-
Posts
133 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by smemeber
-
I think he was posting it because it was loading a Garry's mod(sandbox game) banner website (when you load a server in Gmod it loads a website usually with information about the server but sometimes they put some extras in (like music)) website and malwarebytes blocked it - even though it was embed in the game - which proves malwarebytes is one of the best antiviruses.
-
Okay, thanks for the info . By maximum memory supported you mean RAM right?Also, is the solid state drive, graphics card and processor compatible with the motherboard? Couldn't find anything online. thanks
-
I'm building a gaming PC(desktop) and I was wondering if anyone could tell me if this is a good choice for parts: Motherboard: MSI Z97 gaming: http://www.ats-systems.com/store/detail.asp?PRODUCT_ID=5278727 CPU/processor: Intel I7: http://www.bestbuy.com/site/intel-core-i7-3770-processor/5513859.p?id=1218655167725 RAM: Ask at store of choice [as I don't know what RAM chips can go in the Z97 motherboard] Graphics Card: msi R9 290X GAMING 4G: http://www.ats-systems.com/retail/manufact/manufacturers.asp?manufacturer=MSI Solid State drive: AMD RADEON R7: Canada computers Case: MSI nightblade: same as all the other MSI products Monitor: Dell ST2220T [sorry for the huge text, it was made in word]
-
Good, I'm just trying to find time to do the scan, sorry for the delay
-
When I run Combofix, after it backs up and installs itself, it wants me to rename it from ComboFix(1) to ComboFix, but as far as I can see it is allready named ComboFix. Can you help? Thanks
-
Yeah, I know, I was just hoping the problem was malware as normal PC problems can be harder to fix then malware.
-
TDSSkiller found nothing (sad face because I was hoping a rootkit was the problem and removing it would help with the PC slowness and other problems) I'm going to scan with ComboFix tommorow, sorry for the delay -malwarebytesmemeber
-
TDSS and ComboFix logs coming later today, sorry for the delay
-
A status update: the "cursor going crazy" thing is gone, but my computer has SUCH a slow startup (I allready ran MBAM startup lite and checked my startup folder) and my computer is also generally slow. I don't know if it's stealth malware, some kind of rootkit or my computer is just failing. Should I run TDSS killer and see? Also...... what about [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\tdcmdpst @ Unknown (\SystemRoot\system32\DRIVERS\usbfilter.sys)[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\vmkbd @ Unknown (\SystemRoot\system32\DRIVERS\usbohci.sys)? JRT log: ----------------------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.1 (10.06.2014:1) OS: Windows 7 Home Premium x64 Ran by test on 06/10/2014 at 18:50:40.46 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\windows\wininit.ini" ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\zwr99lbc.default\prefs.js user_pref("symantec.browser.sessionstore.resume_from_crash.toggle", false); Emptied folder: C:\Users\test\AppData\Roaming\mozilla\firefox\profiles\zwr99lbc.default\minidumps [24 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06/10/2014 at 18:54:25.76 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
JRT log coming soon (tommorow or in a few hours)
-
Just scanned with adwcleaner.... Didn't delete C:\END and C:\windows\SysWOW64\SearchProtect because they seem important (SearchProtect just because it's in SysWOW64) Log: ---------------------------------------------------------------------------------------------------------------------------- # AdwCleaner v3.311 - Report created 05/10/2014 at 19:50:18 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : test - JUSTIIN-PC # Running from : C:\Users\test\Downloads\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [x] Not Deleted : C:\windows\SysWOW64\SearchProtect Folder Deleted : C:\Users\Justiin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [x] Not Deleted : C:\END ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v32.0.3 (x86 en-GB) [ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\rbg22xn1.default\prefs.js ] [ File : C:\Users\Justiin\AppData\Roaming\Mozilla\Firefox\Profiles\uedsova8.default\prefs.js ] [ File : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc [ File : C:\Users\Justiin\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=15527&prt=360&chn=retail&geo=CA&ver=20&locale=en_CA&tpr=111 Deleted [search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=3D5E7EB0-7367-4807-A188-7924507F40B5&apn_ptnrs=U3&apn_sauid=6A0556DC-A67C-47B2-BFF1-3E2348C7D3E1&apn_dtid=OSJ000YYCA&q={searchTerms} Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=25&systemid=417&apn_dtid=BND417&apn_ptnrs=AGA&o=APN10649&apn_uid=3063215245894430&q={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk ************************* AdwCleaner[R0].txt - [2476 octets] - [03/01/2014 15:37:40] AdwCleaner[R1].txt - [3731 octets] - [05/10/2014 19:46:40] AdwCleaner[s0].txt - [2583 octets] - [03/01/2014 15:41:54] AdwCleaner[s1].txt - [4318 octets] - [05/10/2014 19:50:18] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4378 octets] ##########
-
DelFix log, just in case you need it --------------------------------------------------------------- # DelFix v10.8 - Logfile created 05/10/2014 at 19:37:57 # Updated 29/07/2014 by Xplode # Username : test - JUSTIIN-PC # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) ~ Creating registry backup ... OK ########## - EOF - ##########
-
yeah, I know the dangers of multiple AV's. Defender disabled.
