 GB) NTFS Drive n: () (Fixed) (Total:465.75 GB) (Free:432.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0D040DF6) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=100 GB) - (Type=42) Partition 4: (Not Active) - (Size=831.4 GB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 08C4D7E9) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=100 GB) - (Type=42) Partition 4: (Not Active) - (Size=831.4 GB) - (Type=42) ======================================================== Disk: 2 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 00052F35) Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  4. Hello guys, I'm using a laptop computer running Windows 7 SP1 64bit. I use Chrome as a browser. Lately, most of the time a try to access a link from a search result, it takes me to a page displaying a gray screen with some cryptic message saying that my computer is infected and advising me to call a number to have it fixed, all this while making a horrendous loud beep. The screens vary but most say SYSTEM SHUTDOWN CALL SUPPORT... It takes several clicks to make it go away. Next time I try the same link it works just fine. I ran MalwareBytes free and Spybot Search & Destroy and had a few things removed but the problem persists. I have not noted any other problem. Thanks in advance for your help. The FRST.txt file is this: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-07-2016 03 Ran by grevolorio (administrator) on TRMDU2 (18-07-2016 11:05:54) Running from C:\Users\grevolorio.trmdu2\Desktop Loaded Profiles: grevolorio & (Available Profiles: grevolorio & DefaultAppPool) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe (Stardock Corporation) F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WindowFXSRV.exe () F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\wfx32.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe (hMailServer) F:\Program Files (x86)\hMailServer\Bin\hMailServer.exe () F:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (AVG Technologies) F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (AVG Technologies) F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe () C:\Program Files\Synergy\synergyd.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ZabKat) C:\Program Files\zabkat\xplorer2\xplorer2_64.exe () C:\Program Files (x86)\Calibre2\calibre.exe () C:\Program Files (x86)\Calibre2\calibre-parallel.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Apple Inc.) C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe () C:\Program Files\Synergy\synergy.exe (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\Synergy\synergys.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] () HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [AttendeeCommunicator] => C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe [12007776 2016-03-14] (Microsoft Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [164152 2016-06-01] (Apple Inc.) Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X] Winlogon\Notify\MCPClient: C:\Program Files (x86)\Common Files\stardock\MCPStub.dll [2005-01-31] (Stardock) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe -update activex HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b93f89d9-224a-11e0-afff-f04da264333e} - E:\setup.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinSnap] => C:\Program Files\WinSnap\WinSnap64.exe [3874432 2013-06-18] (NTWind Software) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent Sync] => F:\Program Files (x86)\BitTorrent Sync\BTSync.exe [5514592 2015-06-30] (BitTorrent, Inc.) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Workrave] => F:\Program Files (x86)\Workrave\lib\workrave.exe [4480000 2013-01-13] (The Workrave development team) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [HideLogonScripts] 1 HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\MountPoints2: {6e07364a-5ca0-11e5-8a8f-0002761ce121} - E:\Setup.exe HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\MountPoints2: {bcc773c2-50b0-11e0-b28d-b7985eaf7599} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6e07364a-5ca0-11e5-8a8f-0002761ce121} - E:\Setup.exe HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bcc773c2-50b0-11e0-b28d-b7985eaf7599} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe -update activex HKU\S-1-5-18\...\MountPoints2: {b93f89d9-224a-11e0-afff-f04da264333e} - E:\setup.exe Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files (x86)\Common Files\stardock\MCPCore.dll (Stardock) SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %SystemRoot%\system32\stobject.dll (Microsoft Corporation) SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [!BTSync2.0.128Done] -> {581FFA04-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [!BTSync2.0.128RO] -> {581FFA03-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [!BTSync2.0.128RW] -> {581FFA02-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128Done] -> {581FFA04-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128RO] -> {581FFA03-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128RW] -> {581FFA02-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC-2-DB.lnk [2015-09-27] ShortcutTarget: DC-2-DB.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC-3-SP.lnk [2015-09-27] ShortcutTarget: DC-3-SP.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC_1.lnk [2015-09-27] ShortcutTarget: DC_1.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Synergy.lnk [2016-03-22] ShortcutTarget: Synergy.lnk -> C:\Windows\Installer\{68C1AA13-4370-4761-B53F-1862C2CE26CB}\synergy.ico (No File) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk [2016-07-11] ShortcutTarget: BHODemon 2.0.lnk -> C:\Program Files (x86)\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calibre - E-book management.lnk [2015-06-19] ShortcutTarget: calibre - E-book management.lnk -> C:\Program Files (x86)\Calibre2\calibre.exe () Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-02] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk [2016-07-11] ShortcutTarget: BHODemon 2.0.lnk -> C:\Program Files (x86)\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calibre - E-book management.lnk [2015-06-19] ShortcutTarget: calibre - E-book management.lnk -> C:\Program Files (x86)\Calibre2\calibre.exe () Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-02] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03}: [NameServer] 75.75.75.75 Tcpip\..\Interfaces\{2E7C3C01-490F-4425-84AD-AFDD0E4D2B58}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{5AFE6685-1C35-46C8-A029-662B58E9021D}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{64CC2F48-277C-4B3F-B096-F134D5C26275}: [NameServer] 192.168.0.1,75.75.76.76 Tcpip\..\Interfaces\{75F23FE3-1277-4A15-B393-F09B6F2535B6}: [NameServer] 192.168.0.100 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1085031214-796845957-725345543-2791\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {15261C5A-E2D7-42B4-AE84-D92AE430C800} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {15261C5A-E2D7-42B4-AE84-D92AE430C800} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-outbrowse/search/redirect/?type=default&user_id=f4948b29-18ba-4e54-80f2-876cde2854e2&query={searchTerms} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2791 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-10] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-11] (LastPass) BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-10] (Oracle Corporation) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-06-19] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-25] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-11] (LastPass) BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.) BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-25] (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-11] (LastPass) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-06-19] (Siber Systems Inc.) Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-11] (LastPass) Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) IE Session Restore: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled. IE Session Restore: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009 -> is enabled. IE Session Restore: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled. DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default FF DefaultSearchEngine.US: Google FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> F:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> F:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-10] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-11] (LastPass) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-11] (LastPass) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-08-25] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-08-25] (NVIDIA Corporation) FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-08-13] (MediaMall Technologies, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\grevolorio\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-11] (Citrix Online) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: LWAPlugin15.8 -> C:\Users\grevolorio\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-09-18] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom) FF user.js: detected! => C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\user.js [2015-06-16] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2014-11-19] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginAOC.dll [2016-03-14] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Disconnect - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\2.0@disconnect.me.xpi [2015-06-16] FF Extension: Flashblock - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-05-06] FF Extension: Turn Off the Lights - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\stefanvandamme@stefanvd.net.xpi [2016-05-06] FF Extension: LastPass - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\support@lastpass.com [2016-05-06] FF Extension: Amazon Price Tracker - Keepa.com - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\amptra@keepa.com.xpi [2016-05-06] FF Extension: PriceZombie, Price Tracker & Price Comparison - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\jid1-a36dFT994VgKDA@jetpack.xpi [2015-10-08] FF Extension: PlayOn - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\playonplugin@playon.tv [2015-06-24] [not signed] FF Extension: Video DownloadHelper - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30] FF Extension: Adblock Plus - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-22] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afproxy@anchorfree.com [2015-09-23] [not signed] FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-09-23] [not signed] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2015-09-23] [not signed] FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-12-06] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-06-19] [not signed] FF HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR DefaultSearchKeyword: Default -> lp CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11] CHR Extension: (Entanglement Web App) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-11] CHR Extension: (SearchReportRecordResult Class) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-09-16] [UpdateUrl: hxxps://clients2.google/service/cnhpbmgmfaaapmaoibgdmapbjfofolig] <==== ATTENTION CHR Extension: (Google Docs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11] CHR Extension: (Send to OneNote) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokbjibjnekbfdjilfpoknnokaffoinp [2015-07-01] CHR Extension: (Google Drive) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (Turn Off the Lights) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-06-24] CHR Extension: (YouTube) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Honey) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-07-15] CHR Extension: (Adblock Plus) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-01] CHR Extension: (Incognito-Filter) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifilbmpnkjinlkchohdfcpdkmpngiik [2015-06-11] CHR Extension: (Google Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Tampermonkey) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-16] CHR Extension: (Unlimited Hotspot Tethering) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\diddhabdhahhfajjfgepdlanilmdnogk [2015-06-24] CHR Extension: (Facebook Disconnect) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2015-06-11] CHR Extension: (Photo Zoom for Facebook) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-06-11] CHR Extension: (Google Sheets) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11] CHR Extension: (Chrome Remote Desktop) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-13] CHR Extension: (Google Docs Offline) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22] CHR Extension: (Close all Tabs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcmiphoepcihlmphakgmpapfpldlleg [2015-06-11] CHR Extension: (AdBlock) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-11] CHR Extension: (Pin It Button) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-26] CHR Extension: (TinEye Reverse Image Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-06-11] CHR Extension: (LastPass: Free Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-07-15] CHR Extension: (SuperSorter) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2015-06-11] CHR Extension: (Google Keep - notes and lists) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-07-13] CHR Extension: (Google Theme) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne [2015-06-11] CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2016-03-22] CHR Extension: (Cisco WebEx Extension) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-06-11] CHR Extension: (Speed Dial 2) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-01] CHR Extension: (Reddit Enhancement Suite) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-22] CHR Extension: (The Great Suspender) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-11-02] CHR Extension: (Roomy Bookmarks Toolbar) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfbpoigddhdibjcilijiejaidggonfc [2015-08-28] CHR Extension: (Evernote Web) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-06-11] CHR Extension: (Instapaper) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh [2016-03-04] CHR Extension: (Facebook Ads Hider) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\leeebdddeggoocipdjiokmjcpidnmoah [2015-06-11] CHR Extension: (Unicorn Smasher) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmeekapjbfjachdkgabdaoccfclpaa [2016-06-17] CHR Extension: (PlayOn) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2015-09-15] CHR Extension: (Poppit!) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-06-11] CHR Extension: (Ghostery) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-03-04] CHR Extension: (SharePoint Fix) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc [2015-11-02] CHR Extension: (deviantART muro) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2015-06-11] CHR Extension: (Save to Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-07-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-28] CHR Extension: (Hover Zoom) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2016-06-01] CHR Extension: (Evernote Web Clipper) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-07-01] CHR Extension: (Gmail) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11] CHR Extension: (Privacy Badger) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-06-01] CHR Extension: (RSS Feed Reader) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-07-11] CHR Extension: (RoboForm Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-03-22] CHR Profile: C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-01] CHR Extension: (Google Docs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-01] CHR Extension: (Google Drive) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-01] CHR Extension: (YouTube) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-01] CHR Extension: (Google Sheets) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-01] CHR Extension: (Chrome Remote Desktop) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-06-01] CHR Extension: (20 Cubed) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\geghmabifcdlkmpnkapfefbbfaonhcef [2016-06-01] CHR Extension: (Google Docs Offline) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-01] CHR Extension: (AdBlock) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-10] CHR Extension: (Slinky Wood) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcaidncenfklbfikefeppfgehcbmmecn [2016-06-01] CHR Extension: (LastPass: Free Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-24] CHR Extension: (Invite All Friends on Facebook) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-06-24] CHR Extension: (Speed Dial 2) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-01] CHR Extension: (The Great Suspender) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-06-01] CHR Extension: (PlayOn) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2016-06-01] CHR Extension: (Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-06-01] CHR Extension: (SharePoint Fix) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc [2016-06-01] CHR Extension: (Save to Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-06-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-01] CHR Extension: (Context Menu Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2016-06-01] CHR Extension: (Gmail) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-01] CHR Extension: (RSS Feed Reader) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-06-25] CHR Extension: (RoboForm Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-06-01] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-09-10] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-09-24] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22] CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-09-10] StartMenuInternet: Google Chrome.HA3GT6LIC6CKERU66IYIZVETX4 - C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe [68488 2016-04-14] (Google Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation) S4 CronService; C:\Prey\platform\windows\cronsvc.exe [19968 2011-02-15] (Fork Ltd.) [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed] R2 hMailServer; F:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [4512768 2015-07-09] (hMailServer) [File not signed] R2 KinoniSvc; f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [524800 2014-11-12] () [File not signed] R2 MBAMScheduler; f:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; f:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5933872 2015-09-18] (MediaMall Technologies, Inc.) S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () S4 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [17920 2011-09-19] (Microsoft) [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4476096 2005-09-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) S3 SandraAgentSrv; f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\RpcAgentSrv.exe [73200 2014-11-05] (SiSoftware) [File not signed] R2 SDScannerService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI) [File not signed] R2 Synergy; C:\Program Files\Synergy\synergyd.exe [312488 2016-03-18] () S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH) R2 TuneUp.UtilitiesSvc; F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies) R2 VMAuthdService; F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed] S2 VMwareHostd; F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe [15680000 2012-08-15] () [File not signed] S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2013-05-16] (Stardock Corporation) [File not signed] R2 WindowFX; F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WindowFXSRV.exe [181904 2012-03-08] (Stardock Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.) R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation) S3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2014-11-12] (Windows (R) Win 7 DDK provider) S3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2014-11-12] (Windows (R) Win 7 DDK provider) S4 LMIRfsClientNP; no ImagePath R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-18] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 SANDRA; f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () U5 UnlockerDriver5; F:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation) R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.) R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-03-22] (WinISO.com) S1 bbstlqcp; \??\C:\Windows\system32\drivers\bbstlqcp.sys [X] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] S1 ekgpaanc; \??\C:\Windows\system32\drivers\ekgpaanc.sys [X] S1 emzyrjza; \??\C:\Windows\system32\drivers\emzyrjza.sys [X] S1 fzqrwich; \??\C:\Windows\system32\drivers\fzqrwich.sys [X] S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X] S1 mttwbomv; \??\C:\Windows\system32\drivers\mttwbomv.sys [X] S1 ouqyzldm; \??\C:\Windows\system32\drivers\ouqyzldm.sys [X] S1 sesugyny; \??\C:\Windows\system32\drivers\sesugyny.sys [X] S3 SliceDisk5; \??\C:\Users\grevolorio\AppData\Local\Temp\HBCD\PartitionFindAndMount\slicedisk-x64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S1 vixxdple; \??\C:\Windows\system32\drivers\vixxdple.sys [X] S2 WGX; System32\Drivers\WGX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-18 11:05 - 2016-07-18 11:07 - 00067984 _____ C:\Users\grevolorio.trmdu2\Desktop\FRST.txt 2016-07-18 11:03 - 2016-07-18 11:03 - 02391040 _____ (Farbar) C:\Users\grevolorio.trmdu2\Desktop\FRST64.exe 2016-07-18 10:07 - 2016-07-18 10:07 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-18 10:07 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-07-16 08:38 - 2016-05-09 16:48 - 00450051 _____ C:\Windows\system32\Drivers\etc\hosts.20160716-083854.backup 2016-07-13 09:49 - 2016-07-13 09:50 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\vlc 2016-07-13 09:22 - 2016-07-13 09:22 - 00000000 ____D C:\Users\grevolorio.trmdu2\Projects Series 2016-07-13 09:22 - 2016-07-13 09:22 - 00000000 ____D C:\Users\grevolorio.trmdu2\HDR Projects 4 Pro 2016-07-13 09:20 - 2016-07-13 09:20 - 00001162 _____ C:\Users\Public\Desktop\HDR projects 4 professional (64-Bit).lnk 2016-07-13 09:20 - 2016-07-13 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis 2016-07-13 09:20 - 2016-07-13 09:20 - 00000000 ____D C:\Program Files\Franzis 2016-07-11 14:07 - 2016-07-11 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-07-11 10:48 - 2016-07-11 10:48 - 00000957 _____ C:\Users\grevolorio.trmdu2\Desktop\BHODemon 2.0.lnk 2016-07-11 10:48 - 2016-07-11 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BHODemon 2.0 2016-07-11 10:48 - 2016-07-11 10:48 - 00000000 ____D C:\Program Files (x86)\BHODemon 2 2016-07-09 08:49 - 2016-07-09 08:49 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\Program Files\iTunes 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\Program Files\iPod 2016-06-24 09:43 - 2016-07-08 21:18 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-18 11:05 - 2014-01-30 12:00 - 00000548 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108.job 2016-07-18 11:05 - 2012-05-23 18:15 - 00000000 ____D C:\FRST 2016-07-18 11:05 - 2011-08-04 09:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-18 11:01 - 2014-11-04 15:34 - 00000382 _____ C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job 2016-07-18 10:55 - 2015-09-16 12:08 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-18 10:32 - 2015-07-02 10:19 - 00000644 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108.job 2016-07-18 10:21 - 2012-07-27 08:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-18 10:08 - 2015-06-30 08:58 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-07-18 10:07 - 2014-08-20 09:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-07-18 06:15 - 2009-07-14 00:45 - 00033392 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-18 06:15 - 2009-07-14 00:45 - 00033392 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-18 02:07 - 2015-06-11 15:15 - 00000000 ____D C:\ProgramData\MediaMall 2016-07-18 01:19 - 2015-06-30 08:58 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-07-17 22:59 - 2015-09-30 10:32 - 00000000 ____D C:\Program Files\KMSpico 2016-07-17 20:05 - 2011-08-04 09:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-17 09:28 - 2009-07-14 01:13 - 00845984 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-17 09:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-07-14 20:21 - 2012-07-27 08:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-14 20:21 - 2012-04-13 10:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-14 20:21 - 2011-05-20 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-13 15:39 - 2015-06-11 20:52 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Local\CrashDumps 2016-07-13 13:18 - 2011-01-21 14:14 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-07-13 12:43 - 2015-07-07 13:19 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent 2016-07-13 09:22 - 2015-06-11 14:53 - 00000000 ____D C:\Users\grevolorio.trmdu2 2016-07-12 16:21 - 2012-01-26 17:19 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-12 16:21 - 2011-01-21 11:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-11 14:08 - 2015-06-30 08:57 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-07-11 10:59 - 2012-06-11 10:02 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-07-09 08:49 - 2015-07-07 11:43 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-07-09 08:49 - 2014-02-28 10:55 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-07-07 09:58 - 2015-06-17 13:26 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Local\calibre-cache 2016-07-07 09:22 - 2015-06-17 13:25 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\calibre 2016-07-01 13:31 - 2015-11-02 15:45 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk 2016-07-01 13:31 - 2011-06-09 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2016-07-01 13:31 - 2011-06-09 14:01 - 00000000 ____D C:\Program Files (x86)\Calibre2 2016-06-27 11:21 - 2015-09-23 03:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-27 11:21 - 2012-10-10 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-06-27 10:24 - 2015-06-11 20:51 - 00000000 ____D C:\Users\grevolorio.trmdu2\.VirtualBox 2016-06-24 17:46 - 2015-06-17 09:21 - 00143848 _____ C:\Users\grevolorio.trmdu2\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-21 05:42 - 2013-11-12 12:46 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-06-21 05:41 - 2014-03-18 09:15 - 00000000 ____D C:\Program Files\Microsoft Office 15 ==================== Files in the root of some directories ======= 2012-01-30 09:55 - 2015-06-11 15:56 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-06-12 19:46 - 2015-06-12 19:46 - 0000064 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sandra.ldb 2015-06-12 19:46 - 2015-06-12 21:14 - 14417920 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sandra.mdb 2015-08-28 17:23 - 2015-08-28 17:23 - 0000020 ___SH () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sys11965 DataCollection.dat 2015-08-28 17:23 - 2015-08-28 17:23 - 0000020 ___SH () C:\Users\grevolorio.trmdu2\AppData\Roaming\System413_DataDB.ind 2015-07-04 08:40 - 2015-07-09 19:01 - 0000600 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\winscp.rnd 2015-09-28 09:21 - 2015-09-28 09:21 - 0000038 ___SH () C:\Users\grevolorio.trmdu2\AppData\Local\5678c43253f8bbb5ed82a9.59421958 2015-07-04 08:47 - 2015-07-13 11:07 - 0000600 _____ () C:\Users\grevolorio.trmdu2\AppData\Local\PUTTY.RND 2015-09-16 12:03 - 2015-09-16 12:03 - 0045957 _____ () C:\ProgramData\HELP_DECRYPT.PNG 2015-09-16 12:03 - 2015-09-16 12:03 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL 2012-08-20 10:22 - 2012-08-28 15:25 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2014-12-18 12:06 - 2014-12-18 12:06 - 0000202 _____ () C:\ProgramData\nbinst.ini 2013-11-25 17:35 - 2013-11-25 17:35 - 0000018 _____ () C:\ProgramData\ruby-uuid Files to move or delete: ==================== C:\Users\grevolorio\SyncToy_6f9d1157-50ab-4e8a-b246-c8013fe8d91a.dat C:\Users\grevolorio\SyncToy_eb83ad46-2f1d-44ad-8333-991854e5ef51.dat Some files in TEMP: ==================== C:\Users\grevolorio\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_kz8ag.dll C:\Users\grevolorio\AppData\Local\Temp\RoboForm-Setup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-07 10:41 ==================== End of FRST.txt ============================ And the Addition.txt is: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016 03 Ran by grevolorio (2016-07-18 11:08:11) Running from C:\Users\grevolorio.trmdu2\Desktop Windows 7 Professional Service Pack 1 (X64) (2012-06-05 17:59:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3578782807-1016812498-1856270605-500 - Administrator - Disabled) grevolorio (S-1-5-21-3578782807-1016812498-1856270605-1009 - Administrator - Enabled) => C:\Users\grevolorio.trmdu2 Guest (S-1-5-21-3578782807-1016812498-1856270605-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\uTorrent) (Version: 3.4.3.40466 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.40466 - BitTorrent Inc.