Jump to content

smemeber

Honorary Members
  • Posts

    133
  • Joined

  • Last visited

Everything posted by smemeber

  1. I think he was posting it because it was loading a Garry's mod(sandbox game) banner website (when you load a server in Gmod it loads a website usually with information about the server but sometimes they put some extras in (like music)) website and malwarebytes blocked it - even though it was embed in the game - which proves malwarebytes is one of the best antiviruses.
  2. Okay, thanks for the info . By maximum memory supported you mean RAM right?Also, is the solid state drive, graphics card and processor compatible with the motherboard? Couldn't find anything online. thanks
  3. I'm building a gaming PC(desktop) and I was wondering if anyone could tell me if this is a good choice for parts: Motherboard: MSI Z97 gaming: http://www.ats-systems.com/store/detail.asp?PRODUCT_ID=5278727 CPU/processor: Intel I7: http://www.bestbuy.com/site/intel-core-i7-3770-processor/5513859.p?id=1218655167725 RAM: Ask at store of choice [as I don't know what RAM chips can go in the Z97 motherboard] Graphics Card: msi R9 290X GAMING 4G: http://www.ats-systems.com/retail/manufact/manufacturers.asp?manufacturer=MSI Solid State drive: AMD RADEON R7: Canada computers Case: MSI nightblade: same as all the other MSI products Monitor: Dell ST2220T [sorry for the huge text, it was made in word]
  4. Good, I'm just trying to find time to do the scan, sorry for the delay
  5. When I run Combofix, after it backs up and installs itself, it wants me to rename it from ComboFix(1) to ComboFix, but as far as I can see it is allready named ComboFix. Can you help? Thanks
  6. Yeah, I know, I was just hoping the problem was malware as normal PC problems can be harder to fix then malware.
  7. TDSSkiller found nothing (sad face because I was hoping a rootkit was the problem and removing it would help with the PC slowness and other problems) I'm going to scan with ComboFix tommorow, sorry for the delay -malwarebytesmemeber
  8. TDSS and ComboFix logs coming later today, sorry for the delay
  9. A status update: the "cursor going crazy" thing is gone, but my computer has SUCH a slow startup (I allready ran MBAM startup lite and checked my startup folder) and my computer is also generally slow. I don't know if it's stealth malware, some kind of rootkit or my computer is just failing. Should I run TDSS killer and see? Also...... what about [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\tdcmdpst @ Unknown (\SystemRoot\system32\DRIVERS\usbfilter.sys)[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\vmkbd @ Unknown (\SystemRoot\system32\DRIVERS\usbohci.sys)? JRT log: ----------------------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.1 (10.06.2014:1) OS: Windows 7 Home Premium x64 Ran by test on 06/10/2014 at 18:50:40.46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\windows\wininit.ini" ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\zwr99lbc.default\prefs.js user_pref("symantec.browser.sessionstore.resume_from_crash.toggle", false); Emptied folder: C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\zwr99lbc.default\minidumps [24 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06/10/2014 at 18:54:25.76 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. JRT log coming soon (tommorow or in a few hours)
  11. Just scanned with adwcleaner.... Didn't delete C:\END and C:\windows\SysWOW64\SearchProtect because they seem important (SearchProtect just because it's in SysWOW64) Log: ---------------------------------------------------------------------------------------------------------------------------- # AdwCleaner v3.311 - Report created 05/10/2014 at 19:50:18 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : test - JUSTIIN-PC # Running from : C:\Users\test\Downloads\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [x] Not Deleted : C:\windows\SysWOW64\SearchProtect Folder Deleted : C:\Users\Justiin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [x] Not Deleted : C:\END ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.3 (x86 en-GB) [ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rbg22xn1.default\prefs.js ] [ File : C:\Users\Justiin\AppData\Roaming\Mozilla\Firefox\Profiles\uedsova8.default\prefs.js ] [ File : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc [ File : C:\Users\Justiin\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=15527&prt=360&chn=retail&geo=CA&ver=20&locale=en_CA&tpr=111 Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=3D5E7EB0-7367-4807-A188-7924507F40B5&apn_ptnrs=U3&apn_sauid=6A0556DC-A67C-47B2-BFF1-3E2348C7D3E1&apn_dtid=OSJ000YYCA&q={searchTerms} Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=25&systemid=417&apn_dtid=BND417&apn_ptnrs=AGA&o=APN10649&apn_uid=3063215245894430&q={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk ************************* AdwCleaner[R0].txt - [2476 octets] - [03/01/2014 15:37:40] AdwCleaner[R1].txt - [3731 octets] - [05/10/2014 19:46:40] AdwCleaner[s0].txt - [2583 octets] - [03/01/2014 15:41:54] AdwCleaner[s1].txt - [4318 octets] - [05/10/2014 19:50:18] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4378 octets] ##########
  12. DelFix log, just in case you need it --------------------------------------------------------------- # DelFix v10.8 - Logfile created 05/10/2014 at 19:37:57 # Updated 29/07/2014 by Xplode # Username : test - JUSTIIN-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Creating registry backup ... OK ########## - EOF - ##########
  13. yeah, I know the dangers of multiple AV's. Defender disabled.
  14. RK log (looks like there's some pums and minor rootkits ) ------------------------------------------------------------------------------------------------ RogueKiller V9.2.13.0 (x64) [sep 25 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : test [Admin rights] Mode : Scan -- Date : 10/04/2014 17:06:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 19 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E} | NameServer : 64.71.255.254 64.71.255.253 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E} | NameServer : 64.71.255.254 64.71.255.253 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E} | NameServer : 64.71.255.254 64.71.255.253 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤ [C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤ [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\tdcmdpst @ Unknown (\SystemRoot\system32\DRIVERS\usbfilter.sys) [Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\vmkbd @ Unknown (\SystemRoot\system32\DRIVERS\usbohci.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547575A9E384 ATA Device +++++ --- User --- [MBR] 696ad51e0c3a3160de93ac3d9a301740 [bSP] 5c5ef59b980bbbf712f14e366bd951ac : HP MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 701591 MB 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1439934464 | Size: 12311 MB User = LL1 ... OK User = LL2 ... OK ---------------------------------------------------------------------------------------------
  15. Addition log: ----------------------------------------------------------------- dditional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 Ran by test at 2014-10-03 20:45:05 Running from C:\Users\test\Downloads\FRST-OlderVersion\FRST-OlderVersion Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{63F96D8F-D32B-AABF-4DE1-F51FF391FFD6}) (Version: 3.0.870.0 - Advanced Micro Devices, Inc.) AMD Media Foundation Decoders (Version: 1.0.70213.1643 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.03.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Insights Tools for Visual Studio 2013 (x32 Version: 2.1 - Microsoft Corporation) Hidden Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd) AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.11.3116 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{80194F84-21CE-44CF-A46E-38D8CE448856}) (Version: 0.8.11.3116 - BlueStack Systems, Inc.) Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Camtasia Studio 8 (HKLM-x32\...\{A7727F03-5311-4A12-9A63-2ACD20BA0497}) (Version: 8.2.1.1423 - TechSmith Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation) ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.) Fraps (HKLM-x32\...\Fraps) (Version: - ) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - ) IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.) Java 7 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417015FF}) (Version: 7.0.150 - Oracle) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle) Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden Java SE Development Kit 7 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170150}) (Version: 1.7.0.150 - Oracle) Java SE Development Kit 7 Update 15 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170150}) (Version: 1.7.0.150 - Oracle) Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MCI Screensaver 2 (HKLM-x32\...