-
RK log (looks like there's some pums and minor rootkits ) ------------------------------------------------------------------------------------------------ RogueKiller V9.2.13.0 (x64) [sep 25 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : test [Admin rights] Mode : Scan -- Date : 10/04/2014 17:06:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 19 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E} | NameServer : 64.71.255.254 64.71.255.253 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E} | NameServer : 64.71.255.254 64.71.255.253 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E} | NameServer : 64.71.255.254 64.71.255.253 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-573630501-3468752300-2657990606-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤ [C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤ [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\tdcmdpst @ Unknown (\SystemRoot\system32\DRIVERS\usbfilter.sys) [Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\vmkbd @ Unknown (\SystemRoot\system32\DRIVERS\usbohci.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547575A9E384 ATA Device +++++ --- User --- [MBR] 696ad51e0c3a3160de93ac3d9a301740 [bSP] 5c5ef59b980bbbf712f14e366bd951ac : HP MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 701591 MB 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1439934464 | Size: 12311 MB User = LL1 ... OK User = LL2 ... OK ---------------------------------------------------------------------------------------------
-
Addition log: ----------------------------------------------------------------- dditional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 Ran by test at 2014-10-03 20:45:05 Running from C:\Users\test\Downloads\FRST-OlderVersion\FRST-OlderVersion Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{63F96D8F-D32B-AABF-4DE1-F51FF391FFD6}) (Version: 3.0.870.0 - Advanced Micro Devices, Inc.) AMD Media Foundation Decoders (Version: 1.0.70213.1643 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.03.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Insights Tools for Visual Studio 2013 (x32 Version: 2.1 - Microsoft Corporation) Hidden Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd) AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.11.3116 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{80194F84-21CE-44CF-A46E-38D8CE448856}) (Version: 0.8.11.3116 - BlueStack Systems, Inc.) Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Camtasia Studio 8 (HKLM-x32\...\{A7727F03-5311-4A12-9A63-2ACD20BA0497}) (Version: 8.2.1.1423 - TechSmith Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation) ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.) Fraps (HKLM-x32\...\Fraps) (Version: - ) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - ) IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.) Java 7 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417015FF}) (Version: 7.0.150 - Oracle) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle) Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden Java SE Development Kit 7 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170150}) (Version: 1.7.0.150 - Oracle) Java SE Development Kit 7 Update 15 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170150}) (Version: 1.7.0.150 - Oracle) Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MCI Screensaver 2 (HKLM-x32\...\MCI Screensaver 2) (Version: - ) Memory Profiler (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft Advertising SDK for Windows 8.1 - ENU (x32 Version: 8.1.30809.0 - Microsoft Corporation) Hidden Microsoft Advertising SDK for Windows Phone 8.1 XAML - ENU (x32 Version: 8.1.40427.0 - Microsoft Corporation) Hidden Microsoft Advertising Service Extension for Visual Studio (x32 Version: 12.0.40402.0 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft ASP.NET and Web Tools 2013.3 - Visual Studio 12 (x32 Version: 12.3.50717.0 - Microsoft Corporation) Hidden Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden Microsoft ASP.NET MVC 4 Runtime (x32 Version: 4.0.20716.0 - Microsoft Corporation) Hidden Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU (x32 Version: 5.2.20703.0 - Microsoft Corporation) Hidden Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20716.0 - Microsoft Corporation) Hidden Microsoft Azure Mobile Services SDK (x32 Version: 1.0.20703.0 - Microsoft Corporation) Hidden Microsoft Azure Mobile Services Tools for Visual Studio - v1.2 (x32 Version: 1.2.20710.1601 - Microsoft Corporation) Hidden Microsoft Azure Shared Components for Visual Studio 2013 - v1.2 (x32 Version: 1.2.20710.1601 - Microsoft Corporation) Hidden Microsoft Azure Tools for LightSwitch for Visual Studio 2013 - June 2014 Update - v2.4 (x32 Version: 2.4.20623.1601 - Microsoft) Hidden Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden Microsoft Exchange Web Services Managed API 2.1 (x32 Version: 15.0.847.30 - Microsoft Corporation) Hidden Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden Microsoft Identity Extensions (Version: 2.0.1459.0 - Microsoft Corporation) Hidden Microsoft LightSwitch for Visual Studio 2013 Core (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft LightSwitch for Visual Studio 2013 v4.5 Tools (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft LightSwitch for Visual Studio 2013 v4.5 ToolsRes - ENU (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft LightSwitch v4.5 SDK (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden Microsoft NuGet - Visual Studio 2013 (x32 Version: 2.8.50313.46 - Microsoft Corporation) Hidden Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) - ENU Language Pack (Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) (Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Developer Tools for Visual Studio (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Office Developer Tools for Visual Studio ENU Language Pack (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft Portable Library Multi-Targeting Pack (x32 Version: 12.0.30501.00 - Microsoft Corporation) Hidden Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (x32 Version: 12.0.30501.00 - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Report Viewer Add-On for Visual Studio 2013 (x32 Version: 11.1.3442.2 - Microsoft Corporation) Hidden Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package (x32 Version: 12.0.30626 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft Team Foundation Server 2013 Update 3 Object Model (x64) (Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Team Foundation Server 2013 Update 3 Object Model Language Pack (x64) - ENU (Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual C++ ARM Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual C++ x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64 Native Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64 Native Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64-arm Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64-arm Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64-x86 Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64-x86 Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 Compilers - ENU Resources (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 Compilers (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Designtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 32bit Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Extended Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Devenv (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Devenv Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Diagnostic Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Diagnostic Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 IntelliTrace (x64) (Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 IntelliTrace (x86) (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 IntelliTrace Front End (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Performance Collection Tools - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Performance Collection Tools (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Profiling Tools (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell (Minimum) Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 VsGraphics Helper Dependencies (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 XAML UI Designer - ENU (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 XAML UI Designer (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Microsoft Visual Studio Premium 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Premium 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Professional 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Professional 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Team Foundation Server 2013 Storyboarding (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Team Foundation Server 2013 Storyboarding Language Pack (x64) - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2013 with Update 3 (HKLM-x32\...\{71688083-99e8-4e10-9522-8e98a130c438}) (Version: 12.0.30723 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NetBeans IDE 7.2 (HKLM-x32\...\nbi-nb-base-7.2.0.0.201207171143) (Version: 7.2 - NetBeans.org) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden Premium Sound HD (HKLM\...\{75A43A49-A6A1-4FCB-A41E-02D76E166691}) (Version: 1.12.0700 - SRS Labs, Inc.) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 3.4.1 (HKLM-x32\...\{DF32BB9E-3ED8-36B5-A649-E8C845C5F3A2}) (Version: 3.4.1150 - Python Software Foundation) Python Tools Redirection Template (x32 Version: 1.2 - Microsoft Corporation) Hidden QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.) Rogers Connection Manager (HKLM-x32\...\{C295E308-5238-4157-962C-FDBF090ECC7E}) (Version: 6.0.3321.5603 - Sierra Wireless Inc.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden Sony Ericsson Wireless Manager 5 (HKLM-x32\...\{D2C6DAC2-6AB2-4749-8AAF-538AFF5A981A}) (Version: 5.3.2076.12 - Sony Ericsson) Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform) Splashtop Remote Client (x32 Version: 1.1.5.0 - Splashtop Inc.) Hidden Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™) Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.0 - Synaptics Incorporated) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TheSkyX First Light Edition (HKLM-x32\...\{ECE3188A-3B11-4332-B1B9-43FAA9A02626}) (Version: 10.0.2 - Software Bisque, Inc.) tools-freebsd (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden tools-linux (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden tools-netware (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden tools-solaris (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden tools-windows (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden tools-winPre2k (x32 Version: 8.1.3.9911 - VMware, Inc.) Hidden TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.00.07.64 - TOSHIBA Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation) TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0023.640204 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.6.0023.640204 - TOSHIBA Corporation) Hidden TOSHIBA Value Added Package (x32 Version: 1.6.0023.640204 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation) TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation) Hidden TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION) TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) Update for Microsoft Visual Studio 2013 (KB2932965) (HKLM-x32\...