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics) Acute Email IDs Production Engine (HKLM-x32\...\{CB72E17B-1BCA-441F-A8A0-64C6FDF09425}) (Version: 10.3.5 - SAGAWEBS.COM) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated) Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe LiveCycle Designer 7.1 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\InstallShield_{B8420E42-9664-43AF-BD01-F7B12EBA92CF}) (Version: 7.1.0000 - Adobe) Adobe Media Player (HKLM-x32\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader 64-bit fixes (HKLM\...\{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1) (Version: - Leo Davidson / Pretentious Name) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Allway Sync version 10.3.25 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc) Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6F085FCD-4B6A-4F63-AF23-B74629C40797}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies) AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.0.0 - Wacom Europe GmbH) Hidden Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden BHODemon 2.0.0.23 (HKLM-x32\...\BHODemon_is1) (Version: - Definitive Solutions, Inc.) BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 2.0.128 - BitTorrent Inc.) Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Box Edit (HKLM-x32\...\{8887D190-E3EC-45D9-A62D-DF423B53CBEE}) (Version: 3.0.25.511 - Box) Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden calibre (HKLM-x32\...\{BA623AFD-BE42-4B5F-9B8E-01FAB9BB2B51}) (Version: 2.61.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{95EB2FCC-AE0B-40E9-B804-347C6358923B}) (Version: 51.0.2704.7 - Google Inc.) Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.) Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix) ClipX (HKLM-x32\...\ClipX) (Version: - ) Color Cop 5.4.3 (HKLM-x32\...\Color Cop_is1) (Version: - Jay Prall) Color Picker (HKLM-x32\...\ST6UNST #1) (Version: - ) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden CutePDF Professional 3.3 (HKLM-x32\...\{F10D1D8F-C20C-4F0D-B243-688C0C6873F6}) (Version: 3.30.1001 - Acro Software Inc.) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation) Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) eReader (HKLM-x32\...\{453C9E55-80DF-4BD2-9885-52A1FB0D9382}) (Version: 3.0.3 - Palm Digital Media) Evernote v. 5.2 (HKLM-x32\...\{090931D6-A2F4-11E3-AD9C-00163E98E7D0}) (Version: 5.2.0.2946 - Evernote Corp.) ExtraPutty 0.22 (HKLM-x32\...\{14C76057-E495-47E1-BDF0-1A1CC1752ADF}) (Version: 0.22 - ) Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation) Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.5.6 - Telerik) FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: - LopeSoft - Rubén López Hernández) FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse) Fine Woodworking Archive (HKLM-x32\...\{84D74E02-0F71-4107-B92F-48848C06ABB0}) (Version: 2.0.1 - Taunton) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.) Git version 1.7.6-preview20110708 (HKLM-x32\...\Git_is1) (Version: 1.7.6-preview20110708 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline) Gtk# for .Net 2.12.25 (HKLM-x32\...\{889E7D77-2A98-4020-83B1-0296FA1BDE8A}) (Version: 2.12.25 - Xamarin, Inc.) HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) HDR projects 4 professional (64-Bit) (HKLM\...\HDR_PROJECTS_4_3_3BF7CE82_is1) (Version: 4.41 - Franzis Verlag GmbH) hMailServer 5.6.4-B2283 (HKLM-x32\...\hMailServer_is1) (Version: - ) huey 1.0.5 (HKLM-x32\...\huey_is1) (Version: - Pantone & GretagMacbeth) IdeaRoom (HKLM-x32\...\{9D3E0103-F902-4368-8CAE-21EE46F2DE9E}) (Version: 1.36.0070 - Sawtooth Ideas) IETester v0.4.10 (remove only) (HKLM-x32\...\IETester) (Version: 0.4.10 - Core Services) iExplorer 3.2.2.6 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) IMG to ISO (HKLM-x32\...\{F10528D1-6478-4F67-A393-CCAC1DB958C1}_is1) (Version: - imgtoiso.com) Inkscape 0.48.1 (HKLM-x32\...\Inkscape) (Version: 0.48.1 - ) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation) iPhoneBrowser (HKLM-x32\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software) IsoBuster 3.4 (HKLM-x32\...\IsoBuster_is1) (Version: 3.4 - Smart Projects) iTunes (HKLM\...\{709990D1-03DA-4302-B364-E4D9F17E2198}) (Version: 12.4.1.6 - Apple Inc.) Java 2 Runtime Environment, SE v1.4.1 (HKLM-x32\...\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}) (Version: - ) Java 2 Runtime Environment, SE v1.4.1_07 (HKLM-x32\...\{CA532E73-1BB7-11D8-9D6A-00010240CE95}) (Version: - ) Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) Java Web Start (HKLM-x32\...\Java Web Start) (Version: - ) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle) Java(TM) 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216039FF}) (Version: 6.0.390 - Oracle) Java(TM) SE Development Kit 6 Update 39 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160390}) (Version: 1.6.0.390 - Oracle) Java(TM) SE Development Kit 7 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.) join.me (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\JoinMe) (Version: 1.17.0.156 - LogMeIn, Inc.) Keywords Studio Pro (HKLM-x32\...\Keywords Studio Pro 1.0.0) (Version: 1.0.0 - intraSEO) Keywords Studio Pro (x32 Version: 1.0.0 - intraSEO) Hidden KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni) K-Lite Codec Pack 8.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.6.0 - ) KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - ) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden LAN-Fax Utilities (HKLM\...\LAN-Fax Utilities) (Version: - ) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version: - Code Jelly) LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.71 - Alliance Software Pty Ltd) Market Samurai (x32 Version: 0.93.71 - Alliance Software Pty Ltd) Hidden Maxwell for SketchUp 2014 (HKLM-x32\...\{E3FA7086-A065-4FAF-B819-400927194F80}) (Version: 3.0.11 - Next Limit Technologies) MDF to ISO version 1.0 (HKLM-x32\...\{79DDA36F-B19E-4293-A4F2-FA3EC1C06E6E}_is1) (Version: 1.0 - mdftoiso.com) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Metalogix Content Matrix Console - File Share Edition (HKLM-x32\...\{99641A98-EE9B-4521-916C-DF09AC9DD4A3}) (Version: 6.2.0302 - Metalogix Software Corp.) Metalogix Content Matrix Console - Public Folder Edition (HKLM-x32\...\{E18CB092-505F-4FE1-B4C7-C53DBBBBA938}) (Version: 6.2.0302 - Metalogix Software Corp.) Metalogix Content Matrix Console - SharePoint Edition (HKLM-x32\...\{A4E8B4B5-C6D6-414B-A513-EDDB70F58959}) (Version: 6.2.0302 - Metalogix Software Corp.) Micro-Measure (HKLM-x32\...\{75E1D518-6772-4073-A71C-354B71181391}) (Version: 1.0.0 - Brightwell) Microsoft .NET Compact Framework 1.0 SP3 Developer (HKLM-x32\...\{6C531060-84FB-4F96-8F33-29DF020632EB}) (Version: 1.0.4292 - Microsoft Corporation) Microsoft .NET Compact Framework 2.0 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.5238 - Microsoft Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation) Microsoft Device Emulator version 1.0 - ENU (HKLM-x32\...\{78B75C6D-E53C-424C-BF83-4B63BD4A6682}) (Version: 1.0.50727.42 - Microsoft Corporation) Microsoft Document Explorer 2005 (HKLM-x32\...\Microsoft Document Explorer 2005) (Version: - Microsoft Corporation) Microsoft Exchange Web Services Managed API 2.1 (HKLM-x32\...\{24CA683D-8174-4EBF-AD4D-3F2DD7814716}) (Version: 15.0.847.30 - Microsoft Corporation) Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation) Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation) Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation) Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation) Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation) Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation) Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation) Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation) Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation) Microsoft Filter Pack 1.0 (HKLM\...\{95120000-2000-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1104 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Lync 2010 Attendee (HKLM-x32\...\{09335E49-1C8F-4973-9929-941BE9C6EF33}) (Version: 4.0.7577.4498 - Microsoft Corporation) Microsoft Lync Web App Plug-in (HKLM\...\{52CAD0B7-8759-4CE5-94D7-8825BBFD7445}) (Version: 15.8.8653.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation) Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Developer Tools for Visual Studio 2013 - November 2014 Update (HKLM-x32\...\{ac415136-ae46-4301-b23e-6559062bfa7b}) (Version: 12.0.31105.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft) Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesignerR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft) Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft) Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Robocopy GUI (HKLM-x32\...\{107C666F-63C5-4263-8D40-8B9CFB5FED08}) (Version: 1.0.0 - Microsoft) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation) Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{62D2F823-0EAA-496D-B0F9-A869BFC51550}) (Version: 8.05.2312 - Microsoft Corporation) Microsoft SQL Server 2005 Books Online (English) (September 2007) (HKLM-x32\...\{6FDD4688-E063-401D-B6BE-7234E20B9173}) (Version: 9.00.3104 - Microsoft Corporation) Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (HKLM-x32\...\{1389C6A4-4965-4AEC-9175-08B54A10FA48}) (Version: 3.0.0.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Policies (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{88CB5DFD-6CE1-486F-998C-9FC090FCE5E2}) (Version: 11.1.3128.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU (HKLM\...\{75F299F3-8234-47CD-BB40-2994C1B1105E}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual Studio 2005 Premier Partner Edition - ENU (HKLM-x32\...\{C25EF637-BE7A-4761-9B45-9069989C319F}) (Version: 8.0.50728 - Microsoft Corporation) Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) (HKLM-x32\...\KB926601.T2_29ToU260_29) (Version: 1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 SharePoint Power Tools (HKLM-x32\...\{FD84580C-12DC-3BA4-ABE8-1E337F776F1D}) (Version: 10.0.30604 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{6dff50d0-3bc3-4a92-b724-bf6d6a99de4f}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation) Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation) Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation) MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.) MoSync (HKLM-x32\...\MoSync) (Version: - Mobile Sorcery) MotoHelper 2.1.32 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola) MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) Hidden Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) MSDN Library for Visual Studio 2005 (HKLM-x32\...\MSDN Library for Visual Studio 2005) (Version: 8.0.50727.42 - Microsoft) MSDN Library for Visual Studio 2005 (x32 Version: 8.0.50727.42 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyLifeOrganized v. 4.3.1 (HKLM-x32\...\MyLife Organized) (Version: 4.3.1 - MyLifeOrganized.net) MySQL Connector/ODBC 5.3 (HKLM\...\{43E572BC-B21F-4BEC-94CA-2D4AA6F53246}) (Version: 5.3.2 - Oracle Corporation) MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.) Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG) Node.js (HKLM\...\{FC4E166C-598C-48CC-BFAC-A709121D3B2C}) (Version: 0.10.22 - Joyent, Inc. and other Node contributors) Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - ) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5951 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5951 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden OutlookTools 2 (HKLM-x32\...\{E69BB189-4B20-46AE-93CF-59099F05FC3F}) (Version: 2.3.0 - HowTo-Outlook) Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 Design-Time - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) Pandora (HKLM-x32\...\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1) (Version: 2.0.5 - Pandora Media, Inc.) Pandora (x32 Version: 2.0.5 - Pandora Media, Inc.) Hidden Paprika Recipe Manager (HKLM-x32\...\{E9AC2A1E-F693-43D0-BBF4-C57A4D9BDFCF}) (Version: 1.0.4 - Hindsight Labs LLC) ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden PDFill PDF Editor with FREE PDF Writer and Tools (HKLM-x32\...\{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}) (Version: 5.0 - PlotSoft LLC) PDFill PDF Writer (HKLM-x32\...\PDFill PDF Writer) (Version: - ) Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden PlayLater (HKLM-x32\...\{B9050F2D-0F98-4530-A494-FCA63931FBE5}) (Version: 1.6.42 - MediaMall Technologies, Inc.) PlayOn (HKLM-x32\...\{8D437274-5816-474B-B57C-C28D62433F8F}) (Version: 3.10.42 - MediaMall Technologies, Inc.) Plex (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Plex) (Version: 0.9.502 - Plex, Inc) Polipo 1.0.4.1 (HKLM-x32\...\Polipo) (Version: - ) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 2.6 pycrypto-2.3 (HKLM-x32\...\{D6242566-9EF5-426E-8F75-F4FBCC010186}) (Version: 2.3.0 - Dwayne C. Litzenberger) Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden Qdabra Rules Library (HKLM\...\{50F764E1-0DB5-4252-8AE9-780BB3A3B16C}) (Version: 2.3.0005 - Qdabra Software) Qdabra Rules Library (HKLM-x32\...\{0643AB4D-8502-47FF-AB27-FCF3649CC3C3}) (Version: 6.1.0001 - Qdabra Software) Qdabra Rules Library (HKLM-x32\...\{2CEB2CBB-6939-48B7-989A-AB01FBB6B14E}) (Version: 5.1.0000 - Qdabra Software) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RAMDisk (HKLM-x32\...\{01D5FF1F-BB19-4387-8EF1-C6319037EC12}) (Version: 3.5.130 - Dataram, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.) Recover My Files (HKLM-x32\...\Recover My Files_is1) (Version: 4.9.2.1240 - GetData Pty Ltd) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Reflector (HKLM\...\{77342B24-A2A9-4420-8C9C-C109EE201CBC}) (Version: 1.3.3.1 - Squirrels) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller 1.92 (HKLM-x32\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group) Revo Uninstaller Pro 2.4.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.4.3 - VS Revo Group, Ltd.) Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net) RoboForm 7-9-14-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-14-4 - Siber Systems) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.66.00(10/30/2014) - Samsung Electronics Co., Ltd.) Samsung M2020 Series (HKLM-x32\...\Samsung M2020 Series) (Version: 1.23 (12/24/2014) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Saver2 (HKLM-x32\...\Saver2) (Version: 1.3.2 - ZZJ) ScanSoft PDF Create! 4 (HKLM\...\{33307810-2945-4F3F-8FEA-0BF522AEFCA7}) (Version: 4.01.0069 - Nuance Communications, Inc.) Scrum Solution Starter for Microsoft Project 2010 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CC7790844E65D3F0F0686CF43FEDFB17AA666F95) (Version: 1.0.0.71 - Microsoft) SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology) Send to OneNote 2007 (HKLM-x32\...\{D0180909-85ED-4F97-B12C-C9E3129F78DC}) (Version: 1.0.0 - Microsoft Office OneNote 2007 PowerToys) SendToOneNote for Chrome (HKLM-x32\...\{62A77CC8-B17A-49C0-9BE6-E77216E86BD3}) (Version: 1.2.0 - Aspark Software) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version: - Microsoft) SharePoint Client Components (HKLM\...\{95150003-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4641.1002 - Microsoft Corporation) SharePoint Client Components (HKLM\...\{95160002-1163-0409-1000-0000000FF1CE}) (Version: 16.0.3104.1200 - Microsoft Corporation) Sharpener Pro 3.0 (HKLM-x32\...\Sharpener Pro 3.0 Stand-Alone) (Version: 3.0.0.5 - Nik Software, Inc.) Sigil 0.4.2 (HKLM\...\Sigil_is1) (Version: - John Schember) SiSoftware Sandra Business 2015 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.10.2015.1 - SiSoftware) SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited) SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited) Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0) (Version: 2.0 - Sparkol) Sparkol VideoScribe (x32 Version: 2.0 - Sparkol) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQLXML4 (HKLM\...\{DEA9F247-F832-4E36-90BF-D8EDA206521A}) (Version: 9.00.5000.00 - Microsoft Corporation) Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 8.12 - Stardock Software, Inc.) Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated) SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) Synergy (64-bit) (HKLM\...\{77865914-4067-41D2-8DE0-ACFA9C83351D}) (Version: 1.7.6 - The Synergy Project) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.62308 - TeamViewer) TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.) TopStyle (Version 3) (HKLM-x32\...\TopStyle (Version 3)) (Version: 3.1.0 - Bradbury Software, LLC) Tor 0.2.1.30 (HKLM-x32\...\Tor) (Version: - ) Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.4 - Transmission) TreeSize Free V2.6 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.6 - JAM Software) TreeSize Professional 5.3.4 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.3.4 - JAM Software) TuneUp 2.5.0.0 (HKLM-x32\...\TuneUpMedia) (Version: 2.5.0.0 - TuneUp Media, Inc.) TuneWiki (HKLM-x32\...\TuneWiki) (Version: 1.0.165.0 - TuneWiki) U2 PCAM (HKLM-x32\...\{F89DC420-FF15-485D-8254-67A27ED1313B}) (Version: 1.2.3.4 - Genesys Logic) Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft) Update or Uninstall SENukeX (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX) Update or Uninstall SENukeX (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX) Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.) Velvia Vision (HKLM-x32\...\{F02DBC56-E5AB-4F74-B995-4586F91D4BDC}) (Version: 1.0 - Fred Miranda) Vertus Fluid Mask 3 2.100.2-RC2 (HKLM-x32\...\VertusFluidMask3) (Version: 2.100.2-RC2 - ) Vidalia 0.2.12 (HKLM-x32\...\Vidalia) (Version: - ) Video Enhancer 1.9.6 (HKLM-x32\...\Video Enhancer_is1) (Version: - Infognition Co. Ltd.) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes) Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.0 - VMware, Inc) VMware Workstation (Version: 9.0.0 - VMware, Inc.) Hidden WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation) Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation) WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinDirStat 1.1.2 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - ) WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun) WindowFX (x32 Version: 5.01 - Stardock Corporation) Hidden Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5) (HKLM\...\929413420CDE2F0C2C08C06E73FF16D9CB6C9807) (Version: 09/17/2009 3.0.0.5 - Apple Inc.) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation) WinISO (HKLM-x32\...\WinISO) (Version: 6.3.0.4829 - WinISO Computing Inc.) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinSCP 4.3.5 (HKLM-x32\...\winscp3_is1) (Version: 4.3.5 - Martin Prikryl) WinSnap (HKLM-x32\...\WinSnap) (Version: 4.0.8 - NTWind Software) WinX DVD Author 5.8 (HKLM-x32\...\WinX DVD Author_is1) (Version: - FreetimeSoft, Inc.) Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version: - Rob Caelers & Raymond Penners) WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation) xplorer² professional 64 bit (HKLM\...\xplorer2p64) (Version: 2.5.0.2 - Zabkat) yEd Graph Editor 3.9.2 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.9.2 - yWorks GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для среды разработки набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\grevolorio\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\grevolorio\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01948B03-BD45-4976-8D31-7855925672EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {05C8BCBA-5173-4FD5-AB52-1671D7DC2D35} - System32\Tasks\{6D5E1E37-7B03-499C-9F90-D7F8A3F44FD4} => pcalua.exe -a "F:\Adobe CS4\Master Collection\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent Task: {0DA826DA-C315-408E-A81B-346FA731E686} - System32\Tasks\{4BD142E9-8A9E-4CF1-8E08-D7B5ABC463F4} => pcalua.exe -a "F:\kodiRelated\FTV v0.52\FTV\Amazon FireTV Utility App.exe" Task: {13009AEA-3E20-4C03-98ED-1DDAA2CBE59A} - System32\Tasks\{1E1D40DD-B7F0-437F-919E-7299C2A201C8} => pcalua.exe -a C:\Users\grevolorio\Desktop\vpnclient-win-msi-5.0.01.0600-k9.exe -d C:\Users\grevolorio\Desktop Task: {1CA54BD7-F8FE-43D7-A568-902BD730F451} - System32\Tasks\{C9D0DEFF-43BC-4715-854F-00A22264221D} => pcalua.exe -a F:\Downloads\Drawing\Pencil-Portrait-Tutorial--How-Beginners-Learn-To-Draw-Pencil-Portraits-Quickly-And-Easily.exe -d F:\Downloads\Drawing Task: {1D334B1E-CF07-488F-9133-6C6018482BF0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {220D5B9C-CC4B-43A8-BE1B-5AA45467AF92} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {2541E100-9850-45B0-8A0C-D00427497A49} - System32\Tasks\{2662DE15-9BFB-4C94-ABE1-B60C1CDBE28D} => pcalua.exe -a "C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3XG5VDK\lastpass_x64[1].exe" -d C:\Users\grevolorio\Desktop Task: {2A46E8FA-0109-4EB2-8581-D8E1CC3F8D47} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe Task: {2AC1D17C-EA09-4710-85F9-66D640AA0BF3} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {2C2A0C7C-A15F-473C-9A03-A80299CEEC13} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation) Task: {3100B96D-BB14-4990-BD3D-54ABC9D6445D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.) Task: {327B3BA7-B8A2-4705-A7D4-9A7536F0D564} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {379F9252-C770-44AA-AF2C-037D7FDACF84} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-06-19] (Siber Systems) Task: {384B22B0-4F48-47CA-A1B8-7D998C13032C} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {4D0D22B8-4C7A-44F5-B04F-96AB41E171EF} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22] () Task: {58289E57-EE9B-437E-9BF3-CCB6ABF1E425} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {59479587-6ECE-4E1C-9E21-55309D69125C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMKMGMNJLJIMKJJJCNOMMJOJKMCNLMJMIMJMCNGMLJIMPMCNLMJMPMMMMJKMLMOJKJKJPMIMJNJICMIMCNGMCNOMLMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMLMLMPMJNHICMEKMICNJJCKJNBJCMJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMKMKMFMPMJN (the data entry has 33 more characters). Task: {5B725530-FFAB-4A23-8563-A928DF68D79B} - System32\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108 => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-07-02] (Citrix Online, a division of Citrix Systems, Inc.) Task: {5D3FF025-C318-46AB-A7A4-5A8F209A70F7} - \SidebarExecute -> No File <==== ATTENTION Task: {6184FBBE-4AA1-42ED-A3A1-E6838CA95637} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {65EDF042-6E5E-4A9C-BCE8-01793ED9162F} - System32\Tasks\{DEDC4BB3-71C0-40D4-9A13-E7BEA775B519} => pcalua.exe -a F:\Downloads\AppleWirelessMouse64.exe Task: {6E0AF919-E2BB-4343-80BD-9DB7B1320AC0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {729AE2CB-D745-4FDE-AD60-D0A8A4636D78} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => F:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies) Task: {7CFEC956-1854-4D03-AC69-5FCACF3ED978} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {83A73D3C-C015-43F6-ABAB-27E7FC5C6590} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns Task: {88FD29A9-84EF-4B5D-B6F4-945733D892B5} - System32\Tasks\{A2F28A60-837B-4A08-93CF-C81107A19128} => pcalua.exe -a "F:\Downloads\Stardock Object Desktop Suite\Stardock Object Desktop Suite\WindowBlinds 5 [Enhanced] - With Crack\WindowBlinds 5 [Enhanced].exe" -d "F:\Downloads\Stardock Object Desktop Suite\Stardock Object Desktop Suite\WindowBlinds 5 [Enhanced] - With Crack" Task: {8B9FD64D-EE19-4346-AB88-F4084AA5EF60} - System32\Tasks\{E725F200-DE8A-4285-85FF-D7DA2DFE1545} => pcalua.exe -a F:\Downloads\solutoinstaller.exe Task: {90FFDBF2-C8F2-4A2B-99C2-BD4B2BA8849B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {92FC9152-3CF6-4DC4-A1FF-8B31A85EC68D} - System32\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB} => F:\Program Files\Allway Sync\Bin\syncappw.exe [2010-05-31] () Task: {93F228DA-AB4B-4BD9-B6D4-456EB46BA16D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {97F9187F-9225-4089-8965-5A446FE551E5} - System32\Tasks\{6C938882-44FC-4762-8288-22AC4957F8AB} => pcalua.exe -a "C:\Users\grevolorio\Desktop\MsiZap (1).exe" -d C:\Users\grevolorio\Desktop Task: {9D8F7C35-05F3-4098-A58A-CFDCE2571B56} - System32\Tasks\{A90FC29D-33BB-491B-AED4-86D69213CF61} => pcalua.exe -a "F:\Downloads\Microsoft Office 2010 Professional (No Key Required)\setup.exe" -d "F:\Downloads\Microsoft Office 2010 Professional (No Key Required)" Task: {A10AE438-01D3-48A2-B1F9-9CFCF67E0B22} - System32\Tasks\{E00AD51B-21C4-4D8F-A4AB-7CC5931C85E2} => pcalua.exe -a "C:\FTV\Amazon FireTV Utility App.exe" Task: {A2C753BE-80E2-4C1E-A35B-C6B17C5DE41F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {AD4D132B-F589-4AB7-9AC7-8E881E3CA6BA} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe Task: {AD684464-6AA5-4425-9D51-8804B6F5C03B} - System32\Tasks\{B40ADBCF-29B3-4A89-B5F3-2C6807F2DECB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall INFOPATHR /dll OSETUP.DLL Task: {AD9C8945-6414-46A1-B1CB-9348EE400E4F} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-21] () Task: {AFDFFF62-8D44-4454-8431-F540107AFF83} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMGMJJLJJMMMLJNJCNMMPMPMHMCNLMGMKMOJCNHMMMNJHMCNNMKJKJOMLMLMKMKJOMPMMJJJJNJICMIMCNOMCNPMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMIJNIKJJIAJDJAJNIGJAJJNKJCMJNNICMJNDJCMKJBJ" Task: {B421371D-E6A0-44B4-B84E-BEB704B7D919} - System32\Tasks\{DBF89E59-98BD-464C-821B-C714ACBF7D00} => pcalua.exe -a "C:\Users\grevolorio\AppData\Local\Temp\Temp1_Drivers for apple majic mouse.zip\Drivers for apple majic mouse\64bit driver.exe" Task: {B42859F1-52BE-4C0B-87A0-089A8A9525FE} - System32\Tasks\{A86051CA-CB2D-4CFC-AA2E-F97F003E332E} => pcalua.exe -a C:\Users\grevolorio.trmdu2\Downloads\VirtualBox-5.0.4-102546-Win.exe Task: {B6124405-83CA-4BD7-9DFD-1176D9CFEA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {B7D682DD-52E1-43BE-BBF8-FDC6840A7669} - System32\Tasks\{AEC957EE-1707-435F-9324-C5329BCEB8F2} => pcalua.exe -a F:\Downloads\AppleWirelessMouse64UNEASY.exe Task: {BA7A7309-376A-49C5-8980-876C5ACE8DDE} - System32\Tasks\DocumentsBackupToNetworkDrive => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation) Task: {BFAECEBD-7839-4DE8-825D-A11D11B4ABE5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI) Task: {C3513C86-0619-4FBC-B521-2594460A8AB7} - System32\Tasks\{5EF141E4-698E-4751-AFC4-21FB5FB4CCC4} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {C7E44BE0-CBC9-4833-85C7-DCDE3709A73A} - System32\Tasks\{3EE8355E-6EFE-4231-BA1C-0027510C8764} => pcalua.exe -a F:\Downloads\OfficeExcel2003XMLToolsAddin.exe -d F:\Downloads Task: {D6847D8E-3585-4794-AD85-56EB9F05F9FA} - System32\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108 => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupload.exe [2015-07-02] (Citrix Online, a division of Citrix Systems, Inc.) Task: {DDBE4BC3-4239-45EA-85A5-E4557D3F2AD6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {DE2F2154-92E1-40E2-8EB6-A80435CCCFB7} - System32\Tasks\{9AA97C05-331D-48E7-B2B6-393DA5DB59E3} => pcalua.exe -a F:\Downloads\Vertus_Fluid_Mask_3.2.1_MegaRapidshare.com\fluid_mask_3_setup_2.100.2-RC2.exe Task: {E121D49B-E0A6-45BA-9FBA-E6A579E8DCAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {E62AE87E-4B4E-4A62-A2A5-C62E351425B8} - System32\Tasks\{FB5637CE-774D-41E9-8A18-A66C6F08DE12} => pcalua.exe -a "F:\Downloads\windirstat1_1_2_setup (1).exe" -d F:\Downloads Task: {E86215D1-331F-46EA-B5D2-DD63481E1867} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.) Task: {E8FC4795-B64E-463C-96A9-BE0B8DBF960D} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {E96AA20C-5A24-4099-8877-9D626337E24D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {F0F929D8-853A-41D7-BF97-78FBA3A7E8E9} - System32\Tasks\{5F894392-522C-4E66-80C8-E72C3D3AD54E} => pcalua.exe -a F:\Downloads\applewirelessmouse.exe Task: {F379DF3B-1EC4-4330-84B3-57537B17F6CE} - System32\Tasks\CopyMyDocsToU_Drive => Task: {F787EACE-34DC-43A0-9DA4-440D0A487857} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {FC31E385-F59B-4071-A73F-53FC0F691907} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {FCAEA3E8-B27E-4792-96C7-DE1B513D73A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {FE0A6D57-BA94-4854-A4CF-ED585B3BB4B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job => F:\Program Files\Allway Sync\Bin\syncappw.