\MCI Screensaver 2) (Version: - ) Memory Profiler (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft Advertising SDK for Windows 8.1 - ENU (x32 Version: 8.1.30809.0 - Microsoft Corporation) Hidden Microsoft Advertising SDK for Windows Phone 8.1 XAML - ENU (x32 Version: 8.1.40427.0 - Microsoft Corporation) Hidden Microsoft Advertising Service Extension for Visual Studio (x32 Version: 12.0.40402.0 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft ASP.NET and Web Tools 2013.3 - Visual Studio 12 (x32 Version: 12.3.50717.0 - Microsoft Corporation) Hidden Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden Microsoft ASP.NET MVC 4 Runtime (x32 Version: 4.0.20716.0 - Microsoft Corporation) Hidden Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU (x32 Version: 5.2.20703.0 - Microsoft Corporation) Hidden Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20716.0 - Microsoft Corporation) Hidden Microsoft Azure Mobile Services SDK (x32 Version: 1.0.20703.0 - Microsoft Corporation) Hidden Microsoft Azure Mobile Services Tools for Visual Studio - v1.2 (x32 Version: 1.2.20710.1601 - Microsoft Corporation) Hidden Microsoft Azure Shared Components for Visual Studio 2013 - v1.2 (x32 Version: 1.2.20710.1601 - Microsoft Corporation) Hidden Microsoft Azure Tools for LightSwitch for Visual Studio 2013 - June 2014 Update - v2.4 (x32 Version: 2.4.20623.1601 - Microsoft) Hidden Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden Microsoft Exchange Web Services Managed API 2.1 (x32 Version: 15.0.847.30 - Microsoft Corporation) Hidden Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden Microsoft Identity Extensions (Version: 2.0.1459.0 - Microsoft Corporation) Hidden Microsoft LightSwitch for Visual Studio 2013 Core (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft LightSwitch for Visual Studio 2013 v4.5 Tools (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft LightSwitch for Visual Studio 2013 v4.5 ToolsRes - ENU (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft LightSwitch v4.5 SDK (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden Microsoft NuGet - Visual Studio 2013 (x32 Version: 2.8.50313.46 - Microsoft Corporation) Hidden Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) - ENU Language Pack (Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) (Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Developer Tools for Visual Studio (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Office Developer Tools for Visual Studio ENU Language Pack (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft Portable Library Multi-Targeting Pack (x32 Version: 12.0.30501.00 - Microsoft Corporation) Hidden Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (x32 Version: 12.0.30501.00 - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Report Viewer Add-On for Visual Studio 2013 (x32 Version: 11.1.3442.2 - Microsoft Corporation) Hidden Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft Team Foundation Server 2013 Update 3 Object Model (x64) (Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Team Foundation Server 2013 Update 3 Object Model Language Pack (x64) - ENU (Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual C++ ARM Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual C++ x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64 Native Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64 Native Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64-arm Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64-arm Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64-x86 Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64-x86 Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 Compilers - ENU Resources (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 Compilers (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Designtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 32bit Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Extended Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Devenv (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Devenv Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Diagnostic Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Diagnostic Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 IntelliTrace (x64) (Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 IntelliTrace (x86) (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 IntelliTrace Front End (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Performance Collection Tools - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Performance Collection Tools (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Profiling Tools (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell (Minimum) Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 VsGraphics Helper Dependencies (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 XAML UI Designer - ENU (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 XAML UI Designer (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio Premium 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Premium 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Professional 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Professional 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Team Foundation Server 2013 Storyboarding (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Team Foundation Server 2013 Storyboarding Language Pack (x64) - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2013 with Update 3 (HKLM-x32\...\{71688083-99e8-4e10-9522-8e98a130c438}) (Version: 12.0.30723 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NetBeans IDE 7.2 (HKLM-x32\...\nbi-nb-base-7.2.0.0.201207171143) (Version: 7.2 - NetBeans.org) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden Premium Sound HD (HKLM\...\{75A43A49-A6A1-4FCB-A41E-02D76E166691}) (Version: 1.12.0700 - SRS Labs, Inc.) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 3.4.1 (HKLM-x32\...\{DF32BB9E-3ED8-36B5-A649-E8C845C5F3A2}) (Version: 3.4.1150 - Python Software Foundation) Python Tools Redirection Template (x32 Version: 1.2 - Microsoft Corporation) Hidden QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.) Rogers Connection Manager (HKLM-x32\...\{C295E308-5238-4157-962C-FDBF090ECC7E}) (Version: 6.0.3321.5603 - Sierra Wireless Inc.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden Sony Ericsson Wireless Manager 5 (HKLM-x32\...\{D2C6DAC2-6AB2-4749-8AAF-538AFF5A981A}) (Version: 5.3.2076.12 - Sony Ericsson) Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform) Splashtop Remote Client (x32 Version: 1.1.5.0 - Splashtop Inc.) Hidden Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™) Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.0 - Synaptics Incorporated) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TheSkyX First Light Edition (HKLM-x32\...\{ECE3188A-3B11-4332-B1B9-43FAA9A02626}) (Version: 10.0.2 - Software Bisque, Inc.) tools-freebsd (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden tools-linux (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden tools-netware (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden tools-solaris (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden tools-windows (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden tools-winPre2k (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.00.07.64 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation) TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0023.640204 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.6.0023.640204 - TOSHIBA Corporation) Hidden TOSHIBA Value Added Package (x32 Version: 1.6.0023.640204 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation) TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation) Hidden TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION) TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) Update for Microsoft Visual Studio 2013 (KB2932965) (HKLM-x32\...\{7dbba119-718a-4f68-b33e-454dc8aa5faf}) (Version: 12.0.30112 - Microsoft Corporation) Visual F# 3.1 SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Visual F# 3.1 VS (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation) Visual Studio 2012 Verification SDK - chs (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012 Verification SDK - enu (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012 Verification SDK - ita (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012 Verification SDK - jpn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012 Verification SDK (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Visual Studio 2012 유효성 검사 SDK - kor (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012 驗證 SDK - cht (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012-Verifizierungs-SDK - deu (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2013 Prerequisites - ENU Language Pack (Version: 12.0.21005 - Microsoft Corporation) Hidden Visual Studio 2013 Prerequisites (Version: 12.0.21005 - Microsoft Corporation) Hidden Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation) Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 2.1.30723.00 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.0.0.9911 - VMware, Inc) VMware Workstation (x32 Version: 7.0.0.9911 - VMware, Inc.) Hidden VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation) Windows App Certification Kit Native Components (Version: 8.100.26629 - Microsoft Corporation) Hidden Windows App Certification Kit x64 (x32 Version: 8.100.26795 - Microsoft Corporation) Hidden Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1 (x32 Version: 2.1.10909.1601 - Microsoft) Hidden Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Phone 8.1 SDK - ARM (x32 Version: 8.1.12358 - Microsoft Corporation) Hidden Windows Phone 8.1 SDK - Desktop (x32 Version: 8.1.12358 - Microsoft Corporation) Hidden Windows Phone 8.1 SDK - x64 (Version: 8.1.12358 - Microsoft Corporation) Hidden Windows Phone 8.1 SDK - x86 (x32 Version: 8.1.12358 - Microsoft Corporation) Hidden Windows Phone 8.1 Tools for Visual Studio 2013 - ENU (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Windows Phone 8.1 Tools for Visual Studio 2013 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Windows Phone 8.1 Tools for Visual Studio Professional 2013 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Windows Phone 8.1 Tools for Visual Studio Professionald 2013 - ENU (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Windows Phone SDK 8.0 Assemblies (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Windows Runtime Intellisense Content - en-us (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit (x32 Version: 8.100.26831 - Microsoft Corporation) Hidden Windows Software Development Kit (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x64 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.26831 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.26831 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.26831 - Microsoft Corporation) Hidden Windows XP Targeting with C++ (Version: 11.0.51106 - Microsoft Corporation) Hidden Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden WinX Video Converter 5.0.1 (HKLM-x32\...