\{7dbba119-718a-4f68-b33e-454dc8aa5faf}) (Version: 12.0.30112 - Microsoft Corporation) Visual F# 3.1 SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Visual F# 3.1 VS (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation) Visual Studio 2012 Verification SDK - chs (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012 Verification SDK - enu (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012 Verification SDK - ita (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012 Verification SDK - jpn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012 Verification SDK (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Visual Studio 2012 유효성 검사 SDK - kor (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012 驗證 SDK - cht (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2012-Verifizierungs-SDK - deu (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Visual Studio 2013 Prerequisites - ENU Language Pack (Version: 12.0.21005 - Microsoft Corporation) Hidden Visual Studio 2013 Prerequisites (Version: 12.0.21005 - Microsoft Corporation) Hidden Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation) Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 2.1.30723.00 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.0.0.9911 - VMware, Inc) VMware Workstation (x32 Version: 7.0.0.9911 - VMware, Inc.) Hidden VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation) Windows App Certification Kit Native Components (Version: 8.100.26629 - Microsoft Corporation) Hidden Windows App Certification Kit x64 (x32 Version: 8.100.26795 - Microsoft Corporation) Hidden Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1 (x32 Version: 2.1.10909.1601 - Microsoft) Hidden Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Phone 8.1 SDK - ARM (x32 Version: 8.1.12358 - Microsoft Corporation) Hidden Windows Phone 8.1 SDK - Desktop (x32 Version: 8.1.12358 - Microsoft Corporation) Hidden Windows Phone 8.1 SDK - x64 (Version: 8.1.12358 - Microsoft Corporation) Hidden Windows Phone 8.1 SDK - x86 (x32 Version: 8.1.12358 - Microsoft Corporation) Hidden Windows Phone 8.1 Tools for Visual Studio 2013 - ENU (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Windows Phone 8.1 Tools for Visual Studio 2013 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Windows Phone 8.1 Tools for Visual Studio Professional 2013 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Windows Phone 8.1 Tools for Visual Studio Professionald 2013 - ENU (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Windows Phone SDK 8.0 Assemblies (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden Windows Runtime Intellisense Content - en-us (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit (x32 Version: 8.100.26831 - Microsoft Corporation) Hidden Windows Software Development Kit (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x64 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.26831 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.26831 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.26831 - Microsoft Corporation) Hidden Windows XP Targeting with C++ (Version: 11.0.51106 - Microsoft Corporation) Hidden Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden WinX Video Converter 5.0.1 (HKLM-x32\...\WinX Video Converter_is1) (Version: - Digiarty Software, Inc.) Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{69056475-33a1-43dd-902c-c99b8d83e48d}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{a0fb4e1a-b196-4736-8496-d99fd01208ea}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-573630501-3468752300-2657990606-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 23-09-2014 23:23:47 Windows Update 24-09-2014 13:30:32 Windows Update 28-09-2014 01:33:01 Microsoft Visual Studio Ultimate 2013 with Update 3 28-09-2014 01:34:42 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 28-09-2014 01:35:06 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 28-09-2014 01:35:44 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 28-09-2014 12:54:34 Microsoft Visual Studio Ultimate 2013 with Update 3 28-09-2014 12:55:49 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 28-09-2014 12:56:14 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 28-09-2014 13:39:45 Installed DirectX 28-09-2014 13:58:41 Windows Update 29-09-2014 00:39:44 Windows Update 30-09-2014 23:15:01 Windows Update 04-10-2014 00:20:20 Installed Java SE Development Kit 8 Update 20 (64-bit) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-01-05 12:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0343508F-E556-44F9-9DD5-5284FA51A296} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {2825A17E-281E-4772-8BF9-20BEB25C521F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation) Task: {282F03C8-97F2-43E9-AE13-FD2ECFF8FEC0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {46E57131-5453-4AD0-82ED-053FCFB0D523} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-24] (Microsoft Corporation) Task: {4C3F3C7B-58A1-46AF-A49B-4F46A73BE10C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {50D22491-2201-40A2-B112-4CB9C27C08CF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {6AF0E02D-6A38-4DBD-B9EA-52A59C537AAF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {773A2896-C693-4251-BC7E-C54D1178A63A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {83EF0D36-FF67-44FB-AAE8-817679A1C20D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {AD4987D0-E67D-4D96-9665-8FD6F433C030} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd) Task: {ED69A077-2D8E-492E-A0E6-6FB727250E69} - System32\Tasks\{B3431BEC-6C07-4467-87EA-DE08230154D5} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-25 07:24 - 2011-04-25 11:24 - 00034304 _____ () C:\windows\System32\ssj1mlm.dll 2014-09-02 19:53 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2014-09-24 20:10 - 2014-09-24 20:10 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2011-08-22 18:19 - 2011-08-22 18:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2011-01-19 19:00 - 2011-01-19 19:00 - 00118784 _____ () C:\Program Files\TOSHIBA\PeakShift\MUIHelp.dll 2012-02-13 19:39 - 2012-02-13 19:39 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-02-03 16:33 - 2012-02-03 16:33 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-03 18:22 - 2014-10-03 18:22 - 00043008 _____ () c:\users\test\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3r0val.dll 2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\test\AppData\Roaming\Dropbox\bin\libcef.dll 2011-11-03 17:39 - 2011-11-03 17:39 - 00251248 _____ () C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll 2014-07-29 20:22 - 2014-09-26 12:32 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-09-03 12:00 - 2014-09-03 12:00 - 01020928 _____ () C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: SSUService => 2 ========================= Accounts: ========================== Administrator (S-1-5-21-573630501-3468752300-2657990606-500 - Administrator - Disabled) Guest (S-1-5-21-573630501-3468752300-2657990606-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-573630501-3468752300-2657990606-1012 - Limited - Enabled) Justiin (S-1-5-21-573630501-3468752300-2657990606-1000 - Administrator - Enabled) => C:\Users\Justiin test (S-1-5-21-573630501-3468752300-2657990606-1004 - Administrator - Enabled) => C:\Users\test __vmware_user__ (S-1-5-21-573630501-3468752300-2657990606-1010 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/03/2014 06:22:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/03/2014 09:13:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/02/2014 08:03:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/02/2014 05:49:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 07:54:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 03:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 01:38:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 09:19:21 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2014 06:16:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2014 05:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/03/2014 06:24:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (4000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. Error: (10/03/2014 06:21:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%1053 Error: (10/03/2014 06:21:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VMware Authorization Service service failed to start due to the following error: %%1053 Error: (10/03/2014 06:21:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (4000 milliseconds) while waiting for the VMware Authorization Service service to connect. Error: (10/03/2014 06:21:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Application Virtualization Client service failed to start due to the following error: %%1053 Error: (10/03/2014 06:21:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (4000 milliseconds) while waiting for the Application Virtualization Client service to connect. Error: (10/03/2014 06:20:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VMware USB Arbitration Service service failed to start due to the following error: %%1053 Error: (10/03/2014 06:20:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (4000 milliseconds) while waiting for the VMware USB Arbitration Service service to connect. Error: (10/03/2014 09:15:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (4000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect. Error: (10/03/2014 09:14:05 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY) Description: CBS Client initialization failed. Last error: 0x8007041d Microsoft Office Sessions: ========================= Error: (10/03/2014 06:22:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/03/2014 09:13:40 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/02/2014 08:03:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/02/2014 05:49:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 07:54:03 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 03:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 01:38:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/01/2014 09:19:21 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2014 06:16:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/30/2014 05:05:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-01-05 11:29:45.801 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-05 11:29:45.707 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-19 08:52:44.038 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-19 08:52:43.976 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD A10-4600M APU with Radeon HD Graphics Percentage of memory in use: 41% Total physical RAM: 7649.33 MB Available physical RAM: 4474.38 MB Total Pagefile: 15296.84 MB Available Pagefile: 11729.88 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (S3A5009D002) (Fixed) (Total:685.15 GB) (Free:457.08 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: AD6440E5) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=685.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12 GB) - (Type=17) ==================== End Of Log ============================ ---------------------------------------------------------------------------- RK log in the next reply