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108.job => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108.job => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ParetoLogic Registration.job => rundll32.exe C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\grevolorio.trmdu2\Desktop\Gus - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9cc420c2be074d9\Identity API Scope Approval UI.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ahjaciijnoiaklcomgnblndopackapon ==================== Loaded Modules (Whitelisted) ============== 2012-05-15 13:12 - 2012-05-15 13:12 - 00385680 _____ () F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WFX32.exe 2011-01-11 10:52 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll 2015-08-28 15:35 - 2014-10-30 08:18 - 00029184 ____C () C:\Windows\System32\ssj2mlm.dll 2014-11-12 05:20 - 2014-11-12 05:20 - 00524800 _____ () f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe 2015-08-04 08:26 - 2015-08-04 08:26 - 00718040 _____ () F:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 00018600 _____ () C:\Program Files\Synergy\synwinhk.DLL 2016-03-16 06:17 - 2016-03-16 06:17 - 00052912 _____ () F:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () F:\Program Files (x86)\Unlocker\UnlockerCOM.dll 2011-02-14 17:55 - 2009-06-21 08:52 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-08-04 08:26 - 2015-08-04 08:26 - 00861912 _____ () F:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll 2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 00312488 _____ () C:\Program Files\Synergy\synergyd.exe 2015-07-08 16:59 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2010-11-08 11:15 - 2010-11-08 11:15 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll 2015-06-30 08:24 - 2015-06-30 08:24 - 00408576 _____ () F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll 2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 00171520 ____R () C:\Program Files (x86)\Calibre2\calibre.exe 2016-07-01 08:50 - 2016-07-01 08:50 - 00024576 ____R () C:\Program Files (x86)\Calibre2\calibre-parallel.exe 2016-06-17 17:07 - 2016-06-15 04:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-17 17:07 - 2016-06-15 04:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 01881256 _____ () C:\Program Files\Synergy\synergy.exe 2016-03-18 14:52 - 2016-03-18 14:52 - 00979112 _____ () C:\Program Files\Synergy\synergys.exe 2014-08-20 09:47 - 2014-05-13 12:04 - 00109400 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-20 09:47 - 2014-05-13 12:04 - 00416600 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-20 09:47 - 2014-05-13 12:04 - 00167768 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-08-20 09:47 - 2012-08-23 10:38 - 00574840 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-08-20 09:47 - 2012-04-03 17:06 - 00565640 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2012-08-15 14:11 - 2012-08-15 14:11 - 01222656 _____ () F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\libxml2.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00037376 ____R () C:\Program Files (x86)\Calibre2\calibre-launcher.dll 2014-05-03 23:25 - 2014-05-03 23:25 - 00110080 ____R () C:\Program Files (x86)\Calibre2\DLLs\pywintypes27.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00057344 ____R () C:\Program Files (x86)\Calibre2\plugins2\progress_indicator.pyd 2016-07-01 08:47 - 2016-07-01 08:47 - 00069632 ____R () C:\Program Files (x86)\Calibre2\plugins2\imageops.pyd 2016-07-01 08:50 - 2016-07-01 08:50 - 00176128 ____R () C:\Program Files (x86)\Calibre2\DLLs\libxslt.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 01069568 ____R () C:\Program Files (x86)\Calibre2\DLLs\libxml2.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 00064000 ____R () C:\Program Files (x86)\Calibre2\DLLs\libexslt.dll 2014-12-10 12:23 - 2014-12-10 12:23 - 00426496 ____R () C:\Program Files (x86)\Calibre2\DLLs\sqlite3.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00035840 ____R () C:\Program Files (x86)\Calibre2\plugins2\wpd.pyd 2014-05-03 23:29 - 2014-05-03 23:29 - 00396800 ____R () C:\Program Files (x86)\Calibre2\DLLs\pythoncom27.dll 2016-07-01 08:46 - 2016-07-01 08:46 - 00262144 ____R () C:\Program Files (x86)\Calibre2\plugins2\hunspell.pyd 2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-30 05:53 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2016-05-12 19:57 - 2016-06-06 21:58 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-07-11 14:07 - 2016-06-06 21:59 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-05-12 19:57 - 2016-06-06 21:58 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-05-12 19:57 - 2016-07-05 14:00 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-05-12 19:57 - 2016-06-06 21:59 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-07-11 14:07 - 2016-06-06 22:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-07-11 14:07 - 2016-06-06 21:59 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-07-11 14:07 - 2016-06-06 22:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-07-11 14:07 - 2016-07-05 14:00 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-07-11 14:07 - 2016-07-05 14:00 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-05-12 19:57 - 2016-06-06 21:59 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2014-08-20 09:47 - 2014-04-25 14:11 - 02972112 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll 2016-03-08 09:04 - 2016-03-08 09:04 - 02415104 _____ () C:\Program Files\Synergy\QtCore4.dll 2009-01-10 10:32 - 2009-01-10 10:32 - 00011362 _____ () C:\Program Files\Synergy\mingwm10.dll 2009-06-22 18:42 - 2009-06-22 18:42 - 00043008 _____ () C:\Program Files\Synergy\libgcc_s_dw2-1.dll 2010-02-10 14:43 - 2010-02-10 14:43 - 09515520 _____ () C:\Program Files\Synergy\QtGui4.dll 2010-02-10 14:10 - 2010-02-10 14:10 - 01148416 _____ () C:\Program Files\Synergy\QtNetwork4.dll 2013-12-17 04:42 - 2013-12-17 04:42 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows: [108] AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [125] AlternateDataStreams: C:\Users\grevolorio.trmdu2\.DS_Store:AFP_AfpInfo [122] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\bunker -> hxxps://bunker IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\calshr01 -> hxxp://calshr01 IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\calshr02 -> hxxp://calshr02 IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\emmarx.com -> hxxp://reports.emmarx.com IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\inrangesystems.com -> hxxp://intranet.inrangesystems.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-se.com -> 1-se.com There are 11773 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\greenskybrands.com -> hxxp://intranet.greenskybrands.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\greenskybrands.com -> hxxp://intranet.greenskybrands.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2011-10-28 15:03 - 2016-07-16 08:38 - 00450173 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15466 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\sharepointadmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 192.168.0.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: CronService => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: sdAuxService => 3 MSCONFIG\Services: sdCoreService => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^monitorpad.lnk => C:\Windows\pss\monitorpad.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tor.lnk => C:\Windows\pss\Tor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^grevolorio.trmdu2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup MSCONFIG\startupfolder: C:^Users^grevolorio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLO.lnk => C:\Windows\pss\MLO.lnk.Startup MSCONFIG\startupfolder: C:^Users^grevolorio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyLife Organized.lnk => C:\Windows\pss\MyLife Organized.lnk.Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplePhotoStreams => MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: AttendeeCommunicator => "C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe" /fromrunkey MSCONFIG\startupreg: BackupAndRecoveryMonitor.exe => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe MSCONFIG\startupreg: Box Edit => C:\Users\grevolorio.trmdu2\AppData\Local\Box\Box Edit\Box Edit.exe MSCONFIG\startupreg: Box Local Com Server => C:\ProgramData\Box\ComServer\Box Local Com Service.exe MSCONFIG\startupreg: ccApp => "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" MSCONFIG\startupreg: ClipToOneNote => MSCONFIG\startupreg: EEDSpeedLauncher => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MSCONFIG\startupreg: Google Desktop Search => MSCONFIG\startupreg: iCloudServices => MSCONFIG\startupreg: itype => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe MSCONFIG\startupreg: MobileDocuments => MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start MSCONFIG\startupreg: PlayOn => C:\Program Files (x86)\MediaMall\PlayOn.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SDTray => "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: Spybot-S&D Cleaning => "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: uTorrent => "C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: Vidalia => "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" MSCONFIG\startupreg: vmware-tray => MSCONFIG\startupreg: vmware-tray.exe => "F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-tray.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{2C84D7A8-185F-48F0-997F-3A814FEB1212}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe FirewallRules: [UDP Query User{76BCF8C2-EC1E-47FD-A852-CE49592796D5}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe FirewallRules: [{E4DAC48E-0F06-4425-87B9-7BD5994267BF}] => (Allow) F:\Downloads\solutoinstaller-Lc51Pys8GM.exe FirewallRules: [{DE5F8045-275F-4630-8682-8236CFC1A9FA}] => (Allow) F:\Downloads\solutoinstaller-Lc51Pys8GM.exe FirewallRules: [{3CAF5393-735B-4381-9C98-BE52D398D458}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{D093949F-C20C-4810-B36E-6B28E571CC81}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{C6F07D1B-04C4-4F10-BDA4-374E78C5EF19}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{24C77659-9DEF-4ABA-B4B9-64F8BC15A943}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B5BA6578-03EA-4F19-B6A2-C924C6C8E14F}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe FirewallRules: [{758E4422-978B-47A4-86E4-B8F589FB2F26}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe FirewallRules: [{051D6AFF-140B-4251-A785-C60079EDB7FD}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe FirewallRules: [{7AC51C86-1E31-4E96-A1FF-7A9E9D7CE9C1}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [{E82D2D2F-BFBD-41F4-A369-818C95FE2B09}] => (Allow) C:\Users\grevolorio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B9EB0C5C-06D4-405B-BFEF-E1240AFC3A92}] => (Allow) C:\Users\grevolorio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4FE7CDC6-7A33-4C99-ABED-B4C4EA2F2743}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{46A01AAE-281A-4A88-9B9E-D5E9DD8EF2B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AA765390-3C76-4719-96A5-CFF7997FFC8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{51707004-99BF-4B82-866C-6DBD656522DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6EE70C80-E842-4BB8-8FB2-4183E0A2B6CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B261E1BA-7CCA-4BDA-A864-90AD5F09B541}] => (Allow) C:\Users\grevolorio\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{B05ABD30-952F-4977-88FB-0BF6B0D8486C}] => (Allow) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe FirewallRules: [{0E804373-A724-4174-95E8-11BF1A486C38}] => (Allow) F:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{482C2904-B9EB-460A-B24A-CDE0111F39B6}] => (Allow) F:\Program Files (x86)\BitTorrent Sync\BTSync.exe FirewallRules: [{30113CC9-EA36-40C1-ACE3-9C07A0D32065}] => (Allow) F:\Program Files (x86)\BitTorrent Sync\BTSync.exe FirewallRules: [{455BC505-116E-4778-9C47-D0039C5ABD3F}] => (Allow) LPort=12292 FirewallRules: [{48E75E71-2CBD-4890-8FDF-D76036F2069D}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe FirewallRules: [{B80C427A-4A78-4C8F-8C5A-F9137515E7DA}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe FirewallRules: [{97D36CA4-D871-4663-BF1F-D7D27925F9D4}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe FirewallRules: [{53162F45-0E3E-441F-AD2A-795DD8EBAB2D}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe FirewallRules: [{CB2F542C-B0A8-44DC-87F1-457206EFAC68}] => (Allow) C:\Program Files (x86)\MediaMall\PlayLater.exe FirewallRules: [{69B9AE74-7660-4131-A026-481F146680CA}] => (Allow) f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\RpcAgentSrv.exe FirewallRules: [{8A1F8345-6A95-49F8-A078-63007A1228A3}] => (Allow) f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\WNt600x64\RpcSandraSrv.exe FirewallRules: [{C974CD50-7415-43E1-9081-9640AB51C81D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE7E25B2-F63F-4E9B-8373-0A23074C71B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{EBC71303-5F45-4EDC-8E05-A3C6405AF3E8}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [UDP Query User{49A87548-8B14-4D3A-BA89-3E30CBD64639}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [{8A45DF66-77B3-47F5-9E5B-6E67E8CD3672}] => (Block) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [{2358E7EC-EE95-49BE-8DE1-26AF8F97ADAD}] => (Block) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [TCP Query User{011516DF-6F3F-479A-8621-1D0D84A0991F}F:\program files\transmission\transmission-qt.exe] => (Allow) F:\program files\transmission\transmission-qt.exe FirewallRules: [UDP Query User{ABA9851F-F69F-4C9D-A24E-A115D08E0AB4}F:\program files\transmission\transmission-qt.exe] => (Allow) F:\program files\transmission\transmission-qt.exe FirewallRules: [{4095281A-CA21-41D6-BA24-5FE980C904D0}] => (Block) F:\program files\transmission\transmission-qt.exe FirewallRules: [{24B34338-DD29-4CA9-AD70-42F3924DD47F}] => (Block) F:\program files\transmission\transmission-qt.exe FirewallRules: [{AED27814-FFA9-4899-B195-BE194AA6F13A}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{A0DE4516-2BD6-4D21-AE2B-124A3B182B0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{E0D62CAE-785A-402E-A297-8B4033C9B7A7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{932729FC-8CEF-4D87-B35B-8778A82696D8}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1706A022-0050-4667-91AA-26B728B5ADD8}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1EBA2EAC-E1BE-48CE-A61E-C0BEF9EC4047}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{583FE798-093F-4AFC-87FB-6E46B63294A7}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EA173698-EF6B-4459-A147-42C9EDA2520C}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F3E80BF7-DA3F-42AB-84EB-C25F52B2AF47}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{71CA5F73-AFD7-40C6-BDAF-10CC1A9579E5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{4D1F3054-3DA7-46C6-BF81-7F064302A7E6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{29A5A62E-BA87-4660-B3AA-624A5051E5F2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{6369152E-C858-4EDF-BB52-6895496F3D74}] => (Allow) f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe FirewallRules: [{E78D9C97-08D7-434F-8123-13261C4D9C6A}] => (Allow) f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe FirewallRules: [{3792C9C6-450E-426B-986C-5824239E896A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F3E4F551-C952-46A2-9CD8-2A5715867AC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{02F4B432-CBA2-4E39-B3FF-F55F89EC7B68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{8A0142B3-4C3B-4255-ABA5-96A1B1BD07D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F598C328-3FB4-42B6-899B-A8D1E5B2EC43}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{7F10E473-1BCA-4539-B818-F0EF53397B0F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{CBD9A108-FE5D-4C30-A810-642437C8E1F8}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{6DD6D3DB-85B6-4E8A-B606-85CA460F802A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{20FAFEED-FBD1-44C6-8EFB-994DC36F082C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{EB4B33CD-E952-4BFC-B5DE-B6D3A09356AF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{EC02FE5E-F982-4195-96AA-CE84BEECCF6A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{21DD25A7-A8D1-4916-A603-11C1BC9AD862}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{14B43CDE-088B-4241-AE08-1E53015DBD6D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{1FBAD7D8-6F46-41E4-961C-0EAB6CA8B4BE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{B7D324F3-4B17-46E4-9913-152127D321A5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [{422A2506-3182-4452-B20C-5EC8186315FD}] => (Allow) C:\Program Files\Synergy\synergys.exe FirewallRules: [{C86D90D8-8EFA-49AF-93C1-3293B433ED7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6E079AAB-5654-4264-8491-85AF7E253C08}] => (Allow) C:\Windows\explorer.exe FirewallRules: [{98CBFD6B-3FB9-488B-A3C8-3C054460A2B1}] => (Allow) C:\Windows\system32\rundll32.exe StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Intel(R) Centrino(R) Advanced-N 6200 AGN Description: Intel(R) Centrino(R) Advanced-N 6200 AGN Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: NETw5s64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Loopback Adapter Description: Microsoft Loopback Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: msloop Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/18/2016 09:05:53 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/18/2016 04:05:57 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 11:05:25 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 10:59:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoPico.exe, version: 12.3.0.0, time stamp: 0x53b06ef5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c Exception code: 0xe0434352 Fault offset: 0x000000000001a06d Faulting process id: 0x18438 Faulting application start time: 0xAutoPico.exe0 Faulting application path: AutoPico.exe1 Faulting module path: AutoPico.exe2 Report Id: AutoPico.exe3 Error: (07/17/2016 10:59:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AutoPico.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException Stack: at System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult) at AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult) at System.Net.LazyAsyncResult.Complete(IntPtr) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Net.ContextAwareResult.Complete(IntPtr) at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) Error: (07/17/2016 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (07/17/2016 06:05:33 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 05:29:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoPico.exe, version: 12.3.0.0, time stamp: 0x53b06ef5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c Exception code: 0xe0434352 Fault offset: 0x000000000001a06d Faulting process id: 0x184bc Faulting application start time: 0xAutoPico.exe0 Faulting application path: AutoPico.exe1 Faulting module path: AutoPico.exe2 Report Id: AutoPico.exe3 Error: (07/17/2016 05:29:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AutoPico.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException Stack: at System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult) at AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult) at System.Net.LazyAsyncResult.Complete(IntPtr) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Net.ContextAwareResult.Complete(IntPtr) at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) Error: (07/17/2016 01:05:09 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. System errors: ============= Error: (07/09/2016 08:46:16 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (06/17/2016 03:52:14 PM) (Source: VDS Dynamic Provider) (EventID: 40) (User: ) Description: The remove plex operation failed to complete. status=C038003B Error: (06/17/2016 03:48:38 PM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: 490@01010004 Error: (06/17/2016 03:40:15 PM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: 490@01010004 Error: (06/13/2016 06:09:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 06:09:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 06:09:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY59 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 05:47:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the VMware Workstation Server service, but this action failed with the following error: %%193 Error: (06/13/2016 05:46:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Run the configured recovery program. Error: (06/13/2016 05:45:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) CodeIntegrity: =================================== Date: 2016-07-17 04:56:59.348 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-17 04:56:59.258 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-17 04:56:59.099 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.984 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.894 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.509 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:34.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:33.925 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:33.538 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 03:10:30.776 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz Percentage of memory in use: 93% Total physical RAM: 16316.38 MB Available physical RAM: 1045.3 MB Total Virtual: 16826.56 MB Available Virtual: 528.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:22.36 GB) NTFS Drive d: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF Drive f: (SoftRaid) (Fixed) (Total:731.32 GB) (Free:32.08 GB) NTFS Drive g: (Virtual) (Fixed) (Total:465.76 GB) (Free:412.86 GB) NTFS Drive i: (My Passport) (Fixed) (Total:930.86 GB) (Free:710.41 GB) NTFS Drive m: () (Fixed) (Total:465.75 GB) (Free:268.39 GB) NTFS Drive n: () (Fixed) (Total:465.75 GB) (Free:432.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0D040DF6) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=100 GB) - (Type=42) Partition 4: (Not Active) - (Size=831.4 GB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 08C4D7E9) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=100 GB) - (Type=42) Partition 4: (Not Active) - (Size=831.4 GB) - (Type=42) ======================================================== Disk: 2 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 00052F35) Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  5. Done. This is the log: 2012-05-31 16:57:00: **************************************************** 2012-05-31 16:57:00: Starting UP ... v 0.0.0.220 2012-05-31 16:57:00: **************************************************** 2012-05-31 16:57:00: Stop TPSRV returns: 2 2012-05-31 16:57:15: Listing processes... 