\WinX Video Converter_is1) (Version: - Digiarty Software, Inc.) Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{69056475-33a1-43dd-902c-c99b8d83e48d}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{a0fb4e1a-b196-4736-8496-d99fd01208ea}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 23-09-2014 23:23:47 Windows Update 24-09-2014 13:30:32 Windows Update 28-09-2014 01:33:01 Microsoft Visual Studio Ultimate 2013 with Update 3 28-09-2014 01:34:42 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 28-09-2014 01:35:06 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 28-09-2014 01:35:44 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 28-09-2014 12:54:34 Microsoft Visual Studio Ultimate 2013 with Update 3 28-09-2014 12:55:49 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 28-09-2014 12:56:14 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 28-09-2014 13:39:45 Installed DirectX 28-09-2014 13:58:41 Windows Update 29-09-2014 00:39:44 Windows Update 30-09-2014 23:15:01 Windows Update 04-10-2014 00:20:20 Installed Java SE Development Kit 8 Update 20 (64-bit) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-01-05 12:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0343508F-E556-44F9-9DD5-5284FA51A296} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2825A17E-281E-4772-8BF9-20BEB25C521F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation) Task: {282F03C8-97F2-43E9-AE13-FD2ECFF8FEC0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {46E57131-5453-4AD0-82ED-053FCFB0D523} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-24] (Microsoft Corporation) Task: {4C3F3C7B-58A1-46AF-A49B-4F46A73BE10C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {50D22491-2201-40A2-B112-4CB9C27C08CF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {6AF0E02D-6A38-4DBD-B9EA-52A59C537AAF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {773A2896-C693-4251-BC7E-C54D1178A63A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {83EF0D36-FF67-44FB-AAE8-817679A1C20D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {AD4987D0-E67D-4D96-9665-8FD6F433C030} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd) Task: {ED69A077-2D8E-492E-A0E6-6FB727250E69} - System32\Tasks\{B3431BEC-6C07-4467-87EA-DE08230154D5} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-25 07:24 - 2011-04-25 11:24 - 00034304 _____ () C:\windows\System32\ssj1mlm.dll 2014-09-02 19:53 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2014-09-24 20:10 - 2014-09-24 20:10 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2011-08-22 18:19 - 2011-08-22 18:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2011-01-19 19:00 - 2011-01-19 19:00 - 00118784 _____ () C:\Program Files\TOSHIBA\PeakShift\MUIHelp.dll 2012-02-13 19:39 - 2012-02-13 19:39 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-02-03 16:33 - 2012-02-03 16:33 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-03 18:22 - 2014-10-03 18:22 - 00043008 _____ () c:\users\test\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3r0val.dll 2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\test\AppData\Roaming\Dropbox\bin\libcef.dll 2011-11-03 17:39 - 2011-11-03 17:39 - 00251248 _____ () C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll 2014-07-29 20:22 - 2014-09-26 12:32 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-09-03 12:00 - 2014-09-03 12:00 - 01020928 _____ () C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: SSUService => 2 ========================= Accounts: ========================== Administrator (S-1-5-21-573630501-3468752300-2657990606-500 - Administrator - Disabled) Guest (S-1-5-21-573630501-3468752300-2657990606-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-573630501-3468752300-2657990606-1012 - Limited - Enabled) Justiin (S-1-5-21-573630501-3468752300-2657990606-1000 - Administrator - Enabled) => C:\Users\Justiin test (S-1-5-21-573630501-3468752300-2657990606-1004 - Administrator - Enabled) => C:\Users\test __vmware_user__ (S-1-5-21-573630501-3468752300-2657990606-1010 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/03/2014 06:22:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/03/2014 09:13:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/02/2014 08:03:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/02/2014 05:49:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 07:54:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 03:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 01:38:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 09:19:21 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2014 06:16:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2014 05:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/03/2014 06:24:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (4000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. Error: (10/03/2014 06:21:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%1053 Error: (10/03/2014 06:21:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VMware Authorization Service service failed to start due to the following error: %%1053 Error: (10/03/2014 06:21:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (4000 milliseconds) while waiting for the VMware Authorization Service service to connect. Error: (10/03/2014 06:21:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Application Virtualization Client service failed to start due to the following error: %%1053 Error: (10/03/2014 06:21:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (4000 milliseconds) while waiting for the Application Virtualization Client service to connect. Error: (10/03/2014 06:20:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VMware USB Arbitration Service service failed to start due to the following error: %%1053 Error: (10/03/2014 06:20:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (4000 milliseconds) while waiting for the VMware USB Arbitration Service service to connect. Error: (10/03/2014 09:15:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (4000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. Error: (10/03/2014 09:14:05 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY) Description: CBS Client initialization failed. Last error: 0x8007041d Microsoft Office Sessions: ========================= Error: (10/03/2014 06:22:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/03/2014 09:13:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/02/2014 08:03:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/02/2014 05:49:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 07:54:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 03:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 01:38:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 09:19:21 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2014 06:16:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2014 05:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-01-05 11:29:45.801 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-05 11:29:45.707 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-19 08:52:44.038 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-19 08:52:43.976 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD A10-4600M APU with Radeon HD Graphics Percentage of memory in use: 41% Total physical RAM: 7649.33 MB Available physical RAM: 4474.38 MB Total Pagefile: 15296.84 MB Available Pagefile: 11729.88 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (S3A5009D002) (Fixed) (Total:685.15 GB) (Free:457.08 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: AD6440E5) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=685.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12 GB) - (Type=17) ==================== End Of Log ============================ ---------------------------------------------------------------------------- RK log in the next reply
  16. I'll get the addition and RK logs tommorow. Thanks