-
I'll get the addition and RK logs tommorow. Thanks
-
I scanned with MBAM yesterday, nothing found FRST log: ------------------------------------------------------------------------------------------------------------------------------- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 Ran by test (administrator) on JUSTIIN-PC on 03-10-2014 20:43:21 Running from C:\Users\test\Downloads\FRST-OlderVersion\FRST-OlderVersion Loaded Profile: test (Available profiles: Justiin & test & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\test\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Dropbox, Inc.) C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless Inc.) C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor) HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-17] (SRS Labs, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation) HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [740792 2011-12-21] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [TRUUpdater] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.) HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation) HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [129584 2009-10-22] (VMware, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation) HKU\S-1-5-21-573630501-3468752300-2657990606-1004\...\Run: [spotify Web Helper] => C:\Users\test\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-27] (Spotify Ltd) Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCD_enCA496 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCD_enCA496 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.) Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.) Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.) Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E}: [NameServer] 64.71.255.254 64.71.255.253 FireFox: ======== FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default FF DefaultSearchEngine: Norton Safe Search FF SelectedSearchEngine: Norton Safe Search FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml FF Extension: LastPass - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\Extensions\support@lastpass.com [2014-09-03] FF Extension: Adblock Plus - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-02] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-02] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed] R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation) R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [321392 2011-11-03] (Sierra Wireless, Inc.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed] S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.) S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] () S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed] S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated) S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.) S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Sierra Wireless Inc.) R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-03 20:31 - 2014-10-03 20:33 - 02415006 _____ () C:\Users\test\Downloads\forge-1.7.2-10.12.2.1121-universal.jar 2014-10-03 20:29 - 2014-10-03 20:29 - 00000000 ____D () C:\Users\test\Desktop\fastfoodmodMC 2014-10-03 20:11 - 2014-10-03 20:19 - 181484960 _____ (Oracle Corporation) C:\Users\test\Downloads\jdk-8u20-windows-x64.exe 2014-10-03 19:57 - 2014-10-03 20:03 - 00000000 ____D () C:\Users\test\AppData\Local\Eclipse 2014-10-03 19:49 - 2014-10-03 19:49 - 00000000 ____D () C:\Users\test\Downloads\eclipse-java-luna-SR1-win32-x86_64 2014-10-03 19:42 - 2014-10-03 19:48 - 161354797 _____ () C:\Users\test\Downloads\eclipse-java-luna-SR1-win32-x86_64.zip 2014-10-03 19:37 - 2014-10-03 19:38 - 08007617 _____ () C:\Users\test\Downloads\mcp903.zip 2014-10-02 20:35 - 2014-10-02 20:35 - 00146457 _____ () C:\Users\test\Downloads\Parts Pack for Flans Mod 4.2(1).zip 2014-10-01 20:45 - 2014-10-01 20:46 - 35251789 _____ () C:\Users\test\Downloads\Minecraft Int. Airport VI.zip 2014-10-01 20:40 - 2014-10-01 20:40 - 06340648 _____ () C:\Users\test\Downloads\110306_Minecraft_Airport_McRegion.zip 2014-09-30 17:13 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2014-09-30 17:13 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2014-09-29 18:54 - 2014-09-29 18:54 - 00133367 _____ () C:\Users\test\Documents\MS-DOS.ogg 2014-09-29 14:24 - 2014-10-03 19:21 - 00000000 ____D () C:\Users\test\AppData\Roaming\.minecraft 2014-09-29 14:20 - 2014-10-01 14:16 - 01004810 _____ () C:\Users\test\Documents\DiscoM0n.pptx 2014-09-28 20:01 - 2014-09-28 20:05 - 905878897 _____ () C:\Users\test\Documents\.minecraft.zip 2014-09-28 10:42 - 2014-09-28 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 2014-09-28 10:42 - 2014-09-28 10:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0 2014-09-28 10:41 - 2014-09-28 