2012-05-31 16:57:15: :[system Process]:0 2012-05-31 16:57:15: :System:4 2012-05-31 16:57:15: :smss.exe:356 2012-05-31 16:57:15: :csrss.exe:632 2012-05-31 16:57:15: :wininit.exe:732 2012-05-31 16:57:15: :services.exe:788 2012-05-31 16:57:15: :lsass.exe:796 2012-05-31 16:57:15: :lsm.exe:804 2012-05-31 16:57:15: :svchost.exe:1000 2012-05-31 16:57:15: :svchost.exe:628 2012-05-31 16:57:15: :svchost.exe:720 2012-05-31 16:57:15: :svchost.exe:1048 2012-05-31 16:57:15: :svchost.exe:1216 2012-05-31 16:57:15: :Pen_TouchService.exe:1400 2012-05-31 16:57:15: :Smc.exe:1532 2012-05-31 16:57:15: :svchost.exe:1588 2012-05-31 16:57:15: :ccSvcHst.exe:1840 2012-05-31 16:57:15: :spoolsv.exe:1764 2012-05-31 16:57:15: :SASCore64.exe:2660 2012-05-31 16:57:15: :armsvc.exe:2716 2012-05-31 16:57:15: :mDNSResponder.exe:2964 2012-05-31 16:57:15: :btwdins.exe:1896 2012-05-31 16:57:15: :svchost.exe:2796 2012-05-31 16:57:15: :LMIGuardianSvc.exe:2616 2012-05-31 16:57:15: :ramaint.exe:3116 2012-05-31 16:57:15: :LogMeIn.exe:3152 2012-05-31 16:57:15: :nlssrv32.exe:3328 2012-05-31 16:57:15: :PsiService_2.exe:3388 2012-05-31 16:57:15: :cscript.exe:3400 2012-05-31 16:57:15: :SeagateDashboardService.exe:3764 2012-05-31 16:57:15: :nvSCPAPISvr.exe:3868 2012-05-31 16:57:15: :Rtvscan.exe:3936 2012-05-31 16:57:15: :Pen_Tablet.exe:3980 2012-05-31 16:57:15: :TeamViewer_Service.exe:4024 2012-05-31 16:57:15: :vmware-usbarbitrator.exe:4048 2012-05-31 16:57:15: :vmnat.exe:4072 2012-05-31 16:57:15: :WLIDSVC.EXE:3708 2012-05-31 16:57:15: :WLIDSVCM.EXE:3568 2012-05-31 16:57:15: :vmware-authd.exe:2452 2012-05-31 16:57:15: :vmnetdhcp.exe:4260 2012-05-31 16:57:15: :SearchIndexer.exe:4588 2012-05-31 16:57:15: :iPodService.exe:4492 2012-05-31 16:57:15: :svchost.exe:5640 2012-05-31 16:57:15: :NASvc.exe:2848 2012-05-31 16:57:15: :svchost.exe:5428 2012-05-31 16:57:15: :svchost.exe:5140 2012-05-31 16:57:15: :GoogleEarth-Win-Plugin-6.2.2.6613.exe:2712 2012-05-31 16:57:15: :GoogleEarth-Win-Bundle-6.2.2.6613.exe:5748 2012-05-31 16:57:15: :audiodg.exe:5156 2012-05-31 16:57:15: :csrss.exe:2104 2012-05-31 16:57:15: :winlogon.exe:6504 2012-05-31 16:57:15: :wisptis.exe:4108 2012-05-31 16:57:15: :MouseWithoutBorders.exe:3092 2012-05-31 16:57:15: :MouseWithoutBorders.exe:5160 2012-05-31 16:57:15: :taskhost.exe:2156 2012-05-31 16:57:15: :wisptis.exe:2120 2012-05-31 16:57:15: :TabTip.exe:4224 2012-05-31 16:57:15: :TeamViewer.exe:5728 2012-05-31 16:57:15: :TabTip32.exe:6620 2012-05-31 16:57:15: :Pen_TouchUser.exe:1072 2012-05-31 16:57:15: :tv_w32.exe:6512 2012-05-31 16:57:15: :tv_x64.exe:6460 2012-05-31 16:57:15: :Pen_TabletUser.exe:1128 2012-05-31 16:57:15: :Pen_Tablet.exe:6364 2012-05-31 16:57:15: :dwm.exe:2272 2012-05-31 16:57:15: :explorer.exe:6532 2012-05-31 16:57:15: :SmcGui.exe:7128 2012-05-31 16:57:15: :ProtectionUtilSurrogate.exe:3012 2012-05-31 16:57:15: :wuauclt.exe:4452 2012-05-31 16:57:15: :LogMeInSystray.exe:2772 2012-05-31 16:57:15: :ipoint.exe:3432 2012-05-31 16:57:15: :robotaskbaricon.exe:3428 2012-05-31 16:57:15: :Dropbox.exe:2268 2012-05-31 16:57:15: :EvernoteClipper.exe:1484 2012-05-31 16:57:15: :Launchy.exe:6660 2012-05-31 16:57:15: :mlo.exe:4244 2012-05-31 16:57:15: :ONENOTEM.EXE:2424 2012-05-31 16:57:15: :acrotray.exe:2396 2012-05-31 16:57:15: :UnlockerAssistant.exe:2392 2012-05-31 16:57:15: :iTunesHelper.exe:6960 2012-05-31 16:57:15: :DDHelper.exe:2304 2012-05-31 16:57:15: :wmpnetwk.exe:2988 2012-05-31 16:57:15: :SProxy.exe:6976 2012-05-31 16:57:15: :mstsc.exe:5820 2012-05-31 16:57:15: :unsecapp.exe:2852 2012-05-31 16:57:15: :OUTLOOK.EXE:6764 2012-05-31 16:57:15: :notepad++.exe:6208 2012-05-31 16:57:15: :BrowzarSilver2000.exe:5520 2012-05-31 16:57:15: :chrome.exe:5376 2012-05-31 16:57:15: :chrome.exe:5936 2012-05-31 16:57:15: :chrome.exe:4688 2012-05-31 16:57:15: :chrome.exe:6424 2012-05-31 16:57:15: :chrome.exe:3668 2012-05-31 16:57:15: :chrome.exe:4036 2012-05-31 16:57:15: :chrome.exe:6640 2012-05-31 16:57:15: :chrome.exe:2820 2012-05-31 16:57:15: :chrome.exe:4632 2012-05-31 16:57:15: :chrome.exe:4948 2012-05-31 16:57:15: :chrome.exe:1196 2012-05-31 16:57:15: :GoogleEarth-Win-Plugin-6.2.2.6613.exe:4552 2012-05-31 16:57:15: :xplorer2_64.exe:2312 2012-05-31 16:57:15: :SearchProtocolHost.exe:4484 2012-05-31 16:57:15: :SearchFilterHost.exe:3800 2012-05-31 16:57:15: :yorkyt.exe:2784 2012-05-31 16:57:15: :WmiPrvSE.exe:5040 2012-05-31 16:57:15: 2012-05-31 16:57:15: Setting restore point 2012-05-31 16:57:34: RUN mode 2012-05-31 16:57:34: Determining autonomous or dropped mode... 2012-05-31 16:57:34: Autonomus mode 2012-05-31 16:57:34: --------------------------------------------------------------------- 2012-05-31 16:57:34: Found Service: AeLookupSvc 2012-05-31 16:57:34: Real Path: C:\Windows\System32\aelupsvc.dll 2012-05-31 16:57:34: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1 2012-05-31 16:57:34: Description: @%SystemRoot%\system32\aelupsvc.dll,-2 2012-05-31 16:57:34: ServiceDLL: System32\aelupsvc.dll 2012-05-31 16:57:34: File size: 0 2012-05-31 16:57:34: DLL File name: aelupsvc.dll 2012-05-31 16:57:34: Original File Name: aelupsvc.dll.mui 2012-05-31 16:57:34: Company: 2012-05-31 16:57:34: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: AppIDSvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\appidsvc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\appidsvc.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\appidsvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\appidsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: appidsvc.dll 2012-05-31 16:57:35: Original File Name: appidsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: Appinfo 2012-05-31 16:57:35: Real Path: C:\Windows\System32\appinfo.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\appinfo.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\appinfo.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\appinfo.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: appinfo.dll 2012-05-31 16:57:35: Original File Name: appinfo.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: AppMgmt 2012-05-31 16:57:35: Real Path: C:\Windows\System32\appmgmts.dll 2012-05-31 16:57:35: Display Name: @appmgmts.dll,-3250 2012-05-31 16:57:35: Description: @appmgmts.dll,-3251 2012-05-31 16:57:35: ServiceDLL: System32\appmgmts.dll 2012-05-31 16:57:35: File size: 149504 2012-05-31 16:57:35: DLL File name: appmgmts.dll 2012-05-31 16:57:35: Original File Name: appmgmts.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211453 20090713193834 20090713193834 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: AudioEndpointBuilder 2012-05-31 16:57:35: Real Path: C:\Windows\System32\Audiosrv.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\audiosrv.dll,-205 2012-05-31 16:57:35: ServiceDLL: System32\Audiosrv.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: Audiosrv.dll 2012-05-31 16:57:35: Original File Name: audiosrv.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: AudioSrv 2012-05-31 16:57:35: Real Path: C:\Windows\System32\Audiosrv.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\audiosrv.dll,-201 2012-05-31 16:57:35: ServiceDLL: System32\Audiosrv.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: Audiosrv.dll 2012-05-31 16:57:35: Original File Name: audiosrv.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: AxInstSV 2012-05-31 16:57:35: Real Path: C:\Windows\System32\AxInstSV.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\AxInstSV.dll,-104 2012-05-31 16:57:35: ServiceDLL: System32\AxInstSV.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: AxInstSV.dll 2012-05-31 16:57:35: Original File Name: AxInstSv.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: BDESVC 2012-05-31 16:57:35: Real Path: C:\Windows\System32\bdesvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\bdesvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\bdesvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: bdesvc.dll 2012-05-31 16:57:35: Original File Name: BDESVC.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: BITS 2012-05-31 16:57:35: Real Path: C:\Windows\system32\qmgr.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\qmgr.dll,-1001 2012-05-31 16:57:35: ServiceDLL: system32\qmgr.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: qmgr.dll 2012-05-31 16:57:35: Original File Name: qmgr.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: Browser 2012-05-31 16:57:35: Real Path: C:\Windows\System32\browser.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\browser.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\browser.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\browser.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: browser.dll 2012-05-31 16:57:35: Original File Name: browser.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: bthserv 2012-05-31 16:57:35: Real Path: C:\Windows\system32\bthserv.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\bthserv.dll,-101 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\bthserv.dll,-102 2012-05-31 16:57:35: ServiceDLL: system32\bthserv.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: bthserv.dll 2012-05-31 16:57:35: Original File Name: BTHSERV.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: CertPropSvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\certprop.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\certprop.dll,-11 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\certprop.dll,-12 2012-05-31 16:57:35: ServiceDLL: System32\certprop.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: certprop.dll 2012-05-31 16:57:35: Original File Name: certprop.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: CryptSvc 2012-05-31 16:57:35: Real Path: C:\Windows\system32\cryptsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002 2012-05-31 16:57:35: ServiceDLL: system32\cryptsvc.dll 2012-05-31 16:57:35: File size: 135680 2012-05-31 16:57:35: DLL File name: cryptsvc.dll 2012-05-31 16:57:35: Original File Name: cryptsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211507 20090713193303 20090713193303 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: CscService 2012-05-31 16:57:35: Real Path: C:\Windows\System32\cscsvc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\cscsvc.dll,-200 2012-05-31 16:57:35: Description: @%systemroot%\system32\cscsvc.dll,-201 2012-05-31 16:57:35: ServiceDLL: System32\cscsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: cscsvc.dll 2012-05-31 16:57:35: Original File Name: cscsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: DcomLaunch 2012-05-31 16:57:35: Real Path: C:\Windows\system32\rpcss.dll 2012-05-31 16:57:35: Display Name: @oleres.dll,-5012 2012-05-31 16:57:35: Description: @oleres.dll,-5013 2012-05-31 16:57:35: ServiceDLL: system32\rpcss.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: rpcss.dll 2012-05-31 16:57:35: Original File Name: rpcss.dll 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: defragsvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\defragsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\defragsvc.dll,-102 2012-05-31 16:57:35: ServiceDLL: System32\defragsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: defragsvc.dll 2012-05-31 16:57:35: Original File Name: defragsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: Dhcp 2012-05-31 16:57:35: Real Path: C:\Windows\system32\dhcpcore.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\dhcpcore.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\dhcpcore.dll 2012-05-31 16:57:35: File size: 253440 2012-05-31 16:57:35: DLL File name: dhcpcore.dll 2012-05-31 16:57:35: Original File Name: dhcpcore.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211511 20090713191216 20090713191216 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: Dnscache 2012-05-31 16:57:35: Real Path: C:\Windows\System32\dnsrslvr.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\dnsapi.dll,-102 2012-05-31 16:57:35: ServiceDLL: System32\dnsrslvr.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: dnsrslvr.dll 2012-05-31 16:57:35: Original File Name: dnsrslvr.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: dot3svc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\dot3svc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\dot3svc.dll,-1102 2012-05-31 16:57:35: Description: @%systemroot%\system32\dot3svc.dll,-1103 2012-05-31 16:57:35: ServiceDLL: System32\dot3svc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: dot3svc.dll 2012-05-31 16:57:35: Original File Name: dot3svc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: DPS 2012-05-31 16:57:35: Real Path: C:\Windows\system32\dps.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\dps.dll,-500 2012-05-31 16:57:35: Description: @%systemroot%\system32\dps.dll,-501 2012-05-31 16:57:35: ServiceDLL: system32\dps.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: dps.dll 2012-05-31 16:57:35: Original File Name: dps.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: EapHost 2012-05-31 16:57:35: Real Path: C:\Windows\System32\eapsvc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\eapsvc.dll,-1 2012-05-31 16:57:35: Description: @%systemroot%\system32\eapsvc.dll,-2 2012-05-31 16:57:35: ServiceDLL: System32\eapsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: eapsvc.dll 2012-05-31 16:57:35: Original File Name: eapsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: EventSystem 2012-05-31 16:57:35: Real Path: C:\Windows\system32\es.dll 2012-05-31 16:57:35: Display Name: @comres.dll,-2450 2012-05-31 16:57:35: Description: @comres.dll,-2451 2012-05-31 16:57:35: ServiceDLL: system32\es.dll 2012-05-31 16:57:35: File size: 271360 2012-05-31 16:57:35: DLL File name: es.dll 2012-05-31 16:57:35: Original File Name: ES.DLL 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211519 20090713194438 20090713194438 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: fdPHost 2012-05-31 16:57:35: Real Path: C:\Windows\system32\fdPHost.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\fdPHost.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\fdPHost.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\fdPHost.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: fdPHost.dll 2012-05-31 16:57:35: Original File Name: fdPHost.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: FDResPub 2012-05-31 16:57:35: Real Path: C:\Windows\system32\fdrespub.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\fdrespub.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\fdrespub.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\fdrespub.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: fdrespub.dll 2012-05-31 16:57:35: Original File Name: FDResPub.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: !!!!!!! 2012-05-31 16:57:35: Found Service: FontCache 2012-05-31 16:57:35: Real Path: C:\Windows\system32\FntCache.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\FntCache.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\FntCache.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\FntCache.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: FntCache.dll 2012-05-31 16:57:35: Original File Name: FontCacheService 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: !!!!!!!!! 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: gpsvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\gpsvc.dll 2012-05-31 16:57:35: Display Name: @gpapi.dll,-112 2012-05-31 16:57:35: Description: @gpapi.dll,-113 2012-05-31 16:57:35: ServiceDLL: System32\gpsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: gpsvc.dll 2012-05-31 16:57:35: Original File Name: gpsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: hidserv 2012-05-31 16:57:35: Real Path: C:\Windows\System32\hidserv.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\hidserv.dll,-101 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\hidserv.dll,-102 2012-05-31 16:57:35: ServiceDLL: System32\hidserv.dll 2012-05-31 16:57:35: File size: 49152 2012-05-31 16:57:35: DLL File name: hidserv.dll 2012-05-31 16:57:35: Original File Name: HIDSERV.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211524 20090713195109 20090713195109 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: hkmsvc 2012-05-31 16:57:35: Real Path: C:\Windows\system32\kmsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\kmsvc.dll,-7 2012-05-31 16:57:35: ServiceDLL: system32\kmsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: kmsvc.dll 2012-05-31 16:57:35: Original File Name: KmSvc.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: HomeGroupListener 2012-05-31 16:57:35: Real Path: C:\Windows\system32\ListSvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\ListSvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\ListSvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: ListSvc.dll 2012-05-31 16:57:35: Original File Name: ListSvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: HomeGroupProvider 2012-05-31 16:57:35: Real Path: C:\Windows\system32\provsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\provsvc.dll,-100 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\provsvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\provsvc.dll 2012-05-31 16:57:35: File size: 165376 2012-05-31 16:57:35: DLL File name: provsvc.dll 2012-05-31 16:57:35: Original File Name: provsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211612 20090713193941 20090713193941 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: IKEEXT 2012-05-31 16:57:35: Real Path: C:\Windows\System32\ikeext.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\ikeext.dll,-501 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\ikeext.dll,-502 2012-05-31 16:57:35: ServiceDLL: System32\ikeext.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: ikeext.dll 2012-05-31 16:57:35: Original File Name: IKEEXT.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: IPBusEnum 2012-05-31 16:57:35: Real Path: C:\Windows\system32\ipbusenum.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102 2012-05-31 16:57:35: Description: @%systemroot%\system32\IPBusEnum.dll,-103 2012-05-31 16:57:35: ServiceDLL: system32\ipbusenum.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: ipbusenum.dll 2012-05-31 16:57:35: Original File Name: IPBusEnum.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: iphlpsvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\iphlpsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501 2012-05-31 16:57:35: ServiceDLL: System32\iphlpsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: iphlpsvc.dll 2012-05-31 16:57:35: Original File Name: iphlpsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: KtmRm 2012-05-31 16:57:35: Real Path: C:\Windows\system32\msdtckrm.dll 2012-05-31 16:57:35: Display Name: @comres.dll,-2946 2012-05-31 16:57:35: Description: @comres.dll,-2947 2012-05-31 16:57:35: ServiceDLL: system32\msdtckrm.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: msdtckrm.dll 2012-05-31 16:57:35: Original File Name: MSDTCKRM.DLL 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: LanmanServer 2012-05-31 16:57:35: Real Path: C:\Windows\System32\srvsvc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\srvsvc.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\srvsvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\srvsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: srvsvc.dll 2012-05-31 16:57:35: Original File Name: SRVSVC.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: LanmanWorkstation 2012-05-31 16:57:35: Real Path: C:\Windows\System32\wkssvc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\wkssvc.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\wkssvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\wkssvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: wkssvc.dll 2012-05-31 16:57:35: Original File Name: WKSSVC.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: lltdsvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\lltdsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\lltdres.dll,-1 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\lltdres.dll,-2 2012-05-31 16:57:35: ServiceDLL: System32\lltdsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: lltdsvc.dll 2012-05-31 16:57:35: Original File Name: LLTDSVC.DLL 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: lmhosts 2012-05-31 16:57:35: Real Path: C:\Windows\System32\lmhsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\lmhsvc.dll,-102 2012-05-31 16:57:35: ServiceDLL: System32\lmhsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: lmhsvc.dll 2012-05-31 16:57:35: Original File Name: lmhsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: Mcx2Svc 2012-05-31 16:57:35: Real Path: C:\Windows\system32\Mcx2Svc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501 2012-05-31 16:57:35: Description: @%SystemRoot%\ehome\ehres.dll,-15502 2012-05-31 16:57:35: ServiceDLL: system32\Mcx2Svc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: Mcx2Svc.dll 2012-05-31 16:57:35: Original File Name: Mcx2Svc.dll 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: MMCSS 2012-05-31 16:57:36: Real Path: C:\Windows\system32\mmcss.dll 2012-05-31 16:57:36: Display Name: @%systemroot%\system32\mmcss.dll,-100 2012-05-31 16:57:36: Description: @%systemroot%\system32\mmcss.dll,-101 2012-05-31 16:57:36: ServiceDLL: system32\mmcss.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: mmcss.dll 2012-05-31 16:57:36: Original File Name: mmcss.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: MSiSCSI 2012-05-31 16:57:36: Real Path: C:\Windows\system32\iscsiexe.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001 2012-05-31 16:57:36: ServiceDLL: system32\iscsiexe.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: iscsiexe.dll 2012-05-31 16:57:36: Original File Name: iscsiexe.exe.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: napagent 2012-05-31 16:57:36: Real Path: C:\Windows\system32\qagentRT.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\qagentrt.dll,-7 2012-05-31 16:57:36: ServiceDLL: system32\qagentRT.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: qagentRT.dll 2012-05-31 16:57:36: Original File Name: QAgentRT.DLL.MUI 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: Netman 2012-05-31 16:57:36: Real Path: C:\Windows\System32\netman.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\netman.dll,-109 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\netman.dll,-110 2012-05-31 16:57:36: ServiceDLL: System32\netman.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: netman.dll 2012-05-31 16:57:36: Original File Name: netman.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: netprofm 2012-05-31 16:57:36: Real Path: C:\Windows\System32\netprofm.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\netprofm.dll,-202 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\netprofm.dll,-203 2012-05-31 16:57:36: ServiceDLL: System32\netprofm.dll 2012-05-31 16:57:36: File size: 360448 2012-05-31 16:57:36: DLL File name: netprofm.dll 2012-05-31 16:57:36: Original File Name: netprofm.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 20090713211603 20090713195658 20090713195658 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: NlaSvc 2012-05-31 16:57:36: Real Path: C:\Windows\System32\nlasvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1 2012-05-31 16:57:36: Description: @%SystemRoot%\System32\nlasvc.dll,-2 2012-05-31 16:57:36: ServiceDLL: System32\nlasvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: nlasvc.dll 2012-05-31 16:57:36: Original File Name: nlasvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: nsi 2012-05-31 16:57:36: Real Path: C:\Windows\system32\nsisvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\nsisvc.dll,-201 2012-05-31 16:57:36: ServiceDLL: system32\nsisvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: nsisvc.dll 2012-05-31 16:57:36: Original File Name: nsisvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: p2pimsvc 2012-05-31 16:57:36: Real Path: C:\Windows\system32\pnrpsvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005 2012-05-31 16:57:36: ServiceDLL: system32\pnrpsvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: pnrpsvc.dll 2012-05-31 16:57:36: Original File Name: pnrpsvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: p2psvc 2012-05-31 16:57:36: Real Path: C:\Windows\system32\p2psvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\p2psvc.dll,-8007 2012-05-31 16:57:36: ServiceDLL: system32\p2psvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: p2psvc.dll 2012-05-31 16:57:36: Original File Name: p2psvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: !!!!!!! 2012-05-31 16:57:36: Found Service: PcaSvc 2012-05-31 16:57:36: Real Path: C:\Windows\System32\pcasvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\pcasvc.dll,-2 2012-05-31 16:57:36: ServiceDLL: System32\pcasvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: pcasvc.dll 2012-05-31 16:57:36: Original File Name: 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: !!!!!!!!! 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: PeerDistSvc 2012-05-31 16:57:36: Real Path: C:\Windows\system32\peerdistsvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\peerdistsvc.dll,-9000 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001 2012-05-31 16:57:36: ServiceDLL: system32\peerdistsvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: peerdistsvc.dll 2012-05-31 16:57:36: Original File Name: PeerDistSvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: pla 2012-05-31 16:57:36: Real Path: C:\Windows\system32\pla.dll 2012-05-31 16:57:36: Display Name: @%systemroot%\system32\pla.dll,-500 2012-05-31 16:57:36: Description: @%systemroot%\system32\pla.dll,-501 2012-05-31 16:57:36: ServiceDLL: system32\pla.dll 2012-05-31 16:57:36: File size: 1508864 2012-05-31 16:57:36: DLL File name: pla.dll 2012-05-31 16:57:36: Original File Name: PLA.DLL.MUI 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 20090713211612 20090713192013 20090713192013 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: PlugPlay 2012-05-31 16:57:36: Real Path: C:\Windows\system32\umpnpmgr.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101 2012-05-31 16:57:36: ServiceDLL: system32\umpnpmgr.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: umpnpmgr.dll 2012-05-31 16:57:36: Original File Name: Umpnpmgr.DLL.MUI 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: PNRPAutoReg 2012-05-31 16:57:36: Real Path: C:\Windows\system32\pnrpauto.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003 2012-05-31 16:57:36: ServiceDLL: system32\pnrpauto.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: pnrpauto.dll 2012-05-31 16:57:36: Original File Name: pnrpauto.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: PNRPsvc 2012-05-31 16:57:36: Real Path: C:\Windows\system32\pnrpsvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001 2012-05-31 16:57:36: ServiceDLL: system32\pnrpsvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: pnrpsvc.dll 2012-05-31 16:57:36: Original File Name: pnrpsvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: PolicyAgent 2012-05-31 16:57:36: Real Path: C:\Windows\System32\ipsecsvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\System32\polstore.dll,-5010 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\polstore.dll,-5011 2012-05-31 16:57:36: ServiceDLL: System32\ipsecsvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: ipsecsvc.dll 2012-05-31 16:57:36: Original File Name: ipsecsvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: Power 2012-05-31 16:57:36: Real Path: C:\Windows\system32\umpo.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\umpo.dll,-100 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\umpo.dll,-101 2012-05-31 16:57:36: ServiceDLL: system32\umpo.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: umpo.dll 2012-05-31 16:57:36: Original File Name: Umpo.DLL.MUI 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: ProfSvc 2012-05-31 16:57:36: Real Path: C:\Windows\system32\profsvc.dll 2012-05-31 16:57:36: Display Name: @%systemroot%\system32\profsvc.dll,-300 2012-05-31 16:57:36: Description: @%systemroot%\system32\profsvc.dll,-301 2012-05-31 16:57:36: ServiceDLL: system32\profsvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: profsvc.dll 2012-05-31 16:57:36: Original File Name: ProfSvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: QWAVE 2012-05-31 16:57:36: Real Path: C:\Windows\system32\qwave.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\qwave.dll,-1 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\qwave.dll,-2 2012-05-31 16:57:36: ServiceDLL: system32\qwave.dll 2012-05-31 16:57:36: File size: 210944 2012-05-31 16:57:36: DLL File name: qwave.dll 2012-05-31 16:57:36: Original File Name: qwave.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 20090713211612 20090713195415 20090713195415 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: RasAuto 2012-05-31 16:57:36: Real Path: C:\Windows\System32\rasauto.dll 2012-05-31 16:57:36: Display Name: @%Systemroot%\system32\rasauto.dll,-200 2012-05-31 16:57:36: Description: @%Systemroot%\system32\rasauto.dll,-201 2012-05-31 16:57:36: ServiceDLL: System32\rasauto.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: rasauto.dll 2012-05-31 16:57:36: Original File Name: rasauto.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: RasMan 2012-05-31 16:57:37: Real Path: C:\Windows\System32\rasmans.dll 2012-05-31 16:57:37: Display Name: @%Systemroot%\system32\rasmans.dll,-200 2012-05-31 16:57:37: Description: @%Systemroot%\system32\rasmans.dll,-201 2012-05-31 16:57:37: ServiceDLL: System32\rasmans.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: rasmans.dll 2012-05-31 16:57:37: Original File Name: Rasmans.