  17. I scanned with MBAM yesterday, nothing found FRST log: ------------------------------------------------------------------------------------------------------------------------------- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 Ran by test (administrator) on JUSTIIN-PC on 03-10-2014 20:43:21 Running from C:\Users\test\Downloads\FRST-OlderVersion\FRST-OlderVersion Loaded Profile: test (Available profiles: Justiin & test & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\test\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Dropbox, Inc.) C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless Inc.) C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor) HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-17] (SRS Labs, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation) HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [740792 2011-12-21] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [TRUUpdater] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.) HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation) HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [129584 2009-10-22] (VMware, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation) HKU\S-1-5-21-573630501-3468752300-2657990606-1004\...\Run: [spotify Web Helper] => C:\Users\test\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-27] (Spotify Ltd) Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCD_enCA496 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCD_enCA496 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.) Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.) Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.) Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E}: [NameServer] 64.71.255.254 64.71.255.253 FireFox: ======== FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default FF DefaultSearchEngine: Norton Safe Search FF SelectedSearchEngine: Norton Safe Search FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml FF Extension: LastPass - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\Extensions\support@lastpass.com [2014-09-03] FF Extension: Adblock Plus - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-02] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-02] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed] R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation) R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [321392 2011-11-03] (Sierra Wireless, Inc.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed] S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.) S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] () S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed] S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated) S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.) S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Sierra Wireless Inc.) R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-03 20:31 - 2014-10-03 20:33 - 02415006 _____ () C:\Users\test\Downloads\forge-1.7.2-10.12.2.1121-universal.jar 2014-10-03 20:29 - 2014-10-03 20:29 - 00000000 ____D () C:\Users\test\Desktop\fastfoodmodMC 2014-10-03 20:11 - 2014-10-03 20:19 - 181484960 _____ (Oracle Corporation) C:\Users\test\Downloads\jdk-8u20-windows-x64.exe 2014-10-03 19:57 - 2014-10-03 20:03 - 00000000 ____D () C:\Users\test\AppData\Local\Eclipse 2014-10-03 19:49 - 2014-10-03 19:49 - 00000000 ____D () C:\Users\test\Downloads\eclipse-java-luna-SR1-win32-x86_64 2014-10-03 19:42 - 2014-10-03 19:48 - 161354797 _____ () C:\Users\test\Downloads\eclipse-java-luna-SR1-win32-x86_64.zip 2014-10-03 19:37 - 2014-10-03 19:38 - 08007617 _____ () C:\Users\test\Downloads\mcp903.zip 2014-10-02 20:35 - 2014-10-02 20:35 - 00146457 _____ () C:\Users\test\Downloads\Parts Pack for Flans Mod 4.2(1).zip 2014-10-01 20:45 - 2014-10-01 20:46 - 35251789 _____ () C:\Users\test\Downloads\Minecraft Int. Airport VI.zip 2014-10-01 20:40 - 2014-10-01 20:40 - 06340648 _____ () C:\Users\test\Downloads\110306_Minecraft_Airport_McRegion.zip 2014-09-30 17:13 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2014-09-30 17:13 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2014-09-29 18:54 - 2014-09-29 18:54 - 00133367 _____ () C:\Users\test\Documents\MS-DOS.ogg 2014-09-29 14:24 - 2014-10-03 19:21 - 00000000 ____D () C:\Users\test\AppData\Roaming\.minecraft 2014-09-29 14:20 - 2014-10-01 14:16 - 01004810 _____ () C:\Users\test\Documents\DiscoM0n.pptx 2014-09-28 20:01 - 2014-09-28 20:05 - 905878897 _____ () C:\Users\test\Documents\.minecraft.zip 2014-09-28 10:42 - 2014-09-28 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 2014-09-28 10:42 - 2014-09-28 10:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0 2014-09-28 10:41 - 2014-09-28 10:41 - 00122317 _____ () C:\Users\test\Downloads\shrinking potion.zip 2014-09-28 10:39 - 2014-09-28 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1 2014-09-28 10:39 - 2014-09-28 10:39 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits 2014-09-28 10:35 - 2014-09-28 19:14 - 00000000 ____D () C:\Users\test\Documents\Visual Studio 2013 2014-09-28 10:34 - 2014-09-28 10:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE 2014-09-28 10:28 - 2014-09-28 10:28 - 00000000 ____D () C:\Program Files (x86)\AppInsights 2014-09-28 10:21 - 2014-09-28 10:21 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits 2014-09-28 10:03 - 2014-09-28 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files (x86)\Workflow Manager Tools 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files (x86)\Open XML SDK 2014-09-28 09:59 - 2014-09-28 09:59 - 00567998 _____ () C:\Users\test\Downloads\rollercoasterv14_beta28027653.zip 2014-09-28 09:59 - 2014-09-28 09:59 - 00000000 ____D () C:\Program Files\Windows Identity Foundation 2014-09-28 09:59 - 2014-09-28 09:59 - 00000000 ____D () C:\Program Files (x86)\Windows Identity Foundation 2014-09-28 09:54 - 2014-09-28 10:31 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit 2014-09-28 09:54 - 2014-09-28 09:54 - 00000000 ____D () C:\Program Files\Application Verifier 2014-09-28 09:54 - 2014-09-28 09:54 - 00000000 ____D () C:\Program Files (x86)\Application Verifier 2014-09-28 09:52 - 2014-09-28 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2014-09-28 09:50 - 2014-09-28 09:50 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions 2014-09-28 09:47 - 2014-09-28 09:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2014-09-28 09:45 - 2014-09-28 09:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools 2014-09-28 09:44 - 2014-09-28 10:30 - 00000000 ____D () C:\Program Files\IIS Express 2014-09-28 09:44 - 2014-09-28 10:30 - 00000000 ____D () C:\Program Files (x86)\IIS Express 2014-09-28 09:44 - 2014-09-28 09:44 - 00000000 ____D () C:\ProgramData\NuGet 2014-09-28 09:44 - 2014-09-28 09:44 - 00000000 ____D () C:\Program Files (x86)\NuGet 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files\IIS 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files (x86)\IIS 2014-09-28 09:41 - 2014-09-28 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression 2014-09-28 09:39 - 2014-09-28 09:52 - 00000000 ____D () C:\Program Files (x86)\Windows Kits 2014-09-28 09:28 - 2014-09-28 09:28 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop 2014-09-28 09:27 - 2014-09-28 09:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer 2014-09-28 09:21 - 2014-09-28 09:56 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-09-28 09:21 - 2014-09-28 09:34 - 00000000 ____D () C:\windows\SysWOW64\1033 2014-09-28 09:20 - 2014-09-28 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013 2014-09-28 09:01 - 2014-09-28 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0 2014-09-28 09:00 - 2014-09-28 09:25 - 00000000 ____D () C:\windows\system32\1033 2014-09-28 09:00 - 2014-09-28 09:00 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0 2014-09-28 08:56 - 2014-09-28 08:56 - 00095541 _____ () C:\Users\test\Downloads\minecraft_2.zip 2014-09-27 21:31 - 2014-09-27 21:31 - 01236880 _____ (Microsoft Corporation) C:\Users\test\Downloads\vs_ultimate.exe 2014-09-27 19:39 - 2014-09-27 19:39 - 00470812 _____ () C:\Users\test\Downloads\infiniterollercoaster.zip 2014-09-27 19:30 - 2014-09-27 19:30 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate 2014-09-26 21:27 - 2014-09-26 21:27 - 01867776 _____ () C:\windows\SysWOW64\ssmci2.scr 2014-09-26 21:27 - 2014-09-26 21:27 - 01233408 _____ () C:\windows\SysWOW64\libvorbis.dll 2014-09-26 21:27 - 2014-09-26 21:27 - 01186750 _____ () C:\windows\SysWOW64\MCI_Screensaver2_Uninstall.exe 2014-09-26 21:27 - 2014-09-26 21:27 - 00061440 _____ () C:\windows\SysWOW64\libogg.dll 2014-09-26 21:27 - 2014-09-26 21:27 - 00017383 _____ () C:\windows\SysWOW64\libogg-License.txt 2014-09-26 21:27 - 2014-09-26 21:27 - 00000996 _____ () C:\windows\SysWOW64\MCI_Screensaver2_install.log 2014-09-26 21:27 - 2014-09-26 21:27 - 00000000 ____D () C:\windows\SysWOW64\MCI_Data 2014-09-26 21:27 - 2014-09-26 21:27 - 00000000 ____D () C:\Users\test\AppData\Roaming\ssmci 2014-09-25 17:04 - 2014-09-25 17:04 - 00005526 _____ () C:\windows\PFRO.log 2014-09-24 14:52 - 2014-09-24 14:52 - 00000000 ____D () C:\Users\test\Downloads\MCI_Screensaver2_Installation 2014-09-24 14:51 - 2014-09-24 14:52 - 02764938 _____ () C:\Users\test\Downloads\MCI_Screensaver2_Installation.rar 2014-09-23 19:23 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-09-23 19:23 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-09-22 20:00 - 2014-09-22 20:00 - 03028902 _____ () C:\Users\test\Downloads\metaworldsInstaller0_985.jar 2014-09-22 14:25 - 2014-09-28 16:51 - 00148216 _____ () C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-22 14:24 - 2014-10-03 18:20 - 00001456 _____ () C:\windows\setupact.log 2014-09-22 14:24 - 2014-09-28 16:50 - 05149328 _____ () C:\windows\system32\FNTCACHE.DAT 