10:41 - 00122317 _____ () C:\Users\test\Downloads\shrinking potion.zip 2014-09-28 10:39 - 2014-09-28 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1 2014-09-28 10:39 - 2014-09-28 10:39 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits 2014-09-28 10:35 - 2014-09-28 19:14 - 00000000 ____D () C:\Users\test\Documents\Visual Studio 2013 2014-09-28 10:34 - 2014-09-28 10:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE 2014-09-28 10:28 - 2014-09-28 10:28 - 00000000 ____D () C:\Program Files (x86)\AppInsights 2014-09-28 10:21 - 2014-09-28 10:21 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits 2014-09-28 10:03 - 2014-09-28 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files (x86)\Workflow Manager Tools 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files (x86)\Open XML SDK 2014-09-28 09:59 - 2014-09-28 09:59 - 00567998 _____ () C:\Users\test\Downloads\rollercoasterv14_beta28027653.zip 2014-09-28 09:59 - 2014-09-28 09:59 - 00000000 ____D () C:\Program Files\Windows Identity Foundation 2014-09-28 09:59 - 2014-09-28 09:59 - 00000000 ____D () C:\Program Files (x86)\Windows Identity Foundation 2014-09-28 09:54 - 2014-09-28 10:31 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit 2014-09-28 09:54 - 2014-09-28 09:54 - 00000000 ____D () C:\Program Files\Application Verifier 2014-09-28 09:54 - 2014-09-28 09:54 - 00000000 ____D () C:\Program Files (x86)\Application Verifier 2014-09-28 09:52 - 2014-09-28 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2014-09-28 09:50 - 2014-09-28 09:50 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions 2014-09-28 09:47 - 2014-09-28 09:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2014-09-28 09:45 - 2014-09-28 09:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools 2014-09-28 09:44 - 2014-09-28 10:30 - 00000000 ____D () C:\Program Files\IIS Express 2014-09-28 09:44 - 2014-09-28 10:30 - 00000000 ____D () C:\Program Files (x86)\IIS Express 2014-09-28 09:44 - 2014-09-28 09:44 - 00000000 ____D () C:\ProgramData\NuGet 2014-09-28 09:44 - 2014-09-28 09:44 - 00000000 ____D () C:\Program Files (x86)\NuGet 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files\IIS 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files (x86)\IIS 2014-09-28 09:41 - 2014-09-28 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression 2014-09-28 09:39 - 2014-09-28 09:52 - 00000000 ____D () C:\Program Files (x86)\Windows Kits 2014-09-28 09:28 - 2014-09-28 09:28 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop 2014-09-28 09:27 - 2014-09-28 09:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer 2014-09-28 09:21 - 2014-09-28 09:56 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-09-28 09:21 - 2014-09-28 09:34 - 00000000 ____D () C:\windows\SysWOW64\1033 2014-09-28 09:20 - 2014-09-28 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013 2014-09-28 09:01 - 2014-09-28 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0 2014-09-28 09:00 - 2014-09-28 09:25 - 00000000 ____D () C:\windows\system32\1033 2014-09-28 09:00 - 2014-09-28 09:00 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0 2014-09-28 08:56 - 2014-09-28 08:56 - 00095541 _____ () C:\Users\test\Downloads\minecraft_2.zip 2014-09-27 21:31 - 2014-09-27 21:31 - 01236880 _____ (Microsoft Corporation) C:\Users\test\Downloads\vs_ultimate.exe 2014-09-27 19:39 - 2014-09-27 19:39 - 00470812 _____ () C:\Users\test\Downloads\infiniterollercoaster.zip 2014-09-27 19:30 - 2014-09-27 19:30 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate 2014-09-26 21:27 - 2014-09-26 21:27 - 01867776 _____ () C:\windows\SysWOW64\ssmci2.scr 2014-09-26 21:27 - 2014-09-26 21:27 - 01233408 _____ () C:\windows\SysWOW64\libvorbis.dll 2014-09-26 21:27 - 2014-09-26 21:27 - 01186750 _____ () C:\windows\SysWOW64\MCI_Screensaver2_Uninstall.exe 2014-09-26 21:27 - 2014-09-26 21:27 - 00061440 _____ () C:\windows\SysWOW64\libogg.dll 2014-09-26 21:27 - 2014-09-26 21:27 - 00017383 _____ () C:\windows\SysWOW64\libogg-License.txt 2014-09-26 21:27 - 2014-09-26 21:27 - 00000996 _____ () C:\windows\SysWOW64\MCI_Screensaver2_install.log 2014-09-26 21:27 - 2014-09-26 21:27 - 00000000 ____D () C:\windows\SysWOW64\MCI_Data 2014-09-26 21:27 - 2014-09-26 21:27 - 00000000 ____D () C:\Users\test\AppData\Roaming\ssmci 2014-09-25 17:04 - 2014-09-25 17:04 - 00005526 _____ () C:\windows\PFRO.log 2014-09-24 14:52 - 2014-09-24 14:52 - 00000000 ____D () C:\Users\test\Downloads\MCI_Screensaver2_Installation 2014-09-24 14:51 - 2014-09-24 14:52 - 02764938 _____ () C:\Users\test\Downloads\MCI_Screensaver2_Installation.rar 2014-09-23 19:23 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-09-23 19:23 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-09-22 20:00 - 2014-09-22 20:00 - 03028902 _____ () C:\Users\test\Downloads\metaworldsInstaller0_985.jar 2014-09-22 14:25 - 2014-09-28 16:51 - 00148216 _____ () C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-22 14:24 - 2014-10-03 18:20 - 00001456 _____ () C:\windows\setupact.log 2014-09-22 14:24 - 2014-09-28 16:50 - 05149328 _____ () C:\windows\system32\FNTCACHE.DAT 2014-09-22 14:24 - 2014-09-22 14:24 - 00000000 _____ () C:\windows\setuperr.log 2014-09-21 20:02 - 2014-09-21 20:02 - 00136174 _____ () C:\Users\test\Documents\cc_20140921_200213.reg 2014-09-20 18:38 - 2014-09-20 18:38 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2014-09-20 18:38 - 2014-09-20 18:38 - 00001268 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2014-09-20 18:23 - 2014-09-20 18:23 - 00614792 _____ (Adobe Systems