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: RemoteAccess 2012-05-31 16:57:37: Real Path: C:\Windows\System32\mprdim.dll 2012-05-31 16:57:37: Display Name: @%Systemroot%\system32\mprdim.dll,-200 2012-05-31 16:57:37: Description: @%Systemroot%\system32\mprdim.dll,-201 2012-05-31 16:57:37: ServiceDLL: System32\mprdim.dll 2012-05-31 16:57:37: File size: 75264 2012-05-31 16:57:37: DLL File name: mprdim.dll 2012-05-31 16:57:37: Original File Name: MPRDIM.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 20090713211541 20090713195426 20090713195426 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: RemoteRegistry 2012-05-31 16:57:37: Real Path: C:\Windows\system32\regsvc.dll 2012-05-31 16:57:37: Display Name: @regsvc.dll,-1 2012-05-31 16:57:37: Description: @regsvc.dll,-2 2012-05-31 16:57:37: ServiceDLL: system32\regsvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: regsvc.dll 2012-05-31 16:57:37: Original File Name: REGSVC.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: RpcEptMapper 2012-05-31 16:57:37: Real Path: C:\Windows\System32\RpcEpMap.dll 2012-05-31 16:57:37: Display Name: @%windir%\system32\RpcEpMap.dll,-1001 2012-05-31 16:57:37: Description: @%windir%\system32\RpcEpMap.dll,-1002 2012-05-31 16:57:37: ServiceDLL: System32\RpcEpMap.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: RpcEpMap.dll 2012-05-31 16:57:37: Original File Name: RpcEpMap.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: RpcSs 2012-05-31 16:57:37: Real Path: C:\Windows\System32\rpcss.dll 2012-05-31 16:57:37: Display Name: @oleres.dll,-5010 2012-05-31 16:57:37: Description: @oleres.dll,-5011 2012-05-31 16:57:37: ServiceDLL: System32\rpcss.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: rpcss.dll 2012-05-31 16:57:37: Original File Name: rpcss.dll 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SCardSvr 2012-05-31 16:57:37: Real Path: C:\Windows\System32\SCardSvr.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\SCardSvr.dll,-5 2012-05-31 16:57:37: ServiceDLL: System32\SCardSvr.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: SCardSvr.dll 2012-05-31 16:57:37: Original File Name: SCardSvr.exe.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: Schedule 2012-05-31 16:57:37: Real Path: C:\Windows\system32\schedsvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\schedsvc.dll,-101 2012-05-31 16:57:37: ServiceDLL: system32\schedsvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: schedsvc.dll 2012-05-31 16:57:37: Original File Name: schedsvc.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SCPolicySvc 2012-05-31 16:57:37: Real Path: C:\Windows\System32\certprop.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\certprop.dll,-13 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\certprop.dll,-14 2012-05-31 16:57:37: ServiceDLL: System32\certprop.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: certprop.dll 2012-05-31 16:57:37: Original File Name: certprop.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SDRSVC 2012-05-31 16:57:37: Real Path: C:\Windows\System32\SDRSVC.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\sdrsvc.dll,-102 2012-05-31 16:57:37: ServiceDLL: System32\SDRSVC.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: SDRSVC.dll 2012-05-31 16:57:37: Original File Name: SDRSVC.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: seclogon 2012-05-31 16:57:37: Real Path: C:\Windows\system32\seclogon.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\seclogon.dll,-7000 2012-05-31 16:57:37: ServiceDLL: system32\seclogon.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: seclogon.dll 2012-05-31 16:57:37: Original File Name: SECLOGON.EXE.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SENS 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sens.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\Sens.dll,-200 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\Sens.dll,-201 2012-05-31 16:57:37: ServiceDLL: system32\sens.dll 2012-05-31 16:57:37: File size: 49664 2012-05-31 16:57:37: DLL File name: sens.dll 2012-05-31 16:57:37: Original File Name: sens.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 20090713211613 20090713192158 20090713192158 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SensrSvc 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sensrsvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001 2012-05-31 16:57:37: ServiceDLL: system32\sensrsvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: sensrsvc.dll 2012-05-31 16:57:37: Original File Name: sensrsvc.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SessionEnv 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sessenv.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\SessEnv.dll,-1027 2012-05-31 16:57:37: ServiceDLL: system32\sessenv.dll 2012-05-31 16:57:37: File size: 99328 2012-05-31 16:57:37: DLL File name: sessenv.dll 2012-05-31 16:57:37: Original File Name: SessEnv.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 20090713211613 20090713200228 20090713200228 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: ShellHWDetection 2012-05-31 16:57:37: Real Path: C:\Windows\System32\shsvcs.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\shsvcs.dll,-12289 2012-05-31 16:57:37: ServiceDLL: System32\shsvcs.dll 2012-05-31 16:57:37: File size: 328192 2012-05-31 16:57:37: DLL File name: shsvcs.dll 2012-05-31 16:57:37: Original File Name: SHSVCS.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 20090713211614 20090713193928 20090713193928 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: sppuinotify 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sppuinotify.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\sppuinotify.dll,-102 2012-05-31 16:57:37: ServiceDLL: system32\sppuinotify.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: sppuinotify.dll 2012-05-31 16:57:37: Original File Name: sppuinotify.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SSDPSRV 2012-05-31 16:57:37: Real Path: C:\Windows\System32\ssdpsrv.dll 2012-05-31 16:57:37: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100 2012-05-31 16:57:37: Description: @%systemroot%\system32\ssdpsrv.dll,-101 2012-05-31 16:57:37: ServiceDLL: System32\ssdpsrv.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: ssdpsrv.dll 2012-05-31 16:57:37: Original File Name: ssdpsrv.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SstpSvc 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sstpsvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\sstpsvc.dll,-201 2012-05-31 16:57:37: ServiceDLL: system32\sstpsvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: sstpsvc.dll 2012-05-31 16:57:37: Original File Name: sstpsvc.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: stisvc 2012-05-31 16:57:37: Real Path: C:\Windows\System32\wiaservc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\wiaservc.dll,-10 2012-05-31 16:57:37: ServiceDLL: System32\wiaservc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: wiaservc.dll 2012-05-31 16:57:37: Original File Name: WIASERVC.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: StorSvc 2012-05-31 16:57:37: Real Path: C:\Windows\system32\storsvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\StorSvc.dll,-100 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\StorSvc.dll,-101 2012-05-31 16:57:37: ServiceDLL: system32\storsvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: storsvc.dll 2012-05-31 16:57:37: Original File Name: StorSvc.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: swprv 2012-05-31 16:57:37: Real Path: C:\Windows\System32\swprv.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\swprv.dll,-103 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\swprv.dll,-102 2012-05-31 16:57:37: ServiceDLL: System32\swprv.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: swprv.dll 2012-05-31 16:57:37: Original File Name: SWPRV.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SysMain 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sysmain.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\sysmain.dll,-1001 2012-05-31 16:57:37: ServiceDLL: system32\sysmain.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: sysmain.dll 2012-05-31 16:57:37: Original File Name: sysmain.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: TabletInputService 2012-05-31 16:57:37: Real Path: C:\Windows\System32\TabSvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\TabSvc.dll,-101 2012-05-31 16:57:37: ServiceDLL: System32\TabSvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: TabSvc.dll 2012-05-31 16:57:37: Original File Name: TabSvc.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: TapiSrv 2012-05-31 16:57:37: Real Path: C:\Windows\System32\tapisrv.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\tapisrv.dll,-10101 2012-05-31 16:57:37: ServiceDLL: System32\tapisrv.dll 2012-05-31 16:57:37: File size: 241664 2012-05-31 16:57:37: DLL File name: tapisrv.dll 2012-05-31 16:57:37: Original File Name: TAPISRV.EXE.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 20090713211615 20090713201955 20090713201955 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: TBS 2012-05-31 16:57:37: Real Path: C:\Windows\System32\tbssvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\tbssvc.dll,-101 2012-05-31 16:57:37: ServiceDLL: System32\tbssvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: tbssvc.dll 2012-05-31 16:57:37: Original File Name: TBSSVC.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: TermService 2012-05-31 16:57:37: Real Path: C:\Windows\System32\termsrv.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\termsrv.dll,-268 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\termsrv.dll,-267 2012-05-31 16:57:37: ServiceDLL: System32\termsrv.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: termsrv.dll 2012-05-31 16:57:37: Original File Name: termsrv.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: Themes 2012-05-31 16:57:38: Real Path: C:\Windows\system32\themeservice.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192 2012-05-31 16:57:38: Description: @%SystemRoot%\System32\themeservice.dll,-8193 2012-05-31 16:57:38: ServiceDLL: system32\themeservice.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: themeservice.dll 2012-05-31 16:57:38: Original File Name: THEMESERVICE.DLL.MUI 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: THREADORDER 2012-05-31 16:57:38: Real Path: C:\Windows\system32\mmcss.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\mmcss.dll,-102 2012-05-31 16:57:38: Description: @%systemroot%\system32\mmcss.dll,-103 2012-05-31 16:57:38: ServiceDLL: system32\mmcss.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: mmcss.dll 2012-05-31 16:57:38: Original File Name: mmcss.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: TrkWks 2012-05-31 16:57:38: Real Path: C:\Windows\System32\trkwks.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\trkwks.dll,-1 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\trkwks.dll,-2 2012-05-31 16:57:38: ServiceDLL: System32\trkwks.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: trkwks.dll 2012-05-31 16:57:38: Original File Name: trkwks.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: UmRdpService 2012-05-31 16:57:38: Real Path: C:\Windows\System32\umrdp.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\umrdp.dll,-1000 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\umrdp.dll,-1001 2012-05-31 16:57:38: ServiceDLL: System32\umrdp.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: umrdp.dll 2012-05-31 16:57:38: Original File Name: umrdp.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: !!!!!!! 2012-05-31 16:57:38: Found Service: upnphost 2012-05-31 16:57:38: Real Path: C:\Windows\System32\upnphost.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\upnphost.dll,-213 2012-05-31 16:57:38: Description: @%systemroot%\system32\upnphost.dll,-214 2012-05-31 16:57:38: ServiceDLL: System32\upnphost.dll 2012-05-31 16:57:38: File size: 266752 2012-05-31 16:57:38: DLL File name: upnphost.dll 2012-05-31 16:57:38: Original File Name: unpnhost.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20090713211617 20090713195541 20090713195541 2012-05-31 16:57:38: !!!!!!!!! 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: UxSms 2012-05-31 16:57:38: Real Path: C:\Windows\System32\uxsms.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\dwm.exe,-2000 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\dwm.exe,-2001 2012-05-31 16:57:38: ServiceDLL: System32\uxsms.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: uxsms.dll 2012-05-31 16:57:38: Original File Name: UxSms.dll 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: W32Time 2012-05-31 16:57:38: Real Path: C:\Windows\system32\w32time.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\w32time.dll,-200 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\w32time.dll,-201 2012-05-31 16:57:38: ServiceDLL: system32\w32time.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: w32time.dll 2012-05-31 16:57:38: Original File Name: w32time.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: WbioSrvc 2012-05-31 16:57:38: Real Path: C:\Windows\System32\wbiosrvc.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100 2012-05-31 16:57:38: Description: @%systemroot%\system32\wbiosrvc.dll,-101 2012-05-31 16:57:38: ServiceDLL: System32\wbiosrvc.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: wbiosrvc.dll 2012-05-31 16:57:38: Original File Name: wbiosrvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: wcncsvc 2012-05-31 16:57:38: Real Path: C:\Windows\System32\wcncsvc.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\wcncsvc.dll,-4 2012-05-31 16:57:38: ServiceDLL: System32\wcncsvc.dll 2012-05-31 16:57:38: File size: 276992 2012-05-31 16:57:38: DLL File name: wcncsvc.dll 2012-05-31 16:57:38: Original File Name: WCNCSVC.DLL.MUI 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20100914020714 20110224040037 20110224040037 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: WcsPlugInService 2012-05-31 16:57:38: Real Path: C:\Windows\System32\WcsPlugInService.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201 2012-05-31 16:57:38: ServiceDLL: System32\WcsPlugInService.dll 2012-05-31 16:57:38: File size: 32768 2012-05-31 16:57:38: DLL File name: WcsPlugInService.dll 2012-05-31 16:57:38: Original File Name: WcsPlugInService.DLL.MUI 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20090713211618 20090713192513 20090713192513 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: WdiServiceHost 2012-05-31 16:57:38: Real Path: C:\Windows\system32\wdi.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\wdi.dll,-502 2012-05-31 16:57:38: Description: @%systemroot%\system32\wdi.dll,-503 2012-05-31 16:57:38: ServiceDLL: system32\wdi.dll 2012-05-31 16:57:38: File size: 76288 2012-05-31 16:57:38: DLL File name: wdi.dll 2012-05-31 16:57:38: Original File Name: wdi.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: WdiSystemHost 2012-05-31 16:57:38: Real Path: C:\Windows\system32\wdi.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\wdi.dll,-500 2012-05-31 16:57:38: Description: @%systemroot%\system32\wdi.dll,-501 2012-05-31 16:57:38: ServiceDLL: system32\wdi.dll 2012-05-31 16:57:38: File size: 76288 2012-05-31 16:57:38: DLL File name: wdi.dll 2012-05-31 16:57:38: Original File Name: wdi.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947 2012-05-31 16:57:38: !!!!!!! 2012-05-31 16:57:38: Found Service: WebClient 2012-05-31 16:57:38: Real Path: C:\Windows\System32\webclnt.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\webclnt.dll,-100 2012-05-31 16:57:38: Description: @%systemroot%\system32\webclnt.dll,-101 2012-05-31 16:57:38: ServiceDLL: System32\webclnt.dll 2012-05-31 16:57:38: File size: 204800 2012-05-31 16:57:38: DLL File name: webclnt.dll 2012-05-31 16:57:38: Original File Name: davsvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20101221013821 20110209165848 20110209165848 2012-05-31 16:57:38: !!!!!!!!! 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: Wecsvc 2012-05-31 16:57:38: Real Path: C:\Windows\system32\wecsvc.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\wecsvc.dll,-201 2012-05-31 16:57:38: ServiceDLL: system32\wecsvc.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: wecsvc.dll 2012-05-31 16:57:38: Original File Name: wecsvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: !!!!!!! 2012-05-31 16:57:38: Found Service: wercplsupport 2012-05-31 16:57:38: Real Path: C:\Windows\System32\wercplsupport.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101 2012-05-31 16:57:38: Description: @%SystemRoot%\System32\wercplsupport.dll,-100 2012-05-31 16:57:38: ServiceDLL: System32\wercplsupport.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: wercplsupport.dll 2012-05-31 16:57:38: Original File Name: ERC 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: !!!!!!!!! 2012-05-31 16:57:38: !!!!!!! 2012-05-31 16:57:38: Found Service: WerSvc 2012-05-31 16:57:38: Real Path: C:\Windows\System32\WerSvc.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\System32\wersvc.dll,-100 2012-05-31 16:57:38: Description: @%SystemRoot%\System32\wersvc.dll,-101 2012-05-31 16:57:38: ServiceDLL: System32\WerSvc.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: WerSvc.dll 2012-05-31 16:57:38: Original File Name: wersvc 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: !!!!!!!!! 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: Winmgmt 2012-05-31 16:57:38: Real Path: C:\Windows\system32\wbem\WMIsvc.dll 2012-05-31 16:57:38: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205 2012-05-31 16:57:38: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204 2012-05-31 16:57:38: ServiceDLL: system32\wbem\WMIsvc.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: WMIsvc.dll 2012-05-31 16:57:38: Original File Name: wmisvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: WinRM 2012-05-31 16:57:38: Real Path: C:\Windows\system32\WsmSvc.dll 2012-05-31 16:57:38: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101 2012-05-31 16:57:38: Description: @%Systemroot%\system32\wsmsvc.dll,-102 2012-05-31 16:57:38: ServiceDLL: system32\WsmSvc.dll 2012-05-31 16:57:38: File size: 1175040 2012-05-31 16:57:38: DLL File name: WsmSvc.dll 2012-05-31 16:57:38: Original File Name: WsmSvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20090713211620 20090713193143 20090713193143 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: Wlansvc 2012-05-31 16:57:38: Real Path: C:\Windows\System32\wlansvc.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257 2012-05-31 16:57:38: Description: @%SystemRoot%\System32\wlansvc.dll,-258 2012-05-31 16:57:38: ServiceDLL: System32\wlansvc.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: wlansvc.dll 2012-05-31 16:57:38: Original File Name: wlansvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: WPCSvc 2012-05-31 16:57:39: Real Path: C:\Windows\System32\wpcsvc.dll 2012-05-31 16:57:39: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100 2012-05-31 16:57:39: Description: @%SystemRoot%\system32\wpcsvc.dll,-101 2012-05-31 16:57:39: ServiceDLL: System32\wpcsvc.dll 2012-05-31 16:57:39: File size: 10752 2012-05-31 16:57:39: DLL File name: wpcsvc.dll 2012-05-31 16:57:39: Original File Name: wpcsvc.exe.mui 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 20090713211620 20090713194010 20090713194010 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: WPDBusEnum 2012-05-31 16:57:39: Real Path: C:\Windows\system32\wpdbusenum.dll 2012-05-31 16:57:39: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100 2012-05-31 16:57:39: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101 2012-05-31 16:57:39: ServiceDLL: system32\wpdbusenum.dll 2012-05-31 16:57:39: File size: 0 2012-05-31 16:57:39: DLL File name: wpdbusenum.dll 2012-05-31 16:57:39: Original File Name: WpdBusEnum.DLL.MUI 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: wscsvc 2012-05-31 16:57:39: Real Path: C:\Windows\system32\wscsvc.dll 2012-05-31 16:57:39: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200 2012-05-31 16:57:39: Description: @%SystemRoot%\System32\wscsvc.dll,-201 2012-05-31 16:57:39: ServiceDLL: system32\wscsvc.dll 2012-05-31 16:57:39: File size: 0 2012-05-31 16:57:39: DLL File name: wscsvc.dll 2012-05-31 16:57:39: Original File Name: wscsvc.dll.mui 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: wuauserv 2012-05-31 16:57:39: Real Path: C:\Windows\system32\wuaueng.dll 2012-05-31 16:57:39: Display Name: @%systemroot%\system32\wuaueng.dll,-105 2012-05-31 16:57:39: Description: @%systemroot%\system32\wuaueng.dll,-106 2012-05-31 16:57:39: ServiceDLL: system32\wuaueng.dll 2012-05-31 16:57:39: File size: 0 2012-05-31 16:57:39: DLL File name: wuaueng.dll 2012-05-31 16:57:39: Original File Name: wuaueng.dll.mui 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: wudfsvc 2012-05-31 16:57:39: Real Path: C:\Windows\System32\WUDFSvc.dll 2012-05-31 16:57:39: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000 2012-05-31 16:57:39: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001 2012-05-31 16:57:39: ServiceDLL: System32\WUDFSvc.dll 2012-05-31 16:57:39: File size: 0 2012-05-31 16:57:39: DLL File name: WUDFSvc.dll 2012-05-31 16:57:39: Original File Name: WUDFSvc.dll.mui 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: WwanSvc 2012-05-31 16:57:39: Real Path: C:\Windows\System32\wwansvc.dll 2012-05-31 16:57:39: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257 2012-05-31 16:57:39: Description: @%SystemRoot%\System32\wwansvc.dll,-258 2012-05-31 16:57:39: ServiceDLL: System32\wwansvc.dll 2012-05-31 16:57:39: File size: 0 2012-05-31 16:57:39: DLL File name: wwansvc.dll 2012-05-31 16:57:39: Original File Name: WwanSvc.dll.mui 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 2012-05-31 16:57:39: 2012-05-31 16:57:39: Looking for SHELL key 2012-05-31 16:57:39: Now looking for bad DLL files in system32 2012-05-31 16:58:15: Folder: GAC 2012-05-31 16:58:15: Folder: GAC_32 2012-05-31 16:58:15: ... Fixing permissions on C:\Windows\assembly\GAC_32\desktop.ini 2012-05-31 16:58:15: Folder: GAC_64 2012-05-31 16:58:15: ... Fixing permissions on C:\Windows\assembly\GAC_64\desktop.ini 2012-05-31 16:58:15: Folder: GAC_MSIL 2012-05-31 16:58:15: Folder: NativeImages_v2.0.50727_32 2012-05-31 16:58:15: Folder: NativeImages_v2.0.50727_64 2012-05-31 16:58:15: Folder: NativeImages_v4.0.30319_32 2012-05-31 16:58:15: Folder: NativeImages_v4.0.30319_64 2012-05-31 16:58:15: Folder: temp 2012-05-31 16:58:15: Folder: tmp 2012-05-31 16:58:16: Checking for bad folder 2012-05-31 16:58:16: Found 1 folders. 2012-05-31 16:58:16: Checking C:\Windows\assembly\tmp 2012-05-31 16:58:16: ... Folder test returns: 1 2012-05-31 16:58:16: Done with folder list in C:\Windows\assembly\ tmp 2012-05-31 16:58:16: Requesting bad file: C:\Windows\assembly\GAC_32\desktop.ini 2012-05-31 16:58:16: Requesting bad file: C:\Windows\assembly\GAC_64\desktop.ini 2012-05-31 16:58:16: Running Extractor 2012-05-31 16:58:17: Uploading file 2012-05-31 16:58:18: Error: The download of the specified resource has failed. 2012-05-31 16:58:18: Error: 2012-05-31 16:58:18: Locking file: C:\Windows\assembly\GAC_32\desktop.ini 2012-05-31 16:58:18: Locking file: C:\Windows\assembly\GAC_64\desktop.ini 2012-05-31 16:58:18: Autonomous mode, clearing out yt folder 2012-05-31 16:58:18: cmd.exe /c start "C:\Users\grevolorio\Desktop\yorkyt.exe" 2012-05-31 16:58:30: Restarting... 2012-05-31 17:04:13: **************************************************** 2012-05-31 17:04:14: Starting UP ... v 0.0.0.220 2012-05-31 17:04:14: **************************************************** 2012-05-31 17:04:19: Stop TPSRV returns: 2 2012-05-31 17:04:34: Listing processes... 2012-05-31 17:04:34: :[system Process]:0 2012-05-31 17:04:34: :System:4 2012-05-31 17:04:34: :smss.exe:352 2012-05-31 17:04:34: :csrss.exe:628 2012-05-31 17:04:34: :csrss.exe:724 2012-05-31 17:04:34: :wininit.exe:732 2012-05-31 17:04:34: :services.exe:784 2012-05-31 17:04:34: :winlogon.exe:816 2012-05-31 17:04:34: :lsass.exe:844 2012-05-31 17:04:34: :lsm.exe:856 2012-05-31 17:04:34: :svchost.exe:988 2012-05-31 17:04:34: :svchost.exe:392 2012-05-31 17:04:34: :svchost.exe:964 2012-05-31 17:04:34: :svchost.exe:1036 2012-05-31 17:04:34: :svchost.exe:1064 2012-05-31 17:04:34: :audiodg.exe:1152 2012-05-31 17:04:34: :svchost.exe:1204 2012-05-31 17:04:34: :Pen_TouchService.exe:1280 2012-05-31 17:04:34: :Smc.exe:1408 2012-05-31 17:04:34: :wisptis.exe:1516 2012-05-31 17:04:34: :svchost.exe:1680 2012-05-31 17:04:34: :ccSvcHst.exe:1832 2012-05-31 17:04:34: :wisptis.exe:1964 2012-05-31 17:04:34: :Pen_TouchUser.exe:1972 2012-05-31 17:04:34: :TabTip.exe:2000 2012-05-31 17:04:34: :TabTip32.exe:1304 2012-05-31 17:04:34: :spoolsv.exe:2076 2012-05-31 17:04:34: :taskhost.exe:2104 2012-05-31 17:04:34: :SASCore64.exe:2396 2012-05-31 17:04:34: :armsvc.exe:2436 2012-05-31 17:04:34: :AppleMobileDeviceService.exe:2488 2012-05-31 17:04:34: :taskeng.exe:2496 2012-05-31 17:04:34: :GoogleUpdate.exe:2536 2012-05-31 17:04:34: :dwm.exe:2632 2012-05-31 17:04:34: :explorer.exe:2668 2012-05-31 17:04:34: :mDNSResponder.exe:2680 2012-05-31 17:04:34: :btwdins.exe:2732 2012-05-31 17:04:34: :cvpnd.exe:2852 2012-05-31 17:04:34: :svchost.exe:2924 2012-05-31 17:04:34: :LMIGuardianSvc.exe:2956 2012-05-31 17:04:34: :ramaint.exe:3044 2012-05-31 17:04:34: :LogMeIn.exe:1100 2012-05-31 17:04:34: :SmcGui.exe:2380 2012-05-31 17:04:34: :nlssrv32.exe:1524 2012-05-31 17:04:34: :MouseWithoutBorders.exe:1356 2012-05-31 17:04:34: :PsiService_2.exe:384 2012-05-31 17:04:34: :MouseWithoutBorders.exe:3040 2012-05-31 17:04:34: :SeagateDashboardService.exe:2608 2012-05-31 17:04:34: :LogMeInSystray.exe:3228 2012-05-31 17:04:34: :DDHelper.exe:3320 2012-05-31 17:04:34: :nvSCPAPISvr.exe:3528 2012-05-31 17:04:34: :svchost.exe:3556 2012-05-31 17:04:34: :Rtvscan.exe:3576 2012-05-31 17:04:34: :Pen_Tablet.exe:3660 2012-05-31 17:04:34: :Pen_TabletUser.exe:3744 2012-05-31 17:04:34: :TeamViewer_Service.exe:3784 2012-05-31 17:04:34: :ProtectionUtilSurrogate.exe:3796 2012-05-31 17:04:34: :Pen_Tablet.exe:3804 2012-05-31 17:04:34: :vmware-usbarbitrator.exe:3956 2012-05-31 17:04:34: :vmnat.exe:4008 2012-05-31 17:04:34: :WLIDSVC.EXE:2576 2012-05-31 17:04:34: :vmware-authd.exe:3312 2012-05-31 17:04:34: :WLIDSVCM.EXE:3380 2012-05-31 17:04:34: :TeamViewer.exe:3676 2012-05-31 17:04:34: :WmiPrvSE.exe:3996 2012-05-31 17:04:34: :vmnetdhcp.exe:4160 2012-05-31 17:04:34: :WmiPrvSE.exe:4360 2012-05-31 17:04:34: :TrustedInstaller.exe:4908 2012-05-31 17:04:34: :yorkyt.exe:5044 2012-05-31 17:04:34: :ipoint.exe:4296 2012-05-31 17:04:34: :robotaskbaricon.exe:4336 2012-05-31 17:04:34: :tv_w32.exe:4760 2012-05-31 17:04:34: :tv_x64.exe:2688 2012-05-31 17:04:34: :SUPERAntiSpyware.exe:4872 2012-05-31 17:04:34: :SearchIndexer.exe:2044 2012-05-31 17:04:34: :dllhost.exe:4900 2012-05-31 17:04:34: :acrotray.exe:4932 2012-05-31 17:04:34: :UnlockerAssistant.exe:2676 2012-05-31 17:04:34: :APSDaemon.exe:1856 2012-05-31 17:04:34: :vpngui.exe:5020 2012-05-31 17:04:34: :iTunesHelper.exe:4716 2012-05-31 17:04:34: :acrodist.exe:5100 2012-05-31 17:04:34: :wuauclt.exe:2408 2012-05-31 17:04:34: :Dropbox.exe:828 2012-05-31 17:04:34: :EvernoteClipper.exe:2904 2012-05-31 17:04:34: 2012-05-31 17:04:34: Starting cleanup mode... 2012-05-31 17:06:51: ... Done with files, now folders 2012-05-31 17:25:05: All DONE
  6. Overall slugishness. When I search the web, I get the results page but when I click on any link it takes me to an advertising page. Yesterday I followed a link on chrome and it open hundreds of tabs. Right now I'm using Browzar. I've been using another computer to communicate with you but I'm afraid to compromise it. I promise you once we remove this malware I will volunteer time to your cause, I hope you have a learning program so I can help.