2014-09-22 14:24 - 2014-09-22 14:24 - 00000000 _____ () C:\windows\setuperr.log 2014-09-21 20:02 - 2014-09-21 20:02 - 00136174 _____ () C:\Users\test\Documents\cc_20140921_200213.reg 2014-09-20 18:38 - 2014-09-20 18:38 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2014-09-20 18:38 - 2014-09-20 18:38 - 00001268 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2014-09-20 18:23 - 2014-09-20 18:23 - 00614792 _____ (Adobe Systems Incorporated) C:\Users\test\Downloads\CreativeCloudSet-Up.exe 2014-09-19 20:19 - 2014-09-19 20:19 - 00167936 _____ (ICSharpCode.net) C:\Users\test\Downloads\ICSharpCode.SharpZipLib1.dll 2014-09-19 20:11 - 2014-09-19 20:11 - 01164800 _____ () C:\Users\test\Downloads\Godzilla Mod Installer.exe 2014-09-15 18:12 - 2014-09-15 18:13 - 12416135 _____ () C:\Users\test\Downloads\modpack(7).zip 2014-09-15 18:06 - 2014-09-15 18:06 - 12416135 _____ () C:\Users\test\Downloads\modpack(6).zip 2014-09-15 18:05 - 2014-09-15 18:05 - 12416135 _____ () C:\Users\test\Downloads\modpack(3).zip 2014-09-15 14:37 - 2014-09-15 14:37 - 00000000 ____D () C:\Users\test\Documents\The Study 2014-09-14 18:18 - 2014-09-14 18:18 - 12416135 _____ () C:\Users\test\Downloads\modpack(5).zip 2014-09-14 18:14 - 2014-09-14 18:15 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack(2).zip 2014-09-14 18:08 - 2014-09-14 18:09 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack(1).zip 2014-09-14 17:43 - 2014-09-14 17:44 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack.zip 2014-09-14 14:36 - 2014-09-14 14:37 - 15472959 _____ () C:\Users\test\Downloads\orespawn164v19.zip 2014-09-12 21:59 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-12 21:59 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-09-12 21:59 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-12 21:59 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-12 21:59 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-12 21:59 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-09-12 21:59 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-12 21:59 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-12 21:59 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-12 21:59 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-12 21:59 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-12 21:59 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-12 21:59 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-12 21:59 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-12 21:59 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-12 21:59 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-12 21:59 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-09-12 21:59 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-12 21:59 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-12 21:59 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-09-12 21:59 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-12 21:59 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-09-12 21:59 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-09-12 21:59 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-09-12 21:59 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-09-12 21:59 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-09-12 21:59 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-12 21:59 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-09-12 21:59 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-09-12 21:59 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-09-12 21:59 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-09-12 21:59 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-12 21:59 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-12 21:59 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-12 21:59 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-12 21:59 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-12 21:59 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-09-12 21:59 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-09-12 21:59 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-09-12 21:59 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-12 21:59 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-09-12 21:59 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-12 21:59 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-09-12 21:59 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-09-12 21:59 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-09-12 21:59 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-12 21:59 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-09-12 21:59 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-09-12 21:59 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-12 21:59 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-09-12 21:55 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-12 21:55 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll 2014-09-12 20:04 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-12 20:04 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2014-09-12 20:03 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-12 20:03 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2014-09-12 20:02 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-12 20:02 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-09-12 20:02 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-12 20:02 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-12 20:02 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-09-12 20:02 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-09-12 20:02 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-09-12 19:56 - 2014-09-12 19:57 - 00204496 _____ (Malwarebytes) C:\Users\test\Downloads\startuplite-setup-1.07.exe 2014-09-11 17:40 - 2014-09-11 17:40 - 00096815 _____ () C:\Users\test\Documents\systeminfo.txt 2014-09-11 17:37 - 2014-09-11 17:37 - 00000807 _____ () C:\Users\Public\Desktop\Speccy.lnk 2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\Program Files\Speccy 2014-09-11 17:36 - 2014-09-11 17:36 - 04890736 _____ (Piriform Ltd) C:\Users\test\Downloads\spsetup126.exe 2014-09-10 20:15 - 2014-09-23 19:16 - 03675824 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-09 14:50 - 2014-09-09 15:00 - 00010514 _____ () C:\Users\test\Downloads\ms_blank_timetable2.xlsx 2014-09-08 18:38 - 2014-09-29 15:58 - 00000230 _____ () C:\Users\test\Documents\youtube.bat 2014-09-07 18:59 - 2014-09-07 18:59 - 00160310 _____ () C:\Users\test\Downloads\theshrinkphone.pdn 2014-09-07 18:44 - 2014-09-07 18:44 - 03646369 _____ () C:\Users\test\Documents\justinyoungvlog1.wma 2014-09-04 17:47 - 2014-09-04 17:47 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft2 2014-09-04 17:13 - 2014-09-04 17:13 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-03 20:43 - 2014-01-02 20:29 - 00000000 ____D () C:\FRST 2014-10-03 20:39 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-03 20:39 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-03 20:23 - 2013-02-19 20:46 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2014-10-03 20:22 - 2014-03-22 12:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-03 20:22 - 2013-02-19 20:42 - 00000000 ____D () C:\Program Files\Java 2014-10-03 20:21 - 2014-03-22 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2014-10-03 20:15 - 2012-03-15 21:14 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-10-03 20:02 - 2013-10-22 19:18 - 00000000 ____D () C:\Users\test\workspace 2014-10-03 18:27 - 2012-05-30 13:43 - 01230686 _____ () C:\windows\WindowsUpdate.log 2014-10-03 18:27 - 2009-07-14 01:13 - 00787656 _____ () C:\windows\system32\PerfStringBackup.INI 2014-10-03 18:23 - 2013-06-08 17:00 - 00000000 ____D () C:\Users\test\AppData\Roaming\Dropbox 2014-10-03 18:21 - 2014-08-10 17:32 - 00000000 ____D () C:\ProgramData\VMware 2014-10-03 18:20 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-30 18:21 - 2014-06-30 15:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-29 19:02 - 2014-04-02 19:21 - 00000000 ____D () C:\Users\test\AppData\Roaming\Audacity 2014-09-29 18:54 - 2014-09-01 15:44 - 00000000 ____D () C:\Users\test\AppData\Roaming\vlc 2014-09-29 15:47 - 2013-06-03 12:55 - 00000000 ____D () C:\Users\test\AppData\Local\Paint.NET 2014-09-29 14:45 - 2014-07-08 17:49 - 00000091 _____ () C:\Users\test\Desktop\fibonacci.py 2014-09-29 14:41 - 2014-06-28 13:43 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-09-28 20:40 - 2013-08-01 16:11 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-28 10:45 - 2013-07-10 19:11 - 00000000 ____D () C:\Users\test\Documents\.minecraft 2014-09-28 10:34 - 2012-08-13 09:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs 2014-09-28 09:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-28 09:56 - 2012-08-13 09:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-09-28 09:56 - 2012-08-13 09:29 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2014-09-28 09:56 - 2012-03-15 21:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-09-28 09:50 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild 2014-09-28 08:57 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-09-27 19:30 - 2014-05-11 14:54 - 00000000 ____D () C:\ProgramData\Samsung 2014-09-27 19:30 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\spool 2014-09-27 19:30 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF 2014-09-26 21:29 - 2013-03-04 20:48 - 00000000 ____D () C:\Users\test\AppData\Local\CrashDumps 2014-09-26 21:27 - 2007-12-11 15:06 - 00444952 _____ (Creative Labs) C:\windows\SysWOW64\wrap_oal.dll 2014-09-26 21:27 - 2007-12-11 15:06 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\windows\SysWOW64\OpenAL32.dll 2014-09-26 12:32 - 2013-03-08 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 19:52 - 2013-03-03 21:00 - 00000000 ____D () C:\Users\test\Documents\Camtasia Studio 2014-09-24 20:12 - 2014-09-02 19:53 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-09-23 19:16 - 2012-03-15 21:14 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 19:16 - 2012-03-15 21:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 19:16 - 2012-03-15 21:14 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-09-21 20:06 - 2013-10-22 19:16 - 00000000 ____D () C:\Users\test\Desktop\AndroidStuffScott 2014-09-21 20:00 - 2014-07-23 14:30 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-21 20:00 - 2014-06-29 15:36 - 00000000 ____D () C:\Users\test\Desktop\some bat files 2014-09-21 20:00 - 2014-04-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake 2014-09-21 20:00 - 2013-05-04 12:14 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2014-09-21 20:00 - 2013-05-04 12:06 - 00000000 ____D () C:\Users\test\AppData\Roaming\uTorrent 2014-09-21 20:00 - 2013-02-11 20:28 - 00000000 ____D () C:\windows\Minidump 2014-09-21 20:00 - 2013-02-10 22:06 - 00000000 ___RD () C:\Users\test\Desktop\utility 2014-09-21 20:00 - 2012-03-15 04:37 - 00000000 ____D () C:\windows\Panther 2014-09-21 10:21 - 2014-08-10 18:07 - 00000000 ____D () C:\Users\test\AppData\Roaming\VMware 2014-09-21 09:40 - 2013-05-09 17:13 - 00000000 ____D () C:\Users\test\Desktop\IMPORTANT MINECRAFT 2014-09-20 18:35 - 2012-03-15 21:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-09-18 11:23 - 2013-06-08 17:07 - 00001028 _____ () C:\Users\test\Desktop\Dropbox.lnk 2014-09-18 11:23 - 2013-06-08 17:02 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-16 20:31 - 2014-06-28 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-09-15 15:26 - 2013-02-22 09:04 - 00000000 ____D () C:\Users\test\AppData\Roaming\SoftGrid Client 2014-09-15 14:20 - 2013-11-16 21:33 - 00000000 ____D () C:\Users\test\Desktop\TABLETANDPHONE IMPORTANT 2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-09-14 19:30 - 2014-08-13 15:28 - 00000000 ____D () C:\Users\test\AppData\Roaming\Spotify 2014-09-12 21:57 - 2012-08-13 09:26 - 00771966 _____ () C:\windows\SysWOW64\PerfStringBackup.INI 2014-09-12 21:54 - 2014-05-06 20:57 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-11 17:49 - 2013-03-03 20:39 - 00006656 _____ () C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-10 09:10 - 2009-07-14 01:08 - 00032550 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-09-08 14:44 - 2014-08-13 15:40 - 00000000 ____D () C:\Users\test\AppData\Local\Spotify 2014-09-04 17:49 - 2014-06-13 20:18 - 00000000 ____D () C:\VoidLauncher 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.voidswrath 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.7.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.6.4 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.6.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.5.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.pokepack 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.jurassiccraft 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.fellowship 2014-09-04 17:47 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.electriciansjourney 2014-09-04 17:37 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.dreamcraft Some content of TEMP: ==================== C:\Users\test\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3r0val.dll C:\Users\test\AppData\Local\Temp\FINALISE.exe C:\Users\test\AppData\Local\Temp\jblas329696117017846908libgfortran-3.dll C:\Users\test\AppData\Local\Temp\jblas6074898242201706979libgcc_s_sjlj-1.dll C:\Users\test\AppData\Local\Temp\jblas7692879862842798818jblas.dll C:\Users\test\AppData\Local\Temp\jblas8757903554699266430jblas_arch_flavor.dll C:\Users\test\AppData\Local\Temp\libgcc_s_sjlj-1.dll C:\Users\test\AppData\Local\Temp\libgfortran-3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-29 17:05 ==================== End Of Log ============================ FRST addition log: next reply RK log coming in my next reply
  18. Hi Malwarebytes. My PC has been acting weird lately, mostly my cursor randomly going out of control and huge program lag. So I went to task maneger thinking that it was just a program taking up memory that I should re-install....... But my CPU usage was VERY low, around 1-3% of usage. So it might be malware............ Anyways, here's the FRST log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 Ran by test (administrator) on JUSTIIN-PC on 01-10-2014 15:52:00 Running from C:\Users\test\Downloads\FRST-OlderVersion\FRST-OlderVersion Loaded Profile: test (Available profiles: Justiin & test & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\test\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Dropbox, Inc.) C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless Inc.) C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor) HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-17] (SRS Labs, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation) HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [740792 2011-12-21] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [TRUUpdater] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.) HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation) HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [129584 2009-10-22] (VMware, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-573630501-3468752300-2657990606-1004\...\Run: [spotify Web Helper] => C:\Users\test\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-27] (Spotify Ltd) Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCD_enCA496 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCD_enCA496 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.) Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.) Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.) Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.) Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E}: [NameServer] 64.71.255.254 64.71.255.253 FireFox: ======== FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default FF DefaultSearchEngine: Norton Safe Search FF SelectedSearchEngine: Norton Safe Search FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml FF Extension: LastPass - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\Extensions\support@lastpass.com [2014-09-03] FF Extension: Adblock Plus - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-02] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-02] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed] R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation) R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [321392 2011-11-03] (Sierra Wireless, Inc.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed] S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.) S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] () S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed] S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated) S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.) S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Sierra Wireless Inc.) R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 17:13 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2014-09-30 17:13 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2014-09-29 18:54 - 2014-09-29 18:54 - 00133367 _____ () C:\Users\test\Documents\MS-DOS.ogg 2014-09-29 14:24 - 2014-09-30 17:44 - 00000000 ____D () C:\Users\test\AppData\Roaming\.minecraft 2014-09-29 14:20 - 2014-10-01 14:16 - 01004810 _____ () C:\Users\test\Documents\DiscoM0n.pptx 2014-09-28 20:01 - 2014-09-28 20:05 - 905878897 _____ () C:\Users\test\Documents\.minecraft.zip 2014-09-28 10:42 - 2014-09-28 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 2014-09-28 10:42 - 2014-09-28 10:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0 2014-09-28 10:41 - 2014-09-28 10:41 - 00122317 _____ () C:\Users\test\Downloads\shrinking potion.zip 2014-09-28 10:39 - 2014-09-28 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1 2014-09-28 10:39 - 2014-09-28 10:39 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits 2014-09-28 10:35 - 2014-09-28 19:14 - 00000000 ____D () C:\Users\test\Documents\Visual Studio 2013 2014-09-28 10:34 - 2014-09-28 10:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE 2014-09-28 10:28 - 2014-09-28 10:28 - 00000000 ____D () C:\Program Files (x86)\AppInsights 2014-09-28 10:21 - 2014-09-28 10:21 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits 2014-09-28 10:03 - 2014-09-28 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files (x86)\Workflow Manager Tools 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files (x86)\Open XML SDK 2014-09-28 09:59 - 2014-09-28 09:59 - 00567998 _____ () C:\Users\test\Downloads\rollercoasterv14_beta28027653.zip 2014-09-28 09:59 - 2014-09-28 09:59 - 00000000 ____D () C:\Program Files\Windows Identity Foundation 2014-09-28 09:59 - 2014-09-28 09:59 - 00000000 ____D () C:\Program Files (x86)\Windows Identity Foundation 2014-09-28 09:54 - 2014-09-28 10:31 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit 2014-09-28 09:54 - 2014-09-28 09:54 - 00000000 ____D () C:\Program Files\Application Verifier 2014-09-28 09:54 - 