  7. I know. This is crazy. No warnings, errors, anything. It finishes expanding and then nothing happens.
  8. Still no luck MrC. The second command triggered ComboFIx, it expanded but not run.
  9. Lol. I did that several times. I went in safe mode and deleted the folder that ComboFix creates in the C drive. Tried again, now I don't get the error anymore, it expands but still won't run.
  10. I follow the instruction at the link and try to run ComboFix from the Chameleon folder without luck, it expanded but just hung there, I waited for about 30 min but nothing happened. I looked for the file in the Installer folder and I found it. I renamed it and tried again. Now I get errors when is expanding, when I hit "ignore" it finishes but gives me the "Incompatible OS" message:
  11. Still no luck MrC. It did not run. I tried in Safe Mode with the command "%userprofile%\desktop\combofix.exe" /killall /nombr but it just expanded but would not run. Thanks again for all your help. Gus
  12. Sorry MrC, I had a few days of holiday. I really apologize. This is the FSS log: Farbar Service Scanner Version: 27-05-2012 Ran by GRevolorio (administrator) on 29-05-2012 at 08:42:25 Running from "C:\Users\grevolorio\Desktop" Microsoft Windows 7 Professional (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-02-16 17:04] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-10 14:32] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  13. MrC, I ran those other scans when I thought you had bailed on me. All I got is that I have a Win32/Sirefef.EZ trojan in memory. Here is the result of the command:
  14. Done. This is the log: Scan result of Farbar Recovery Scan Tool Version: 23-05-2012 Ran by SYSTEM at 23-05-2012 14:15:55 Running from H:\ Windows 7 Professional (X64) OS Language: English(US) The current controlset is ControlSet004 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2010-09-17] (LogMeIn, Inc.) HKLM\...\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-01-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" [17408 2010-07-04] () HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKU\administrator\...\Run: [Google Update] "C:\Users\grevolorio\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-01-17] (Google Inc.) HKU\administrator\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [15028104 2011-01-03] (Skype Technologies S.A.) HKU\administrator\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-21] (SUPERAntiSpyware.com) HKU\administrator\...\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [5735369 2011-04-11] () HKU\administrator\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [16184 2011-01-17] (Siber Systems) HKU\administrator\...\Run: [F.lux] "C:\Users\grevolorio\Local Settings\Apps\F.lux\flux.exe" /noshow [x] HKU\administrator\...\Run: [OpAgent] "C:\Program Files (x86)\ScanSoft\OmniPage15\OpAgent.exe" /agent [x] HKU\administrator\...\Policies\system: [HideLegacyLogonScripts] 1 HKU\administrator\...\Policies\system: [HideLogonScripts] 1 HKU\administrator\...\Policies\system: [HideLogoffScripts] 1 HKU\delete\...\Run: [Google Update] "C:\Users\grevolorio\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-01-17] (Google Inc.) HKU\delete\...\Policies\system: [HideLegacyLogonScripts] 1 HKU\delete\...\Policies\system: [HideLogonScripts] 1 HKU\delete\...\Policies\system: [HideLogoffScripts] 1 HKU\grevolorio\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [16184 2011-01-17] (Siber Systems) HKU\grevolorio\...\Run: [WinSnap] "C:\Program Files\WinSnap\WinSnap.exe" /startup [665608 2011-03-01] (NTWind Software) HKU\grevolorio\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-05-21] (SUPERAntiSpyware.com) HKU\grevolorio\...\Policies\system: [HideLogonScripts] 1 HKU\sharepointadmin\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 10.1.2.20 10.1.2.19 AppInit_DLLs: Tcpip\..\Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03}: [NameServer]208.67.222.222,208.67.220.220 ==================== Services (Whitelisted) ====== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com) 3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated) 2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2009-04-01] (Symantec Corporation) 2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2009-04-01] (Symantec Corporation) 4 CronService; "C:\Prey\platform\windows\cronsvc.exe" [19968 2011-02-15] (Fork Ltd.) 2 CVPND; "C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe" [1528616 2010-03-23] (Cisco Systems, Inc.) 3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2011-08-17] (Acresso Software Inc.) 3 GoogleDesktopManager-051210-111108; "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-08-23] (Google) 2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [107848 2012-05-22] (SurfRight B.V.) 3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2008-12-10] (Symantec Corporation) 2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-22] (LogMeIn, Inc.) 2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-22] (LogMeIn, Inc.) 2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2010-11-08] (LogMeIn, Inc.) 4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () 2 MouseWithoutBordersSvc; "C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe" [17920 2011-09-19] (Microsoft) 2 nlsX86cc; C:\Windows\SysWow64\nlssrv32.exe [64512 2011-01-21] (Nalpeiron Ltd.) 4 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools) 4 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools) 2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3092296 2009-04-01] (Symantec Corporation) 3 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [387400 2009-04-01] (Symantec Corporation) 2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [2440120 2009-04-01] (Symantec Corporation) 2 TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [6583160 2011-09-08] (Wacom Technology, Corp.) 2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2666880 2012-03-19] (TeamViewer GmbH) 2 TouchServicePen; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [528760 2011-09-08] (Wacom Technology, Corp.) 2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 C:\32788R22FWJFW\KNetSvcs.vbs [x] 2 PSI_SVC_2; "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [x] 3 ufad-ws60; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files (x86)\VMware\VMware Workstation\\" -s ufad-p2v.xml [x] 2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x] ========================== Drivers (Whitelisted) ============= 2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.) 3 applebmt; C:\Windows\System32\Drivers\applebmt.sys [51712 2009-10-15] (Apple Inc.) 3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA64.sys [14992 2010-02-08] (Cisco Systems, Inc.) 3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () 3 DNE; C:\Windows\System32\DRIVERS\dne64x.sys [157968 2008-11-16] (Deterministic Networks, Inc.) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-12-17] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [132656 2010-12-17] (Symantec Corporation) 3 glavcam; C:\Windows\System32\Drivers\glavcam.sys [80000 2010-09-23] (Windows ® Codename Longhorn DDK provider) 3 glavcam; C:\Windows\SysWow64\Drivers\glavcam.sys [80000 2010-09-24] (Windows ® Codename Longhorn DDK provider) 2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-09-17] (LogMeIn, Inc.) 3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2010-09-17] (LogMeIn, Inc.) 2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2010-09-17] (LogMeIn, Inc.) 3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [31744 2009-07-10] (Motorola) 3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110125.040\ENG64.SYS [117880 2010-12-17] (Symantec Corporation) 3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20110125.040\EX64.SYS [1791096 2010-12-17] (Symantec Corporation) 0 NBVol; C:\Windows\System32\Drivers\NBVol.sys [72240 2011-12-01] (Nero AG) 0 NBVolUp; C:\Windows\System32\Drivers\NBVolUp.sys [15920 2011-12-01] (Nero AG) 0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-11-25] (PC Tools) 0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools) 0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools) 3 Point64; C:\Windows\System32\Drivers\Point64.sys [45416 2011-08-01] (Microsoft Corporation) 3 qicflt; C:\Windows\System32\Drivers\qicflt.sys [29288 2010-07-01] (Quanta Computer) 3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [63696 2010-11-21] () 3 Revoflt; C:\Windows\System32\Drivers\Revoflt.sys [31800 2009-12-30] (VS Revo Group) 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] () 1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [441904 2009-04-01] (Symantec Corporation) 3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [480304 2009-04-01] (Symantec Corporation) 1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-04-01] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172080 2011-01-11] (Symantec Corporation) 2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] () 3 VPCNetS2; C:\Windows\System32\DRIVERS\VMNetSrv.sys [79760 2007-01-29] (Microsoft Corporation) 2 vstor2-ws60; \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.) 3 wacmoumonitor; C:\Windows\System32\Drivers\wacmoumonitor.sys [13312 2011-09-08] (Wacom Technology) 3 wacommousefilter; C:\Windows\System32\Drivers\wacommousefilter.sys [12848 2007-02-16] (Wacom Technology) 3 wacomvhid; C:\Windows\System32\Drivers\wacomvhid.sys [16168 2011-09-08] (Wacom Technology) 2 WGX; C:\Windows\System32\Drivers\WGX64.SYS [53968 2009-04-01] (Symantec Corporation) 4 LMIRfsClientNP; [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-05-23 07:00 - 2012-05-23 07:00 - 0000162 ___AH C:\Users\grevolorio\Documents\~$S Template.dotx 2012-05-23 06:13 - 2012-05-23 06:14 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster 2012-05-23 06:13 - 2012-05-23 06:13 - 0001079 ____A C:\Users\grevolorio\Desktop\SpywareBlaster.lnk 2012-05-23 06:11 - 2012-05-23 06:12 - 0000000 ____D C:\Users\grevolorio\Desktop\Download 2012-05-23 06:11 - 2012-05-23 06:11 - 0001181 ____A C:\Users\Public\Desktop\Anti-Malware Toolkit.lnk 2012-05-23 06:11 - 2012-05-23 06:11 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Lunarsoft 2012-05-23 06:11 - 2012-05-23 06:11 - 0000000 ____D C:\Program Files (x86)\Lunarsoft 2012-05-23 05:53 - 2012-05-23 05:53 - 0000000 ____D C:\Users\grevolorio\Desktop\backups 2012-05-23 05:44 - 2012-05-23 05:44 - 0388608 ____A (Trend Micro Inc.) C:\Users\grevolorio\Desktop\HijackThis.exe 2012-05-22 12:18 - 2012-05-22 12:18 - 0030281 ____A C:\Users\grevolorio\Desktop\logs.zip 2012-05-22 12:16 - 2012-05-22 12:16 - 0607260 ____R (Swearware) C:\Users\grevolorio\Desktop\dds.com 2012-05-22 11:06 - 2012-05-22 11:06 - 0000579 ____A C:\rkill.log 2012-05-22 10:51 - 2012-05-22 10:51 - 0138120 ____A (ESET) C:\Users\grevolorio\Desktop\ESETSirefefRemover.exe 2012-05-22 10:42 - 2012-05-23 05:10 - 0000000 ____D C:\sh4ldr 2012-05-22 10:42 - 2012-05-22 10:42 - 0000000 ____D C:\Program Files\Enigma Software Group 2012-05-22 10:41 - 2012-05-23 05:10 - 0000000 ____D C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP 2012-05-22 09:29 - 2012-05-22 09:28 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\Users\grevolorio\Desktop\SpyHunter-Installer.exe 2012-05-22 07:50 - 2012-05-22 07:50 - 0000000 ____D C:\Users\All Users\RegRun 2012-05-22 06:23 - 2012-05-22 06:24 - 0043394 ____A C:\TDSSKiller.2.7.36.0_22.05.2012_10.23.51_log.txt 2012-05-22 06:23 - 2012-05-22 06:23 - 0000348 ____A C:\TDSSKiller.2.7.35.0_22.05.2012_10.23.05_log.txt 2012-05-22 06:03 - 2012-05-22 12:48 - 0000000 ____D C:\Program Files\HitmanPro 2012-05-22 06:03 - 2012-05-22 06:04 - 0000000 ____D C:\Users\All Users\HitmanPro 2012-05-22 06:02 - 2012-05-22 06:02 - 8298672 ____A (SurfRight B.V.) C:\Users\grevolorio\Desktop\HitmanPro36_x64.exe 2012-05-22 05:55 - 2012-05-22 05:58 - 0000263 ____A C:\Users\grevolorio\Desktop\AntiZeroAccess_Log.txt 2012-05-22 05:52 - 2012-05-22 05:52 - 0187464 ____A (Webroot) C:\Users\grevolorio\Desktop\antizeroaccess.exe 2012-05-22 04:52 - 2012-05-22 04:52 - 0302592 ____A C:\Users\grevolorio\Desktop\odupruxo.exe 2012-05-21 12:40 - 2012-05-22 06:23 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\grevolorio\Desktop\TDSSKiller.exe 2012-05-21 06:12 - 2012-05-21 06:12 - 0446464 ____A (OldTimer Tools) C:\Users\grevolorio\Desktop\TFC.exe 2012-05-18 07:21 - 2012-05-18 07:21 - 0000512 ____A C:\Users\grevolorio\Desktop\MBR.dat 2012-05-18 07:17 - 2012-05-18 07:17 - 4731392 ____A (AVAST Software) C:\Users\grevolorio\Desktop\aswMBR.exe 2012-05-18 06:48 - 2012-05-18 06:48 - 0059154 ____A C:\Users\grevolorio\Desktop\cmbfix.png 2012-05-18 06:43 - 2012-05-21 05:24 - 4500115 ____R (Swearware) C:\Users\grevolorio\Desktop\ComboFix.exe 2012-05-18 04:56 - 2012-05-18 04:57 - 0041912 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_08.56.54_log.txt 2012-05-18 04:37 - 2012-05-18 04:46 - 0081286 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_08.37.34_log.txt 2012-05-17 11:17 - 2012-05-22 09:43 - 2721556 ____A C:\Windows\ntbtlog.txt 2012-05-17 10:31 - 2012-05-17 10:31 - 0001715 ____A C:\Users\grevolorio\Desktop\RKreport[3].txt 2012-05-17 07:20 - 2012-05-22 06:26 - 0000000 ____D C:\Users\grevolorio\Desktop\RK_Quarantine 2012-05-17 07:18 - 2012-05-22 06:24 - 1454080 ____A C:\Users\grevolorio\Desktop\RogueKiller.exe 2012-05-17 04:41 - 2012-05-23 09:59 - 0001120 ____A C:\Windows\setupact.log 2012-05-17 04:41 - 2012-05-23 05:03 - 0038998 ____A C:\Windows\PFRO.log 2012-05-17 04:41 - 2012-05-17 04:41 - 0000000 ____A C:\Windows\setuperr.log 2012-05-17 04:38 - 2012-05-17 04:38 - 0000000 ____D C:\_OTL 2012-05-16 12:32 - 2012-05-16 13:13 - 0003458 ____A C:\Users\grevolorio\Desktop\OTL.Txt 2012-05-16 12:21 - 2012-05-16 12:21 - 0595456 ____A (OldTimer Tools) C:\Users\grevolorio\Desktop\OTL.exe 2012-05-16 11:29 - 2012-05-18 05:35 - 0042974 ____A C:\Users\grevolorio\Desktop\ComboFix.zip 2012-05-16 10:29 - 2012-05-16 10:57 - 0043052 ____A C:\TDSSKiller.2.7.35.0_16.05.2012_14.29.33_log.txt 2012-05-16 10:27 - 2012-05-16 10:27 - 0000939 ____A C:\Users\sharepointadmin\Desktop\ERUNT.lnk 2012-05-16 10:27 - 2012-05-16 10:27 - 0000939 ____A C:\Users\grevolorio\Desktop\ERUNT.lnk 2012-05-16 10:27 - 2012-05-16 10:27 - 0000000 ____D C:\Program Files (x86)\ERUNT 2012-05-16 06:56 - 2012-05-16 06:56 - 0607260 ____R (Swearware) C:\Users\grevolorio\Desktop\dds.scr 2012-05-16 06:44 - 2012-05-16 06:44 - 0005778 ____A C:\Users\grevolorio\Documents\cc_20120516_104422.reg 2012-05-16 06:10 - 2012-04-30 13:03 - 0442702 ____A C:\Windows\System32\Drivers\etc\hosts.20120516-101002.backup 2012-05-15 12:17 - 2012-05-15 12:17 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Google 2012-05-15 07:57 - 2012-05-16 06:39 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Media Player Classic 2012-05-10 10:33 - 2012-04-01 21:34 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-10 10:33 - 2012-04-01 20:46 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-10 10:33 - 2012-04-01 20:46 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-10 10:33 - 2012-04-01 19:01 - 3143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-10 10:33 - 2012-03-02 22:29 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2012-05-10 10:33 - 2012-03-02 22:29 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-05-10 10:33 - 2012-03-02 22:29 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2012-05-10 10:33 - 2012-03-02 22:29 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2012-05-10 10:33 - 2012-03-02 22:29 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2012-05-10 10:33 - 2012-03-02 21:40 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2012-05-10 10:33 - 2012-03-02 21:40 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2012-05-10 10:33 - 2012-03-02 21:40 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2012-05-10 10:33 - 2012-03-02 21:40 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2012-05-10 10:33 - 2012-03-02 21:40 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2012-05-10 10:32 - 2012-03-30 03:09 - 1895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-05-10 10:32 - 2012-03-16 23:55 - 0075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-05-08 12:36 - 2012-05-08 12:36 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\SUPERAntiSpyware.com 2012-05-08 12:35 - 2012-05-22 11:08 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-05-07 13:00 - 2012-05-07 13:00 - 1026560 ____A C:\Users\grevolorio\Desktop\TRMDU Project Schedule - NEW.mpp 2012-05-07 08:35 - 2012-05-07 08:35 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Nero_AG 2012-05-02 10:11 - 2012-05-22 11:33 - 0000000 ____D C:\Program Files (x86)\Loaris 2012-05-02 09:42 - 2012-05-02 09:45 - 0000000 ____D C:\Program Files (x86)\Startup Optimizer 2012-05-02 09:42 - 2012-05-02 09:42 - 0001022 ____A C:\Users\sharepointadmin\Desktop\Startup Optimizer.lnk 2012-05-02 09:42 - 2012-05-02 09:42 - 0001022 ____A C:\Users\grevolorio\Desktop\Startup Optimizer.lnk 2012-05-01 05:50 - 2012-05-01 05:50 - 0000826 ____A C:\Users\Public\Desktop\WinX DVD Author.lnk 2012-05-01 05:50 - 2012-05-01 05:50 - 0000000 ____D C:\Users\grevolorio\Documents\My Videos 2012-05-01 05:50 - 2012-05-01 05:50 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Digiarty 2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\Documents\NeroVideo 2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Nero 2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Nero 2012-04-30 13:22 - 2012-04-30 13:22 - 0002797 ____A C:\Users\Public\Desktop\Nero Video 11.lnk 2012-04-30 13:22 - 2012-04-30 13:22 - 0002143 ____A C:\Users\Public\Desktop\Nero Kwik Media.lnk 2012-04-30 13:21 - 2012-04-30 13:21 - 0002783 ____A C:\Users\Public\Desktop\Nero BackItUp 11.lnk 2012-04-30 13:20 - 2012-04-30 13:20 - 0002843 ____A C:\Users\Public\Desktop\Nero Burning ROM 11.lnk 2012-04-30 13:18 - 2012-04-30 13:24 - 0000000 ____D C:\Users\All Users\Nero 2012-04-30 13:11 - 2012-04-30 13:24 - 0000000 ____D C:\Program Files (x86)\Nero 2012-04-30 13:11 - 2011-12-01 07:42 - 0072240 ____A (Nero AG) C:\Windows\System32\Drivers\NBVol.sys 2012-04-30 13:11 - 2011-12-01 07:42 - 0015920 ____A (Nero AG) C:\Windows\System32\Drivers\NBVolUp.sys 2012-04-30 13:10 - 2010-05-26 07:41 - 1868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2012-04-30 13:10 - 2010-05-26 07:41 - 0470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2012-04-30 13:10 - 2010-05-26 07:41 - 0248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2012-04-30 13:09 - 2009-09-04 13:29 - 1974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2012-04-30 13:07 - 2009-09-04 13:29 - 1892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll 2012-04-30 13:06 - 2008-10-15 02:22 - 4379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2012-04-30 13:05 - 2007-07-19 14:14 - 3727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2012-04-30 13:03 - 2007-05-16 12:45 - 3497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2012-04-30 13:02 - 2006-03-31 08:40 - 2388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2012-04-30 11:17 - 2012-04-30 11:46 - 0000000 ____D C:\Program Files (x86)\Trend Micro 2012-04-30 11:17 - 2012-04-30 11:17 - 0002127 ____A C:\Users\sharepointadmin\Desktop\HijackThis.lnk 2012-04-30 10:26 - 2012-04-30 10:26 - 0000000 ____D C:\Users\All Users\boost_interprocess 2012-04-30 10:26 - 2011-09-28 05:20 - 0119568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL 2012-04-30 10:26 - 2011-09-28 05:20 - 0115920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msinet.OCX 2012-04-30 10:26 - 2011-09-28 05:20 - 0040960 ____A (vbAccelerator) C:\Windows\SysWOW64\SSubTmr6.dll 2012-04-30 10:26 - 2011-09-28 05:20 - 0015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetfr.DLL 2012-04-30 10:25 - 2012-04-30 10:26 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\FreeBurner 2012-04-30 10:25 - 2011-09-28 05:20 - 0141312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL 2012-04-30 10:25 - 2011-09-28 05:20 - 0032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL 2012-04-30 08:56 - 2012-04-30 08:58 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2012-04-30 08:56 - 2011-03-02 03:43 - 0175616 ____A C:\Windows\SysWOW64\unrar.dll 2012-04-30 07:44 - 2012-04-30 07:44 - 17357434 ____A ( ) C:\Users\grevolorio\Downloads\K-Lite_Codec_Pack_860_Full.exe 2012-04-30 07:40 - 2012-04-30 07:40 - 0000000 ____D C:\DVDTemp 2012-04-30 07:38 - 2012-04-30 07:38 - 7213444 ____A (www.minidvdsoft.com ) C:\Users\grevolorio\Downloads\freedvdcreator.exe 2012-04-25 12:30 - 2012-04-25 12:30 - 1997353 ____A C:\Users\grevolorio\Downloads\Saver2Setup.exe 2012-04-25 07:54 - 2012-04-25 07:54 - 0001100 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-04-25 07:42 - 2012-04-25 07:42 - 22259528 ____A C:\Users\grevolorio\Desktop\vlc-2.0.1-win32.exe 2012-04-25 07:40 - 2012-04-25 07:40 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder ============ 3 Months Modified Files and Folders ============= 2012-05-23 14:16 - 2012-05-23 14:15 - 0000000 ____D C:\FRST 2012-05-23 10:07 - 2011-01-11 03:58 - 1865368 ____A C:\Windows\WindowsUpdate.log 2012-05-23 10:07 - 2009-07-13 20:45 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-05-23 10:07 - 2009-07-13 20:45 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-05-23 10:05 - 2011-08-04 05:50 - 0000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-05-23 10:05 - 2011-01-17 08:58 - 0000000 ___RD C:\Users\grevolorio\Dropbox 2012-05-23 10:05 - 2011-01-17 08:56 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Dropbox 2012-05-23 10:05 - 2009-07-13 21:13 - 0789722 ____A C:\Windows\System32\PerfStringBackup.INI 2012-05-23 10:01 - 2011-01-26 13:58 - 0322933 ____A C:\Windows\System32\inst.log 2012-05-23 10:00 - 2011-01-18 09:02 - 0000000 ____D C:\Users\All Users\VMware 2012-05-23 10:00 - 2011-01-11 04:58 - 0000000 ____D C:\Users\All Users\NVIDIA 2012-05-23 10:00 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2012-05-23 09:59 - 2012-05-17 04:41 - 0001120 ____A C:\Windows\setupact.log 2012-05-23 09:48 - 2012-04-13 06:29 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-05-23 09:44 - 2011-08-04 05:50 - 0000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-05-23 09:15 - 2011-01-17 09:59 - 0000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-725345543-2108UA.job 2012-05-23 07:06 - 2011-01-19 11:36 - 0000000 ___RD C:\Users\grevolorio\Documents\1-Projects 2012-05-23 07:00 - 2012-05-23 07:00 - 0000162 ___AH C:\Users\grevolorio\Documents\~$S Template.dotx 2012-05-23 06:14 - 2012-05-23 06:13 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster 2012-05-23 06:13 - 2012-05-23 06:13 - 0001079 ____A C:\Users\grevolorio\Desktop\SpywareBlaster.lnk 2012-05-23 06:12 - 2012-05-23 06:11 - 0000000 ____D C:\Users\grevolorio\Desktop\Download 2012-05-23 06:11 - 2012-05-23 06:11 - 0001181 ____A C:\Users\Public\Desktop\Anti-Malware Toolkit.lnk 2012-05-23 06:11 - 2012-05-23 06:11 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Lunarsoft 2012-05-23 06:11 - 2012-05-23 06:11 - 0000000 ____D C:\Program Files (x86)\Lunarsoft 2012-05-23 05:57 - 2009-07-13 20:45 - 3235848 ____A C:\Windows\System32\FNTCACHE.DAT 2012-05-23 05:53 - 2012-05-23 05:53 - 0000000 ____D C:\Users\grevolorio\Desktop\backups 2012-05-23 05:44 - 2012-05-23 05:44 - 0388608 ____A (Trend Micro Inc.) C:\Users\grevolorio\Desktop\HijackThis.exe 2012-05-23 05:10 - 2012-05-22 10:42 - 0000000 ____D C:\sh4ldr 2012-05-23 05:10 - 2012-05-22 10:41 - 0000000 ____D C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP 2012-05-23 05:03 - 2012-05-17 04:41 - 0038998 ____A C:\Windows\PFRO.log 2012-05-23 04:53 - 2011-01-17 08:53 - 0000000 ____D C:\Users\All Users\LogMeIn 2012-05-22 21:15 - 2011-01-17 09:59 - 0000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-796845957-725345543-2108Core.job 2012-05-22 14:00 - 2011-10-20 07:04 - 0000476 ____A C:\Windows\Tasks\ParetoLogic Registration.job 2012-05-22 12:48 - 2012-05-22 06:03 - 0000000 ____D C:\Program Files\HitmanPro 2012-05-22 12:18 - 2012-05-22 12:18 - 0030281 ____A C:\Users\grevolorio\Desktop\logs.zip 2012-05-22 12:16 - 2012-05-22 12:16 - 0607260 ____R (Swearware) C:\Users\grevolorio\Desktop\dds.com 