2014-09-28 09:54 - 00000000 ____D () C:\Program Files (x86)\Application Verifier 2014-09-28 09:52 - 2014-09-28 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2014-09-28 09:50 - 2014-09-28 09:50 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions 2014-09-28 09:47 - 2014-09-28 09:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2014-09-28 09:45 - 2014-09-28 09:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools 2014-09-28 09:44 - 2014-09-28 10:30 - 00000000 ____D () C:\Program Files\IIS Express 2014-09-28 09:44 - 2014-09-28 10:30 - 00000000 ____D () C:\Program Files (x86)\IIS Express 2014-09-28 09:44 - 2014-09-28 09:44 - 00000000 ____D () C:\ProgramData\NuGet 2014-09-28 09:44 - 2014-09-28 09:44 - 00000000 ____D () C:\Program Files (x86)\NuGet 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files\IIS 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files (x86)\IIS 2014-09-28 09:41 - 2014-09-28 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression 2014-09-28 09:39 - 2014-09-28 09:52 - 00000000 ____D () C:\Program Files (x86)\Windows Kits 2014-09-28 09:28 - 2014-09-28 09:28 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop 2014-09-28 09:27 - 2014-09-28 09:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer 2014-09-28 09:21 - 2014-09-28 09:56 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-09-28 09:21 - 2014-09-28 09:34 - 00000000 ____D () C:\windows\SysWOW64\1033 2014-09-28 09:20 - 2014-09-28 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013 2014-09-28 09:01 - 2014-09-28 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0 2014-09-28 09:00 - 2014-09-28 09:25 - 00000000 ____D () C:\windows\system32\1033 2014-09-28 09:00 - 2014-09-28 09:00 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0 2014-09-28 08:56 - 2014-09-28 08:56 - 00095541 _____ () C:\Users\test\Downloads\minecraft_2.zip 2014-09-27 21:31 - 2014-09-27 21:31 - 01236880 _____ (Microsoft Corporation) C:\Users\test\Downloads\vs_ultimate.exe 2014-09-27 19:39 - 2014-09-27 19:39 - 00470812 _____ () C:\Users\test\Downloads\infiniterollercoaster.zip 2014-09-27 19:30 - 2014-09-27 19:30 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate 2014-09-26 21:27 - 2014-09-26 21:27 - 01867776 _____ () C:\windows\SysWOW64\ssmci2.scr 2014-09-26 21:27 - 2014-09-26 21:27 - 01233408 _____ () C:\windows\SysWOW64\libvorbis.dll 2014-09-26 21:27 - 2014-09-26 21:27 - 01186750 _____ () C:\windows\SysWOW64\MCI_Screensaver2_Uninstall.exe 2014-09-26 21:27 - 2014-09-26 21:27 - 00061440 _____ () C:\windows\SysWOW64\libogg.dll 2014-09-26 21:27 - 2014-09-26 21:27 - 00017383 _____ () C:\windows\SysWOW64\libogg-License.txt 2014-09-26 21:27 - 2014-09-26 21:27 - 00000996 _____ () C:\windows\SysWOW64\MCI_Screensaver2_install.log 2014-09-26 21:27 - 2014-09-26 21:27 - 00000000 ____D () C:\windows\SysWOW64\MCI_Data 2014-09-26 21:27 - 2014-09-26 21:27 - 00000000 ____D () C:\Users\test\AppData\Roaming\ssmci 2014-09-25 17:04 - 2014-09-25 17:04 - 00005526 _____ () C:\windows\PFRO.log 2014-09-24 14:52 - 2014-09-24 14:52 - 00000000 ____D () C:\Users\test\Downloads\MCI_Screensaver2_Installation 2014-09-24 14:51 - 2014-09-24 14:52 - 02764938 _____ () C:\Users\test\Downloads\MCI_Screensaver2_Installation.rar 2014-09-23 19:23 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-09-23 19:23 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-09-22 20:00 - 2014-09-22 20:00 - 03028902 _____ () C:\Users\test\Downloads\metaworldsInstaller0_985.jar 2014-09-22 14:25 - 2014-09-28 16:51 - 00148216 _____ () C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-22 14:24 - 2014-10-01 14:58 - 00001176 _____ () C:\windows\setupact.log 2014-09-22 14:24 - 2014-09-28 16:50 - 05149328 _____ () C:\windows\system32\FNTCACHE.DAT 2014-09-22 14:24 - 2014-09-22 14:24 - 00000000 _____ () C:\windows\setuperr.log 2014-09-21 20:02 - 2014-09-21 20:02 - 00136174 _____ () C:\Users\test\Documents\cc_20140921_200213.reg 2014-09-20 18:38 - 2014-09-20 18:38 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2014-09-20 18:38 - 2014-09-20 18:38 - 00001268 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2014-09-20 18:23 - 2014-09-20 18:23 - 00614792 _____ (Adobe Systems Incorporated) C:\Users\test\Downloads\CreativeCloudSet-Up.exe 2014-09-19 20:19 - 2014-09-19 20:19 - 00167936 _____ (ICSharpCode.net) C:\Users\test\Downloads\ICSharpCode.SharpZipLib1.dll 2014-09-19 20:11 - 2014-09-19 20:11 - 01164800 _____ () C:\Users\test\Downloads\Godzilla Mod Installer.exe 2014-09-15 18:12 - 2014-09-15 18:13 - 12416135 _____ () C:\Users\test\Downloads\modpack(7).zip 2014-09-15 18:06 - 2014-09-15 18:06 - 12416135 _____ () C:\Users\test\Downloads\modpack(6).zip 2014-09-15 18:05 - 2014-09-15 18:05 - 12416135 _____ () C:\Users\test\Downloads\modpack(3).zip 2014-09-15 14:37 - 2014-09-15 14:37 - 00000000 ____D () C:\Users\test\Documents\The Study 2014-09-14 18:18 - 2014-09-14 18:18 - 12416135 _____ () C:\Users\test\Downloads\modpack(5).zip 2014-09-14 18:14 - 2014-09-14 18:15 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack(2).zip 2014-09-14 18:08 - 2014-09-14 18:09 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack(1).zip 2014-09-14 17:43 - 2014-09-14 17:44 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack.zip 2014-09-14 14:36 - 2014-09-14 14:37 - 15472959 _____ () C:\Users\test\Downloads\orespawn164v19.zip 2014-09-12 21:59 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-12 21:59 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-09-12 21:59 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-12 21:59 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-12 21:59 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-12 21:59 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-09-12 21:59 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-12 21:59 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-12 21:59 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-12 21:59 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-12 21:59 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-12 21:59 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-12 21:59 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-12 21:59 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-12 21:59 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-12 21:59 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-12 21:59 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-09-12 21:59 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-12 21:59 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-12 21:59 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-09-12 21:59 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-12 21:59 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-09-12 21:59 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-09-12 21:59 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-09-12 21:59 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-09-12 21:59 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-09-12 21:59 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-12 21:59 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-09-12 21:59 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-09-12 21:59 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-09-12 21:59 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-09-12 21:59 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-12 21:59 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-12 21:59 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-12 21:59 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-12 21:59 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-12 21:59 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-09-12 21:59 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-09-12 21:59 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-09-12 21:59 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-12 21:59 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-09-12 21:59 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-12 21:59 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-09-12 21:59 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-09-12 21:59 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-09-12 21:59 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-12 21:59 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-09-12 21:59 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-09-12 21:59 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-12 21:59 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-09-12 21:55 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-12 21:55 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll 2014-09-12 20:04 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-12 20:04 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2014-09-12 20:03 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-12 20:03 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2014-09-12 20:02 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-12 20:02 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-09-12 20:02 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-12 20:02 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-12 20:02 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-09-12 20:02 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-09-12 20:02 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-09-12 19:56 - 2014-09-12 19:57 - 00204496 _____ (Malwarebytes) C:\Users\test\Downloads\startuplite-setup-1.07.exe 