2012-05-22 12:16 - 2011-02-14 13:20 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\TeraCopy 2012-05-22 11:33 - 2012-05-02 10:11 - 0000000 ____D C:\Program Files (x86)\Loaris 2012-05-22 11:09 - 2011-04-28 04:49 - 0000000 ____D C:\Program Files\SUPERAntiSpyware 2012-05-22 11:08 - 2012-05-08 12:35 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-05-22 11:06 - 2012-05-22 11:06 - 0000579 ____A C:\rkill.log 2012-05-22 10:51 - 2012-05-22 10:51 - 0138120 ____A (ESET) C:\Users\grevolorio\Desktop\ESETSirefefRemover.exe 2012-05-22 10:42 - 2012-05-22 10:42 - 0000000 ____D C:\Program Files\Enigma Software Group 2012-05-22 09:43 - 2012-05-17 11:17 - 2721556 ____A C:\Windows\ntbtlog.txt 2012-05-22 09:28 - 2012-05-22 09:29 - 0725408 ____A (Enigma Software Group USA, LLC.) C:\Users\grevolorio\Desktop\SpyHunter-Installer.exe 2012-05-22 07:50 - 2012-05-22 07:50 - 0000000 ____D C:\Users\All Users\RegRun 2012-05-22 06:32 - 2011-01-17 08:53 - 0000000 ____D C:\Program Files (x86)\LogMeIn 2012-05-22 06:31 - 2011-01-17 08:53 - 0087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll 2012-05-22 06:31 - 2011-01-17 08:53 - 0080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll 2012-05-22 06:31 - 2011-01-17 08:53 - 0034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll 2012-05-22 06:26 - 2012-05-17 07:20 - 0000000 ____D C:\Users\grevolorio\Desktop\RK_Quarantine 2012-05-22 06:24 - 2012-05-22 06:23 - 0043394 ____A C:\TDSSKiller.2.7.36.0_22.05.2012_10.23.51_log.txt 2012-05-22 06:24 - 2012-05-17 07:18 - 1454080 ____A C:\Users\grevolorio\Desktop\RogueKiller.exe 2012-05-22 06:23 - 2012-05-22 06:23 - 0000348 ____A C:\TDSSKiller.2.7.35.0_22.05.2012_10.23.05_log.txt 2012-05-22 06:23 - 2012-05-21 12:40 - 2127960 ____A (Kaspersky Lab ZAO) C:\Users\grevolorio\Desktop\TDSSKiller.exe 2012-05-22 06:04 - 2012-05-22 06:03 - 0000000 ____D C:\Users\All Users\HitmanPro 2012-05-22 06:02 - 2012-05-22 06:02 - 8298672 ____A (SurfRight B.V.) C:\Users\grevolorio\Desktop\HitmanPro36_x64.exe 2012-05-22 05:58 - 2012-05-22 05:55 - 0000263 ____A C:\Users\grevolorio\Desktop\AntiZeroAccess_Log.txt 2012-05-22 05:52 - 2012-05-22 05:52 - 0187464 ____A (Webroot) C:\Users\grevolorio\Desktop\antizeroaccess.exe 2012-05-22 04:58 - 2011-01-18 08:14 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Paint.NET 2012-05-22 04:52 - 2012-05-22 04:52 - 0302592 ____A C:\Users\grevolorio\Desktop\odupruxo.exe 2012-05-21 12:21 - 2011-01-20 06:15 - 0000000 ____D C:\Users\grevolorio\.VirtualBox 2012-05-21 12:18 - 2011-09-09 07:48 - 0000000 ____D C:\Users\grevolorio\AppData\Local\VMware 2012-05-21 12:18 - 2011-01-20 08:44 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\VMware 2012-05-21 12:10 - 2011-10-10 06:49 - 0000000 ____D C:\Windows\System32\FxsTmp 2012-05-21 07:40 - 2011-01-24 14:02 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\TeamViewer 2012-05-21 06:23 - 2009-07-13 21:08 - 0032568 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-05-21 06:12 - 2012-05-21 06:12 - 0446464 ____A (OldTimer Tools) C:\Users\grevolorio\Desktop\TFC.exe 2012-05-21 06:03 - 2012-03-15 12:57 - 0000000 ____D C:\Users\grevolorio\Desktop\Backup 2012-05-21 06:03 - 2011-04-25 11:25 - 0049321 ____A C:\Users\grevolorio\Desktop\INRange.ml 2012-05-21 05:24 - 2012-05-18 06:43 - 4500115 ____R (Swearware) C:\Users\grevolorio\Desktop\ComboFix.exe 2012-05-21 04:49 - 2011-04-13 07:28 - 0000000 ____D C:\Qoobox 2012-05-18 07:21 - 2012-05-18 07:21 - 0000512 ____A C:\Users\grevolorio\Desktop\MBR.dat 2012-05-18 07:17 - 2012-05-18 07:17 - 4731392 ____A (AVAST Software) C:\Users\grevolorio\Desktop\aswMBR.exe 2012-05-18 06:48 - 2012-05-18 06:48 - 0059154 ____A C:\Users\grevolorio\Desktop\cmbfix.png 2012-05-18 05:35 - 2012-05-16 11:29 - 0042974 ____A C:\Users\grevolorio\Desktop\ComboFix.zip 2012-05-18 04:57 - 2012-05-18 04:56 - 0041912 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_08.56.54_log.txt 2012-05-18 04:46 - 2012-05-18 04:37 - 0081286 ____A C:\TDSSKiller.2.7.35.0_18.05.2012_08.37.34_log.txt 2012-05-17 12:16 - 2011-11-18 12:32 - 0000000 ____D C:\Program Files (x86)\Fiddler2 2012-05-17 12:04 - 2011-01-27 07:17 - 0000000 ____D C:\Users\grevolorio\Documents\CMO Stuff 2012-05-17 11:19 - 2011-10-28 11:03 - 0442303 ____N C:\Windows\System32\Drivers\etc\hosts 2012-05-17 10:31 - 2012-05-17 10:31 - 0001715 ____A C:\Users\grevolorio\Desktop\RKreport[3].txt 2012-05-17 04:46 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files 2012-05-17 04:41 - 2012-05-17 04:41 - 0000000 ____A C:\Windows\setuperr.log 2012-05-17 04:38 - 2012-05-17 04:38 - 0000000 ____D C:\_OTL 2012-05-16 13:13 - 2012-05-16 12:32 - 0003458 ____A C:\Users\grevolorio\Desktop\OTL.Txt 2012-05-16 12:21 - 2012-05-16 12:21 - 0595456 ____A (OldTimer Tools) C:\Users\grevolorio\Desktop\OTL.exe 2012-05-16 10:57 - 2012-05-16 10:29 - 0043052 ____A C:\TDSSKiller.2.7.35.0_16.05.2012_14.29.33_log.txt 2012-05-16 10:28 - 2011-04-13 07:29 - 0000000 ____D C:\Windows\ERDNT 2012-05-16 10:27 - 2012-05-16 10:27 - 0000939 ____A C:\Users\sharepointadmin\Desktop\ERUNT.lnk 2012-05-16 10:27 - 2012-05-16 10:27 - 0000939 ____A C:\Users\grevolorio\Desktop\ERUNT.lnk 2012-05-16 10:27 - 2012-05-16 10:27 - 0000000 ____D C:\Program Files (x86)\ERUNT 2012-05-16 09:55 - 2011-11-15 05:48 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\BitTyrant 2012-05-16 06:56 - 2012-05-16 06:56 - 0607260 ____R (Swearware) C:\Users\grevolorio\Desktop\dds.scr 2012-05-16 06:44 - 2012-05-16 06:44 - 0005778 ____A C:\Users\grevolorio\Documents\cc_20120516_104422.reg 2012-05-16 06:44 - 2012-04-13 10:28 - 0000856 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-05-16 06:44 - 2012-04-13 10:28 - 0000000 ____D C:\Program Files\CCleaner 2012-05-16 06:39 - 2012-05-15 07:57 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Media Player Classic 2012-05-16 06:39 - 2011-04-25 12:42 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-05-16 05:42 - 2011-01-17 06:32 - 0000000 ____D C:\Users\grevolorio\AppData\Local\VirtualStore 2012-05-16 04:42 - 2011-01-11 05:21 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-05-16 04:40 - 2011-04-26 06:04 - 1903704 ____A C:\Windows\System32\Drivers\Cat.DB 2012-05-16 04:37 - 2011-10-10 06:49 - 0000000 ____D C:\Program Files\Windows Journal 2012-05-15 13:00 - 2011-03-16 06:13 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\SProxy 2012-05-15 12:17 - 2012-05-15 12:17 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Google 2012-05-14 12:57 - 2008-07-28 10:02 - 0002096 ___AH C:\Users\grevolorio\Documents\Default.rdp 2012-05-14 06:43 - 2011-04-25 04:33 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk 2012-05-14 06:43 - 2011-04-25 04:33 - 0000000 ____D C:\Program Files (x86)\Safari 2012-05-10 10:36 - 2011-01-17 09:18 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Microsoft Help 2012-05-09 05:48 - 2011-03-21 13:02 - 0000000 ____D C:\Program Files (x86)\Saver2 2012-05-09 04:36 - 2011-01-18 12:38 - 0000000 ____D C:\Users\grevolorio\Documents\SQL Server Management Studio 2012-05-08 12:36 - 2012-05-08 12:36 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\SUPERAntiSpyware.com 2012-05-07 13:00 - 2012-05-07 13:00 - 1026560 ____A C:\Users\grevolorio\Desktop\TRMDU Project Schedule - NEW.mpp 2012-05-07 08:35 - 2012-05-07 08:35 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Nero_AG 2012-05-07 04:37 - 2011-01-11 07:47 - 0000000 ____D C:\Users\All Users\Microsoft Help 2012-05-03 12:39 - 2011-07-13 11:19 - 0001018 ____A C:\Users\grevolorio\Desktop\Pandora (Listen Only).lnk 2012-05-03 12:39 - 2011-03-21 13:03 - 0001013 ____A C:\Users\grevolorio\Desktop\Saver2.lnk 2012-05-03 10:07 - 2012-04-17 04:56 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Foxit Software 2012-05-02 09:45 - 2012-05-02 09:42 - 0000000 ____D C:\Program Files (x86)\Startup Optimizer 2012-05-02 09:42 - 2012-05-02 09:42 - 0001022 ____A C:\Users\sharepointadmin\Desktop\Startup Optimizer.lnk 2012-05-02 09:42 - 2012-05-02 09:42 - 0001022 ____A C:\Users\grevolorio\Desktop\Startup Optimizer.lnk 2012-05-01 05:50 - 2012-05-01 05:50 - 0000826 ____A C:\Users\Public\Desktop\WinX DVD Author.lnk 2012-05-01 05:50 - 2012-05-01 05:50 - 0000000 ____D C:\Users\grevolorio\Documents\My Videos 2012-05-01 05:50 - 2012-05-01 05:50 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Digiarty 2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\Documents\NeroVideo 2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Nero 2012-05-01 04:36 - 2012-05-01 04:36 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Nero 2012-04-30 13:24 - 2012-04-30 13:18 - 0000000 ____D C:\Users\All Users\Nero 2012-04-30 13:24 - 2012-04-30 13:11 - 0000000 ____D C:\Program Files (x86)\Nero 2012-04-30 13:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Cursors 2012-04-30 13:22 - 2012-04-30 13:22 - 0002797 ____A C:\Users\Public\Desktop\Nero Video 11.lnk 2012-04-30 13:22 - 2012-04-30 13:22 - 0002143 ____A C:\Users\Public\Desktop\Nero Kwik Media.lnk 2012-04-30 13:21 - 2012-04-30 13:21 - 0002783 ____A C:\Users\Public\Desktop\Nero BackItUp 11.lnk 2012-04-30 13:20 - 2012-04-30 13:20 - 0002843 ____A C:\Users\Public\Desktop\Nero Burning ROM 11.lnk 2012-04-30 13:03 - 2012-05-16 06:10 - 0442702 ____A C:\Windows\System32\Drivers\etc\hosts.20120516-101002.backup 2012-04-30 12:31 - 2011-10-20 07:01 - 0000450 ____A C:\Windows\Tasks\ParetoLogic Update Version2.job 2012-04-30 11:46 - 2012-04-30 11:17 - 0000000 ____D C:\Program Files (x86)\Trend Micro 2012-04-30 11:17 - 2012-04-30 11:17 - 0002127 ____A C:\Users\sharepointadmin\Desktop\HijackThis.lnk 2012-04-30 10:59 - 2011-09-14 10:45 - 0000000 ____D C:\Program Files (x86)\IObit 2012-04-30 10:55 - 2011-08-16 06:14 - 0000000 ____D C:\Program Files (x86)\ScanSoft 2012-04-30 10:54 - 2011-08-16 06:14 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\ScanSoft 2012-04-30 10:53 - 2011-08-16 06:14 - 0000000 ____D C:\Users\All Users\ScanSoft 2012-04-30 10:40 - 2011-01-17 06:32 - 0000000 ____D C:\Users\grevolorio\AppData\LocalLow 2012-04-30 10:38 - 2011-01-17 06:32 - 0000000 ____D C:\users\grevolorio 2012-04-30 10:27 - 2012-03-15 05:10 - 0001143 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-04-30 10:27 - 2011-04-05 12:56 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-30 10:26 - 2012-04-30 10:26 - 0000000 ____D C:\Users\All Users\boost_interprocess 2012-04-30 10:26 - 2012-04-30 10:25 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\FreeBurner 2012-04-30 10:11 - 2012-04-13 06:28 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-04-30 10:11 - 2011-05-20 12:09 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-04-30 08:58 - 2012-04-30 08:56 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2012-04-30 07:44 - 2012-04-30 07:44 - 17357434 ____A ( ) C:\Users\grevolorio\Downloads\K-Lite_Codec_Pack_860_Full.exe 2012-04-30 07:40 - 2012-04-30 07:40 - 0000000 ____D C:\DVDTemp 2012-04-30 07:38 - 2012-04-30 07:38 - 7213444 ____A (www.minidvdsoft.com ) C:\Users\grevolorio\Downloads\freedvdcreator.exe 2012-04-27 09:45 - 2011-03-09 08:33 - 0000000 ____D C:\Users\grevolorio\AppData\Local\CutePDF Writer 2012-04-25 12:30 - 2012-04-25 12:30 - 1997353 ____A C:\Users\grevolorio\Downloads\Saver2Setup.exe 2012-04-25 08:05 - 2011-03-18 05:36 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\vlc 2012-04-25 07:54 - 2012-04-25 07:54 - 0001100 ____A C:\Users\Public\Desktop\VLC media player.lnk 2012-04-25 07:42 - 2012-04-25 07:42 - 22259528 ____A C:\Users\grevolorio\Desktop\vlc-2.0.1-win32.exe 2012-04-25 07:40 - 2012-04-25 07:40 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder 2012-04-23 05:07 - 2011-01-17 07:31 - 0139952 ____A C:\Users\grevolorio\AppData\Local\GDIPFONTCACHEV1.DAT 2012-04-19 10:22 - 2012-04-19 09:47 - 0000000 ____D C:\Users\grevolorio\Downloads\John_Lindsay_-_Emails_from_an_A__hole_Real_People_Being_Stupid 2012-04-19 10:07 - 2012-04-19 10:06 - 1264198 ____A C:\Users\grevolorio\Downloads\wheresjason-1280x800.jpg 2012-04-19 09:58 - 2011-06-09 10:02 - 0000000 ____D C:\Users\grevolorio\Calibre Library 2012-04-19 09:50 - 2011-06-09 10:01 - 0000000 ____D C:\Program Files (x86)\Calibre2 2012-04-19 09:49 - 2012-04-19 09:49 - 46847336 ____A C:\Users\grevolorio\Downloads\calibre-0.8.47.msi 2012-04-19 09:46 - 2012-04-19 09:47 - 1447867 ____A C:\Users\grevolorio\Downloads\John_Lindsay_-_Emails_from_an_A__hole_Real_People_Being_Stupid.rar 2012-04-17 04:57 - 2012-04-17 04:57 - 0001160 ____A C:\Users\Public\Desktop\Foxit Reader 5.1.lnk 2012-04-17 04:50 - 2012-04-17 04:50 - 8864476 ____A C:\Users\grevolorio\Documents\Potato_April_2012.doc 2012-04-17 04:39 - 2012-04-17 04:39 - 0613152 ____A C:\Users\grevolorio\Documents\Potato_April_2012.pdf 2012-04-13 10:30 - 2012-04-13 10:30 - 0025798 ____A C:\Users\grevolorio\Documents\cc_20120413_143028.reg 2012-04-13 10:28 - 2011-01-11 06:49 - 0000000 ____D C:\Windows\Panther 2012-04-13 09:45 - 2011-01-18 09:03 - 0786306 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-04-10 07:34 - 2012-04-09 11:41 - 0000000 ____D C:\Users\grevolorio\Documents\My Kindle Content 2012-04-09 11:41 - 2012-04-09 11:41 - 0002028 ____A C:\Users\grevolorio\Desktop\Kindle.lnk 2012-04-09 11:41 - 2012-04-09 11:41 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Amazon 2012-04-09 11:41 - 2012-04-09 11:41 - 0000000 ____D C:\Program Files (x86)\Amazon 2012-04-09 11:21 - 2011-10-28 11:03 - 0000602 ___RA C:\Windows\System32\Drivers\etc\hosts.20120430-151620.backup 2012-04-09 06:02 - 2012-04-09 06:02 - 0085647 ____A C:\Users\grevolorio\Documents\C7djl.jpg 2012-04-06 06:07 - 2012-04-06 06:07 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Plex 2012-04-06 06:06 - 2012-04-06 06:06 - 0000000 ____D C:\Program Files (x86)\Plex 2012-04-06 06:05 - 2012-04-06 06:05 - 43715544 ____A (Plex, Inc.) C:\Users\grevolorio\Documents\Plex-Media-Center-0.9.5.2.1.exe 2012-04-04 11:56 - 2011-04-05 12:56 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-04 08:03 - 2012-04-04 08:03 - 0262656 ____A C:\Users\grevolorio\Documents\IHPPS LTCH 2012 Final Rule OHA Summary.doc 2012-04-02 12:17 - 2012-04-02 12:17 - 0040985 ____A C:\Users\grevolorio\AppData\Roaming\a.7z 2012-04-02 06:45 - 2012-04-02 06:45 - 0001817 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-04-02 06:45 - 2012-04-02 06:45 - 0000000 ____D C:\Program Files\iTunes 2012-04-02 06:45 - 2012-04-02 06:45 - 0000000 ____D C:\Program Files\iPod 2012-04-02 06:45 - 2012-03-12 04:48 - 0000000 ____D C:\Program Files (x86)\iTunes 2012-04-01 21:34 - 2012-05-10 10:33 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-04-01 20:46 - 2012-05-10 10:33 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-04-01 20:46 - 2012-05-10 10:33 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-04-01 19:01 - 2012-05-10 10:33 - 3143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-03-30 03:09 - 2012-05-10 10:32 - 1895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-29 10:15 - 2012-03-29 10:15 - 0607260 ____A (Swearware) C:\Users\grevolorio\Downloads\dds.scr 2012-03-22 08:06 - 2011-01-18 08:23 - 0000000 ____D C:\Program Files (x86)\Java 2012-03-22 07:03 - 2012-03-22 07:03 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Macroplant 2012-03-22 07:02 - 2012-03-22 07:02 - 0000000 ____D C:\Program Files (x86)\iExplorer 2012-03-16 23:55 - 2012-05-10 10:32 - 0075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-03-16 06:47 - 2012-03-16 06:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2012-03-16 06:46 - 2012-03-16 06:46 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-03-16 06:46 - 2011-01-11 07:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Office 2012-03-16 06:45 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared 2012-03-16 06:44 - 2011-01-11 07:49 - 0000000 ____D C:\Program Files\Microsoft Office 2012-03-16 05:18 - 2012-03-16 05:17 - 0000000 ___SD C:\Users\grevolorio\SharePoint Sites 2012-03-16 05:07 - 2012-03-07 12:50 - 0000000 ____D C:\Users\grevolorio\AppData\Local\Facebook 2012-03-15 13:09 - 2011-01-18 07:55 - 0000000 ____D C:\Users\grevolorio\Documents\MyLifeOrganized 2012-03-15 12:58 - 2012-03-15 13:09 - 0039958 ____A C:\Users\grevolorio\Desktop\INRange.ml.ver23.bak 2012-03-15 12:56 - 2012-03-15 12:56 - 0001181 ____A C:\Users\Public\Desktop\MLO.lnk 2012-03-15 12:56 - 2011-01-28 10:36 - 0000000 ____D C:\Program Files (x86)\MyLifeOrganized.net 2012-03-14 05:41 - 2011-07-20 07:24 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Graphic.lyAir.524A3AB5801B9AE08DEEB1BA295EDE84BDC333F2.1 2012-03-14 05:23 - 2011-07-20 07:15 - 0000000 ____D C:\Program Files (x86)\Graphic.ly AIR 2012-03-14 05:21 - 2011-06-08 08:01 - 0000000 ____D C:\Program Files (x86)\eBookConverter 2012-03-14 05:11 - 2011-09-28 07:30 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\5pm-downloader 2012-03-14 05:06 - 2012-02-13 07:48 - 0000000 ____D C:\Users\All Users\Lavasoft 2012-03-13 06:23 - 2012-03-13 06:23 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Motorola 2012-03-12 05:30 - 2011-01-24 13:50 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\Apple Computer 2012-03-12 05:12 - 2012-03-12 05:09 - 0000000 ____D C:\Saved Music 2012-03-12 05:11 - 2011-01-18 08:11 - 0000000 ____D C:\Program Files (x86)\Notepad++ 2012-03-12 05:07 - 2012-02-13 07:49 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat 2012-03-12 05:07 - 2012-02-13 07:49 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat 2012-03-12 05:06 - 2012-03-12 05:06 - 0000000 __SHD C:\Windows\System32\%APPDATA% 2012-03-07 07:45 - 2012-03-07 07:45 - 5480448 ____A C:\Windows\System32\config\DEFAULT.iobit 2012-03-07 07:45 - 2012-03-07 07:45 - 39219200 ____A C:\Windows\System32\config\SYSTEM.iobit 2012-03-07 07:45 - 2012-03-07 07:45 - 121745408 ____A C:\Windows\System32\config\SOFTWARE.iobit 2012-03-07 07:45 - 2012-03-07 07:45 - 0036864 ____A C:\Windows\System32\config\SECURITY.iobit 2012-03-07 07:45 - 2012-03-07 07:45 - 0036864 ____A C:\Windows\System32\config\SAM.iobit 2012-03-07 07:30 - 2012-03-07 07:30 - 0000000 ____D C:\Users\All Users\IObit 2012-03-07 07:29 - 2011-09-14 10:45 - 0000000 ____D C:\Users\grevolorio\AppData\Roaming\IObit 2012-03-05 06:23 - 2012-02-29 10:00 - 0202296 ____A C:\Users\grevolorio\Documents\DFS Template.dotx 2012-03-02 22:29 - 2012-05-10 10:33 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2012-03-02 22:29 - 2012-05-10 10:33 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-03-02 22:29 - 2012-05-10 10:33 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2012-03-02 22:29 - 2012-05-10 10:33 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2012-03-02 22:29 - 2012-05-10 10:33 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2012-03-02 21:40 - 2012-05-10 10:33 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2012-03-02 21:40 - 2012-05-10 10:33 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2012-03-02 21:40 - 2012-05-10 10:33 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2012-03-02 21:40 - 2012-05-10 10:33 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2012-03-02 21:40 - 2012-05-10 10:33 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2012-03-02 10:10 - 2011-01-19 15:47 - 0000000 ____D C:\Users\grevolorio\Documents\Images and Logos 2012-03-01 06:06 - 2009-01-09 11:49 - 0048051 ____A C:\Users\grevolorio\Documents\SRS Template.dotx 2012-02-29 22:54 - 2012-04-13 06:33 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys 2012-02-29 22:45 - 2012-04-13 06:33 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-02-29 22:40 - 2012-04-13 06:33 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2012-02-29 22:35 - 2012-04-13 06:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll 2012-02-29 21:49 - 2012-04-13 06:33 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-02-29 21:45 - 2012-04-13 06:33 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2012-02-29 21:40 - 2012-04-13 06:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2012-02-29 11:23 - 2011-02-01 07:27 - 0039248 ____A C:\bar.emf 2012-02-29 05:52 - 2009-01-09 09:12 - 0268800 ____A C:\Users\grevolorio\Documents\SRS.doc 2012-02-27 23:34 - 2012-04-13 06:44 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-02-27 23:02 - 2012-04-13 06:44 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-02-27 22:56 - 2012-04-13 06:44 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-02-27 22:50 - 2012-04-13 06:44 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-02-27 22:49 - 2012-04-13 06:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-02-27 22:48 - 2012-04-13 06:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-02-27 22:48 - 2012-04-13 06:44 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-02-27 22:47 - 2012-04-13 06:44 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-02-27 22:45 - 2012-04-13 06:44 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-02-27 22:43 - 2012-04-13 06:45 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-02-27 22:43 - 2012-04-13 06:44 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-02-27 22:42 - 2012-04-13 06:45 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-02-27 22:39 - 2012-04-13 06:44 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-02-27 17:52 - 2012-04-13 06:44 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-02-27 17:27 - 2012-04-13 06:44 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-02-27 17:18 - 2012-04-13 06:44 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-02-27 17:12 - 2012-04-13 06:44 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-02-27 17:11 - 2012-04-13 06:44 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-02-27 17:11 - 2012-04-13 06:44 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-02-27 17:09 - 2012-04-13 06:44 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-02-27 17:08 - 2012-04-13 06:44 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-02-27 17:06 - 2012-04-13 06:44 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-02-27 17:04 - 2012-04-13 06:44 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-02-27 17:03 - 2012-04-13 06:45 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-02-27 17:03 - 2012-04-13 06:45 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-02-27 16:59 - 2012-04-13 06:44 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-02-27 12:30 - 2011-01-19 11:40 - 0000000 ____D C:\Users\grevolorio\Documents\Change Requests ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 8% Total physical RAM: 16316.38 MB Available physical RAM: 14916.28 MB Total Pagefile: 16314.53 MB Available Pagefile: 14913.02 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:100 GB) (Free:1.28 GB) NTFS 2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive f: (SoftRaid) (Fixed) (Total:731.32 GB) (Free:210.57 GB) NTFS 5 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 6 Drive h: () (Removable) (Total:7.62 GB) (Free:3.62 GB) FAT32 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 1024 KB * Disk 1 Online 465 GB 1024 KB * Disk 2 Online 7832 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Dynamic Data 992 KB 31 KB Partition 2 Dynamic Data 100 MB 1024 KB Partition 3 Dynamic Data 100 GB 101 MB Partition 4 Dynamic Data 365 GB 100 GB ====================================================================================================== Disk: 0 Partition 1 Type : 42 Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 2 Type : 42 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System Rese NTFS Mirror 100 MB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 42 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Mirror 100 GB Healthy ====================================================================================================== Disk: 0 Partition 4 Type : 42 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 F SoftRaid NTFS Stripe 731 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Dynamic Data 992 KB 31 KB Partition 2 Dynamic Data 100 MB 1024 KB Partition 3 Dynamic Data 100 GB 101 MB Partition 4 Dynamic Data 365 GB 100 GB ====================================================================================================== Disk: 1 Partition 1 Type : 42 Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 1 Partition 2 Type : 42 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System Rese NTFS Mirror 100 MB Healthy ====================================================================================================== Disk: 1 Partition 3 Type : 42 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Mirror 100 GB Healthy ====================================================================================================== Disk: 1 Partition 4 Type : 42 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 F SoftRaid NTFS Stripe 731 GB Healthy ====================================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7820 MB 29 KB ====================================================================================================== Disk: 2 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT32 Removable 7820 MB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-05-18 20:08 ======================= End Of Log ==========================