2014-09-11 17:40 - 2014-09-11 17:40 - 00096815 _____ () C:\Users\test\Documents\systeminfo.txt 2014-09-11 17:37 - 2014-09-11 17:37 - 00000807 _____ () C:\Users\Public\Desktop\Speccy.lnk 2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\Program Files\Speccy 2014-09-11 17:36 - 2014-09-11 17:36 - 04890736 _____ (Piriform Ltd) C:\Users\test\Downloads\spsetup126.exe 2014-09-10 20:15 - 2014-09-23 19:16 - 03675824 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-09 14:50 - 2014-09-09 15:00 - 00010514 _____ () C:\Users\test\Downloads\ms_blank_timetable2.xlsx 2014-09-08 18:38 - 2014-09-29 15:58 - 00000230 _____ () C:\Users\test\Documents\youtube.bat 2014-09-07 18:59 - 2014-09-07 18:59 - 00160310 _____ () C:\Users\test\Downloads\theshrinkphone.pdn 2014-09-07 18:44 - 2014-09-07 18:44 - 03646369 _____ () C:\Users\test\Documents\justinyoungvlog1.wma 2014-09-04 17:47 - 2014-09-04 17:47 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft2 2014-09-04 17:13 - 2014-09-04 17:13 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft 2014-09-02 20:21 - 2014-09-02 20:21 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-09-02 19:56 - 2014-09-02 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-09-02 19:53 - 2014-09-24 20:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-09-02 19:51 - 2014-09-02 19:52 - 01034936 _____ (Microsoft Corporation) C:\Users\test\Downloads\Setup.X86.en-US_O365HomePremRetail_4f8fe66d-41bd-4c99-bb2a-1f947a789f2e_TX_PR_.exe 2014-09-01 15:44 - 2014-09-29 18:54 - 00000000 ____D () C:\Users\test\AppData\Roaming\vlc 2014-09-01 15:44 - 2014-09-01 15:44 - 00001037 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-09-01 15:44 - 2014-09-01 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-09-01 15:42 - 2014-09-01 15:42 - 24743106 _____ () C:\Users\test\Downloads\vlc-2.1.5-win32.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 15:52 - 2014-01-02 20:29 - 00000000 ____D () C:\FRST 2014-10-01 15:15 - 2012-03-15 21:14 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-10-01 15:08 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-01 15:08 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-01 15:04 - 2012-05-30 13:43 - 01095921 _____ () C:\windows\WindowsUpdate.log 2014-10-01 15:01 - 2013-06-08 17:00 - 00000000 ____D () C:\Users\test\AppData\Roaming\Dropbox 2014-10-01 15:00 - 2014-08-10 17:32 - 00000000 ____D () C:\ProgramData\VMware 2014-10-01 14:59 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-30 18:21 - 2014-06-30 15:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-29 19:02 - 2014-04-02 19:21 - 00000000 ____D () C:\Users\test\AppData\Roaming\Audacity 2014-09-29 15:47 - 2013-06-03 12:55 - 00000000 ____D () C:\Users\test\AppData\Local\Paint.NET 2014-09-29 14:45 - 2014-07-08 17:49 - 00000091 _____ () C:\Users\test\Desktop\fibonacci.py 2014-09-29 14:41 - 2014-06-28 13:43 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-09-28 20:40 - 2013-08-01 16:11 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-28 10:45 - 2013-07-10 19:11 - 00000000 ____D () C:\Users\test\Documents\.minecraft 2014-09-28 10:34 - 2012-08-13 09:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs 2014-09-28 09:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-28 09:56 - 2012-08-13 09:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-09-28 09:56 - 2012-08-13 09:29 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2014-09-28 09:56 - 2012-03-15 21:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-09-28 09:50 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild 2014-09-28 08:57 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-09-27 19:30 - 2014-05-11 14:54 - 00000000 ____D () C:\ProgramData\Samsung 2014-09-27 19:30 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\spool 2014-09-27 19:30 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF 2014-09-26 21:29 - 2013-03-04 20:48 - 00000000 ____D () C:\Users\test\AppData\Local\CrashDumps 2014-09-26 21:27 - 2007-12-11 15:06 - 00444952 _____ (Creative Labs) C:\windows\SysWOW64\wrap_oal.dll 2014-09-26 21:27 - 2007-12-11 15:06 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\windows\SysWOW64\OpenAL32.dll 2014-09-26 12:32 - 2013-03-08 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 19:52 - 2013-03-03 21:00 - 00000000 ____D () C:\Users\test\Documents\Camtasia Studio 2014-09-23 19:16 - 2012-03-15 21:14 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 19:16 - 2012-03-15 21:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 19:16 - 2012-03-15 21:14 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-09-21 20:06 - 2013-10-22 19:16 - 00000000 ____D () C:\Users\test\Desktop\AndroidStuffScott 2014-09-21 20:00 - 2014-07-23 14:30 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-21 20:00 - 2014-06-29 15:36 - 00000000 ____D () C:\Users\test\Desktop\some bat files 2014-09-21 20:00 - 2014-04-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake 2014-09-21 20:00 - 2014-03-22 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2014-09-21 20:00 - 2013-05-04 12:14 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2014-09-21 20:00 - 2013-05-04 12:06 - 00000000 ____D () C:\Users\test\AppData\Roaming\uTorrent 2014-09-21 20:00 - 2013-02-11 20:28 - 00000000 ____D () C:\windows\Minidump 2014-09-21 20:00 - 2013-02-10 22:06 - 00000000 ___RD () C:\Users\test\Desktop\utility 2014-09-21 20:00 - 2012-03-15 04:37 - 00000000 ____D () C:\windows\Panther 2014-09-21 17:56 - 2009-07-14 01:13 - 00787656 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-21 10:21 - 2014-08-10 18:07 - 00000000 ____D () C:\Users\test\AppData\Roaming\VMware 2014-09-21 09:40 - 2013-05-09 17:13 - 00000000 ____D () C:\Users\test\Desktop\IMPORTANT MINECRAFT 2014-09-20 18:35 - 2012-03-15 21:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-09-18 11:23 - 2013-06-08 17:07 - 00001028 _____ () C:\Users\test\Desktop\Dropbox.lnk 2014-09-18 11:23 - 2013-06-08 17:02 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-16 20:31 - 2014-06-28 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-09-15 15:26 - 2013-02-22 09:04 - 00000000 ____D () C:\Users\test\AppData\Roaming\SoftGrid Client 2014-09-15 14:20 - 2013-11-16 21:33 - 00000000 ____D () C:\Users\test\Desktop\TABLETANDPHONE IMPORTANT 2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-09-14 19:30 - 2014-08-13 15:28 - 00000000 ____D () C:\Users\test\AppData\Roaming\Spotify 2014-09-12 21:57 - 2012-08-13 09:26 - 00771966 _____ () C:\windows\SysWOW64\PerfStringBackup.INI 2014-09-12 21:54 - 2014-05-06 20:57 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-11 17:49 - 2013-03-03 20:39 - 00006656 _____ () C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-10 09:10 - 2009-07-14 01:08 - 00032550 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-09-08 14:44 - 2014-08-13 15:40 - 00000000 ____D () C:\Users\test\AppData\Local\Spotify 2014-09-04 17:49 - 2014-06-13 20:18 - 00000000 ____D () C:\VoidLauncher 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.voidswrath 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.7.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.6.4 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.6.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.5.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.pokepack 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.jurassiccraft 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.fellowship 2014-09-04 17:47 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.electriciansjourney 2014-09-04 17:37 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.dreamcraft 2014-09-02 20:21 - 2012-03-15 21:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-09-02 18:51 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.aethericcrusade 2014-09-01 17:15 - 2013-10-22 19:18 - 00000000 ____D () C:\Users\test\workspace 2014-09-01 16:48 - 2013-10-08 20:41 - 00000000 ____D () C:\Users\test\android-sdks 2014-09-01 15:43 - 2014-04-07 17:19 - 00000000 ____D () C:\Program Files (x86)\VideoLAN Some content of TEMP: ==================== C:\Users\test\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5racow.dll C:\Users\test\AppData\Local\Temp\FINALISE.exe C:\Users\test\AppData\Local\Temp\jblas329696117017846908libgfortran-3.dll C:\Users\test\AppData\Local\Temp\jblas6074898242201706979libgcc_s_sjlj-1.dll C:\Users\test\AppData\Local\Temp\jblas7692879862842798818jblas.dll C:\Users\test\AppData\Local\Temp\jblas8757903554699266430jblas_arch_flavor.dll C:\Users\test\AppData\Local\Temp\libgcc_s_sjlj-1.dll C:\Users\test\AppData\Local\Temp\libgfortran-3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-29 17:05 ==================== End Of Log ============================
  19. Okay, it's what I thought Anyways, thanks for your help, see you later
  20. Lol didn't know you where on the mbam forums naat It's jman005 from g2g
  21. UPDATE: the computer also had trouble starting, it had to do startup repair(which failed), but I was still able to start the computer
  22. Okay, i'm back Now, you might wonder these things about the attached log: Q: Why is the PC name Laura? A: the computer wasn't always mine Q: why are the drives messed up(they might be)? A: A while back, this computer had a pretty bad infection (before I knew about the mbam forums) and got a technician, and his "solution" was to install a new hard drive. Logs attatched. FRST.txt Addition.txt CheckResults.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.