  15. I thought you had given up on me. Thank you so much!!! This is the DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0 Run by GRevolorio at 17:01:10 on 2012-05-22 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.16316.10624 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Tablet\Pen\Pen_TouchService.exe C:\Windows\system32\WUDFHost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\HitmanPro\hmpsched.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe C:\Windows\system32\taskhost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\SysWOW64\nlssrv32.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Windows\SysWOW64\vmnat.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\DDHelper.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\grevolorio\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Launchy\Launchy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files\xplorer2\xplorer2_64.exe C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\msiexec.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = Preserve uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local> BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [WinSnap] "C:\Program Files\WinSnap\WinSnap.exe" /startup uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\grevolorio\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYLIFE~1.LNK - C:\Program Files (x86)\MyLifeOrganized.net\MLO\mlo.exe StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~2.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\Users\GREVOL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe uPolicies-system: HideLogonScripts = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) mPolicies-system: DisableCAD = 1 (0x1) dPolicies-system: HideLegacyLogonScripts = 1 (0x1) dPolicies-system: HideLogonScripts = 1 (0x1) dPolicies-system: HideLogoffScripts = 1 (0x1) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: mswsock.dll LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll Trusted Zone: calshr01 Trusted Zone: emmarx.com\reports DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 10.1.2.20 10.1.2.19 TCP: Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03} : DhcpNameServer = 10.1.2.20 10.1.2.19 TCP: Interfaces\{29AFB5A5-9D29-441F-A64B-D2DC0F50AA0C} : DhcpNameServer = 172.16.206.215 172.16.206.215 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO-X64: RoboForm - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO-X64: LastPass Browser Helper Object - No File BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.type - 0 FF - component: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll FF - plugin: C:\Users\grevolorio\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll FF - plugin: C:\Users\grevolorio\AppData\Roaming\Mozilla\Firefox\Profiles\5nju9yau.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll . ============= SERVICES / DRIVERS =============== . R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?] R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?] R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?] R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-5-22 107848] R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928] R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\nlssrv32.exe [2011-1-21 64512] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-4-1 2440120] R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-2-23 6583160] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880] R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-2-23 528760] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-1-26 132656] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?] R3 RAMDiskVE;RAMDiskVE;C:\Windows\system32\Drivers\RAMDiskVE.sys --> C:\Windows\system32\Drivers\RAMDiskVE.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-4 136176] S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2011-9-19 17920] S2 PEVSystemStart;PEVSystemStart;C:\32788R22FWJFW\pev.3XE [2011-6-26 256000] S2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088] S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-5-4 996256] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-25 235624] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 253088] S3 applebmt;Apple Wireless Mouse;C:\Windows\system32\DRIVERS\applebmt.sys --> C:\Windows\system32\DRIVERS\applebmt.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-17 1038088] S3 glavcam;BW Microscope;C:\Windows\System32\drivers\glavcam.sys [2011-3-2 80000] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-8-23 30192] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-4 136176] S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-27 98208] S4 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968] S4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896] S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096] S4 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-4-26 366840] S4 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-4-26 1150936] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . .txt=SigilTXT . =============== Created Last 30 ================ . 2012-05-22 18:42:37 110080 ----a-r- C:\Users\grevolorio\AppData\Roaming\Microsoft\Installer\{82478B3D-FD8E-4501-82AC-6C864BD60483}\IconF7A21AF7.exe 2012-05-22 18:42:37 110080 ----a-r- C:\Users\grevolorio\AppData\Roaming\Microsoft\Installer\{82478B3D-FD8E-4501-82AC-6C864BD60483}\IconD7F16134.exe 2012-05-22 18:42:37 110080 ----a-r- C:\Users\grevolorio\AppData\Roaming\Microsoft\Installer\{82478B3D-FD8E-4501-82AC-6C864BD60483}\Icon1226A4C5.exe 2012-05-22 18:42:36 -------- d-----w- C:\sh4ldr 2012-05-22 18:42:36 -------- d-----w- C:\Program Files\Enigma Software Group 2012-05-22 18:41:35 -------- d-----w- C:\Windows\82478B3DFD8E450182AC6C864BD60483.TMP 2012-05-22 15:50:09 -------- d-----w- C:\ProgramData\RegRun 2012-05-22 14:03:59 -------- d-----w- C:\Program Files\HitmanPro 2012-05-22 14:03:38 -------- d-----w- C:\ProgramData\HitmanPro 2012-05-17 12:46:12 -------- d-----w- C:\Program Files (x86)\ESET 2012-05-17 12:38:36 -------- d-----w- C:\_OTL 2012-05-10 18:32:56 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-10 18:32:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-10 18:32:51 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 18:32:51 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-10 18:32:51 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 18:32:50 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-10 18:32:50 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-08 20:36:19 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\SUPERAntiSpyware.com 2012-05-07 16:35:59 -------- d-----w- C:\Users\grevolorio\AppData\Local\Nero_AG 2012-05-07 12:33:21 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{366E680E-86A9-4541-9805-3C4E03346FB7}\mpengine.dll 2012-05-02 18:11:38 -------- d-----w- C:\Program Files (x86)\Loaris 2012-05-02 17:42:44 -------- d-----w- C:\Program Files (x86)\Startup Optimizer 2012-05-01 13:50:56 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\Digiarty 2012-05-01 12:36:35 -------- d-----w- C:\Users\grevolorio\AppData\Local\Nero 2012-04-30 21:18:45 -------- d-----w- C:\ProgramData\Nero 2012-04-30 21:11:25 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys 2012-04-30 21:11:03 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys 2012-04-30 21:11:03 -------- d-----w- C:\Program Files (x86)\Nero 2012-04-30 21:10:22 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll 2012-04-30 21:10:22 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll 2012-04-30 21:10:22 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll 2012-04-30 21:09:04 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll 2012-04-30 21:07:49 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll 2012-04-30 21:06:34 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll 2012-04-30 21:05:14 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll 2012-04-30 21:03:51 3497832 ----a-w- C:\Windows\SysWow64\d3dx9_34.dll 2012-04-30 19:17:29 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-04-30 18:26:03 -------- d-----w- C:\ProgramData\boost_interprocess 2012-04-30 18:26:00 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll 2012-04-30 18:26:00 15360 ----a-w- C:\Windows\SysWow64\inetfr.DLL 2012-04-30 18:26:00 119568 ----a-w- C:\Windows\SysWow64\VB6FR.DLL 2012-04-30 18:26:00 115920 ----a-w- C:\Windows\SysWow64\msinet.OCX 2012-04-30 18:25:59 32768 ----a-w- C:\Windows\SysWow64\CMDLGFR.DLL 2012-04-30 18:25:59 141312 ----a-w- C:\Windows\SysWow64\MSCMCFR.DLL 2012-04-30 18:25:59 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\FreeBurner 2012-04-30 16:56:36 175616 ----a-w- C:\Windows\SysWow64\unrar.dll 2012-04-30 16:56:33 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack 2012-04-30 15:40:38 -------- d-----w- C:\DVDTemp 2012-04-25 15:40:13 -------- d-----w- C:\Users\grevolorio\AppData\Roaming\VTC Preferences Folder . ==================== Find3M ==================== . 2012-05-22 14:31:29 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll 2012-05-22 14:31:29 80768 ----a-w- C:\Windows\System32\LMIinit.dll 2012-05-22 14:31:29 34688 ----a-w- C:\Windows\System32\LMIport.dll 2012-04-30 18:11:41 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-30 18:11:41 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-02 05:34:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-02 04:46:44 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-02 04:46:44 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys 2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-30 13:55:36 14534176 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe 2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll . ============= FINISH: 17:01:54.46 =============== and the attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 1/11/2011 6:56:15 AM System Uptime: 5/22/2012 3:23:25 PM (2 hours ago) . Motherboard: Dell Inc. | | 0T105W Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | U2E1 | 1734/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 100 GiB total, 2.6 GiB free. D: is FIXED (FAT32) - 2 GiB total, 2.003 GiB free. E: is CDROM () F: is FIXED (NTFS) - 731 GiB total, 210.566 GiB free. H: is CDROM () I: is FIXED (NTFS) - 932 GiB total, 897.54 GiB free. K: is CDROM (CDFS) L: is Removable U: is NetworkDisk (NTFS) - 547 GiB total, 119.561 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP321: 5/17/2012 - Scheduled Checkpoint RP322: 5/17/2012 2:44:43 PM - Revo Uninstaller's restore point - BHODemon 2.0.0.23 RP323: 5/22/2012 2:41:42 PM - Installed SpyHunter RP324: 5/22/2012 3:30:21 PM - Revo Uninstaller's restore point - Loaris Trojan Remover 1.2 RP325: 5/22/2012 4:53:51 PM - Revo Uninstaller's restore point - Adobe Acrobat X Pro - English, Français, Deutsch . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) AccelerometerP11 Acrobat.com Adobe Acrobat X Pro - English, Français, Deutsch Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Asset Services CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles AE CS4 Adobe Color Video Profiles CS CS4 Adobe Contribute CS4 Adobe Creative Suite 4 Master Collection Adobe CS4 American English Speech Analysis Models Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Digital Editions Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 STI-en Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe LiveCycle Designer 7.1 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe MotionPicture Color Files CS4 Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Premiere Pro CS4 Third Party Content Adobe Reader X (10.1.2) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe SING CS4 Adobe Soundbooth CS4 Adobe Soundbooth CS4 Codecs Adobe Type Support CS4 Adobe Update Manager CS4 Adobe Version Cue CS4 Server Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AI RoboForm Amazon Kindle Android SDK Tools Apple Application Support Apple Software Update Axiom 2012 Axosoft OnTime 2010 Windows Bamboo Dock BW Microscope calibre CDBurnerXP ClipX Color Picker Connect Content Corel Painter 11 Corel Painter 11 - ICA Corel Painter 11 - IPM CutePDF Professional 3.3 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DiskAid 5.01 Dropbox eMedia Piano and Keyboard Method eReader ERUNT 1.1j ESET Online Scanner v3 Evernote v. 4.5.6 ExtraPutty 0.22 Fiddler2 FlowBreeze Standard 2.5.0.68 Foxit Reader 5.1 Google Chrome Google Desktop Google Earth Google Earth Plug-in Google Update Helper High-Definition Video Playback huey 1.0.5 iConcur Axiom for Word IconHandler 32 bit IETester v0.4.10 (remove only) iExplorer 2.2.1.3 Inkscape 0.48.1 iPhoneBrowser Java 2 Runtime Environment, SE v1.4.1_07 Java Auto Updater Java Web Start Java 6 Update 22 Java 6 Update 31 Java 7 Java SE Development Kit 7 JMicron Flash Media Controller Driver K-Lite Codec Pack 8.6.0 (Full) kuler Langauge LastPass (uninstall only) Launchy 2.5 LiveUpdate 3.3 (Symantec Corporation) LogMeIn Magic ISO Maker v5.5 (build 0265) Malwarebytes Anti-Malware version 1.61.0.1400 Manga Studio EX 4.0 Mesh Runtime Micro-Measure Microsoft .NET Compact Framework 1.0 SP3 Developer Microsoft .NET Compact Framework 2.0 Microsoft Device Emulator version 1.0 - ENU Microsoft Document Explorer 2005 Microsoft Garage Mouse without Borders Microsoft Office 2003 Web Components Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote 2007 Microsoft Office OneNote 2010 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office SharePoint Designer 2007 Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) Microsoft Office SharePoint Designer MUI (English) 2007 Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft OneNote 2010 Microsoft Robocopy GUI Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Books Online (English) (September 2007) Microsoft SQL Server 2005 Mobile [ENU] Developer Tools Microsoft SQL Server 2005 Tools Microsoft SQL Server Setup Support Files (English) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual Studio 2005 Premier Partner Edition - ENU Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601) Microsoft Visual Studio 2005 Professional Edition - ENU Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) MotoHelper 2.1.32 Driver 5.2.0 MotoHelper MergeModules Mozilla Firefox 10.0.1 (x86 en-US) MSDN Library for Visual Studio 2005 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyLifeOrganized v. 3.6.1 MySQL Tools for 5.0 Nero 11 Nero 11 Disc Menus Basic Nero 11 Effects Basic Nero 11 Image Samples Nero 11 Kwik Themes Basic Nero 11 PiP Effects Basic Nero Audio Pack 1 Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero CoverDesigner 11 Nero CoverDesigner 11 Help (CHM) Nero Express 11 Nero Express 11 Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero Recode 11 Nero Recode 11 Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero SoundTrax 11 Nero SoundTrax 11 Help (CHM) Nero Update Nero Video 11 Nero Video 11 Help (CHM) Nero WaveEditor 11 Nero WaveEditor 11 Help (CHM) nero.prerequisites.msi NewsBin Pro Notepad++ NVIDIA Stereoscopic 3D Driver Octoshape add-in for Adobe Flash Player openCanvas4.5e Plus OpenOffice.org 3.3 OutlookTools 2 Pandora ParetoLogic Data Recovery PDF Settings CS4 PDFill PDF Editor with FREE PDF Writer and Tools PDFill PDF Writer Photoshop Camera Raw Pixel Bender Toolkit Plex Polipo 1.0.4.1 Python 2.6 pycrypto-2.3 Qdabra InfoPath to SharePoint List Tool QuickTime RAMDisk Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Recover My Files Renesas Electronics USB 3.0 Host Controller Driver Revo Uninstaller 1.92 Safari Saver2 Seagate Dashboard SeaTools for Windows Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090) Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673) Send to OneNote 2007 Sharpener Pro 3.0 Skype Toolbars Skype™ 5.1 Smart Defrag 2 Spybot - Search & Destroy Spyware Doctor 8.0 Startup Optimizer 1.6 Suite Shared Configuration CS4 SysInfoMyWork TeamViewer 7 tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k TopStyle (Version 3) Tor 0.2.1.30 TreeSize Professional 5.3.4 TuneWiki U2 PCAM Unlocker 1.9.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Project 2007 Help (KB963668) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675) Update for Microsoft Office Visio 2007 Help (KB963666) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232) Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232) Vector Magic Velvia Vision Vertus Fluid Mask 3 2.100.2-RC2 Vidalia 0.2.12 Video Enhancer 1.9.6 VirtualCloneDrive VLC media player 2.0.1 VMware Workstation WebTablet FB Plugin WebTablet IE Plugin WebTablet Netscape Plugin welcome Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mesh Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin Windows Resource Kit Tools WinSCP 4.3.5 WinSnap WinX DVD Author 5.8 . ==== Event Viewer Messages From Past Week ======== . 5/22/2012 3:43:26 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). 5/22/2012 3:43:13 PM, Error: Service Control Manager [7034] - The SpyHunter 4 Service service terminated unexpectedly. It has done this 1 time(s). 5/22/2012 3:43:03 PM, Error: Service Control Manager [7034] - The Seagate Dashboard Service service terminated unexpectedly. It has done this 1 time(s). 5/22/2012 3:42:44 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 5/22/2012 3:31:16 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . 5/22/2012 3:26:42 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 5/22/2012 3:25:00 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: An attempt was made to logon, but the network logon service was not started. 5/22/2012 3:25:00 PM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started. 5/22/2012 3:24:52 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 5/22/2012 3:24:49 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 5/22/2012 3:24:42 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the PEVSystemStart service to connect. 5/22/2012 3:24:42 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 5/22/2012 3:24:37 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 5/22/2012 3:24:21 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). 5/22/2012 3:24:14 PM, Error: volmgr [45] - The system could not sucessfully load the crash dump driver. 5/22/2012 10:31:25 AM, Error: Service Control Manager [7034] - The PEVSystemStart service terminated unexpectedly. It has done this 1 time(s). 5/22/2012 10:23:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 5/22/2012 10:23:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 5/22/2012 1:46:55 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 5/22/2012 1:33:59 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 5/22/2012 1:32:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/22/2012 1:32:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/22/2012 1:32:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/22/2012 1:32:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/22/2012 1:31:59 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/22/2012 1:31:59 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/22/2012 1:31:59 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/22/2012 1:31:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 5/22/2012 1:31:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl ElbyCDIO SASDIFSV SASKUTIL spldr SRTSP SRTSPX VBoxDrv VBoxUSBMon vmm Wanarpv6 5/22/2012 1:31:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 5/21/2012 11:50:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 5/21/2012 11:20:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 5/21/2012 11:20:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 5/21/2012 11:19:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSP SRTSPX tdx VBoxDrv VBoxUSBMon vmm vwififlt Wanarpv6 WfpLwf ws2ifsl 5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/21/2012 11:19:46 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/21/2012 11:19:43 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/21/2012 11:19:43 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 5/21/2012 11:19:43 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/21/2012 11:19:43 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/21/2012 11:18:43 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The data is invalid. 5/21/2012 11:00:07 AM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 5/21/2012 10:26:16 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 5/21/2012 10:25:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/21/2012 10:23:54 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/21/2012 1:28:28 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 5/21/2012 1:28:28 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service. 5/21/2012 1:28:23 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 5/18/2012 4:50:19 PM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it. 5/17/2012 4:12:51 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 5/17/2012 12:03:54 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 5/17/2012 1:36:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user INRANGE\GRevolorio SID (S-1-5-21-1085031214-796845957-725345543-2108) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 5/17/2012 1:36:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user INRANGE\GRevolorio SID (S-1-5-21-1085031214-796845957-725345543-2108) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 5/16/2012 8:57:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual Studio 2005 Service Pack 1 XML Editor (KB2251481). 5/16/2012 8:43:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596880). 5/16/2012 8:43:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition. 5/16/2012 8:42:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2007 (KB2597161). 5/16/2012 8:42:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word 2007 (KB2596917). 5/16/2012 8:42:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656405). 5/16/2012 8:41:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290). 5/16/2012 8:41:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2604121). 5/16/2012 8:40:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition. 5/16/2012 8:40:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596672). 5/16/2012 8:40:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2597969). 5/16/2012 8:40:20 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2597162). 5/16/2012 8:39:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2690729). 5/16/2012 8:39:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 suites (KB2596792). 5/15/2012 12:05:17 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown. 5/15/2012 1:48:46 PM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer. . ==== End Of File ===========================
  16. I ran GMER but I had a couple of errors (see attached screenprints). The log is blank.
  17. These are the results, both with and without the List BCD check: Result_bcd.txt Result.txt
  18. I just tried again. I will make sure it runs for at least 30 minutes. Thanks.
  19. Ran TFC, rebooted and try ComboFix but still wouldn't run. I noticed that there is a folder called Qoobox that I thing it belongs to ComboFix that I cannot remove even in safe mode.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.