Incorporated) C:\Users\test\Downloads\CreativeCloudSet-Up.exe 2014-09-19 20:19 - 2014-09-19 20:19 - 00167936 _____ (ICSharpCode.net) C:\Users\test\Downloads\ICSharpCode.SharpZipLib1.dll 2014-09-19 20:11 - 2014-09-19 20:11 - 01164800 _____ () C:\Users\test\Downloads\Godzilla Mod Installer.exe 2014-09-15 18:12 - 2014-09-15 18:13 - 12416135 _____ () C:\Users\test\Downloads\modpack(7).zip 2014-09-15 18:06 - 2014-09-15 18:06 - 12416135 _____ () C:\Users\test\Downloads\modpack(6).zip 2014-09-15 18:05 - 2014-09-15 18:05 - 12416135 _____ () C:\Users\test\Downloads\modpack(3).zip 2014-09-15 14:37 - 2014-09-15 14:37 - 00000000 ____D () C:\Users\test\Documents\The Study 2014-09-14 18:18 - 2014-09-14 18:18 - 12416135 _____ () C:\Users\test\Downloads\modpack(5).zip 2014-09-14 18:14 - 2014-09-14 18:15 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack(2).zip 2014-09-14 18:08 - 2014-09-14 18:09 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack(1).zip 2014-09-14 17:43 - 2014-09-14 17:44 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack.zip 2014-09-14 14:36 - 2014-09-14 14:37 - 15472959 _____ () C:\Users\test\Downloads\orespawn164v19.zip 2014-09-12 21:59 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-12 21:59 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-09-12 21:59 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-12 21:59 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-12 21:59 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-12 21:59 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-09-12 21:59 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-12 21:59 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-12 21:59 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-12 21:59 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-12 21:59 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-12 21:59 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-12 21:59 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-12 21:59 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-12 21:59 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-12 21:59 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-12 21:59 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-09-12 21:59 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-12 21:59 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-12 21:59 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-09-12 21:59 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-12 21:59 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-09-12 21:59 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-09-12 21:59 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-09-12 21:59 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-09-12 21:59 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-09-12 21:59 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-12 21:59 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-09-12 21:59 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-09-12 21:59 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-09-12 21:59 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-09-12 21:59 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-12 21:59 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-12 21:59 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-12 21:59 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-12 21:59 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-12 21:59 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-09-12 21:59 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-09-12 21:59 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-09-12 21:59 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-12 21:59 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-09-12 21:59 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-12 21:59 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-09-12 21:59 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-09-12 21:59 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-09-12 21:59 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-12 21:59 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-09-12 21:59 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-09-12 21:59 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-12 21:59 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-09-12 21:55 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-12 21:55 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll 2014-09-12 20:04 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-12 20:04 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2014-09-12 20:03 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-12 20:03 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2014-09-12 20:02 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-12 20:02 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-09-12 20:02 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-12 20:02 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-12 20:02 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-09-12 20:02 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-09-12 20:02 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-09-12 19:56 - 2014-09-12 19:57 - 00204496 _____ (Malwarebytes) C:\Users\test\Downloads\startuplite-setup-1.07.exe 2014-09-11 17:40 - 2014-09-11 17:40 - 00096815 _____ () C:\Users\test\Documents\systeminfo.txt 2014-09-11 17:37 - 2014-09-11 17:37 - 00000807 _____ () C:\Users\Public\Desktop\Speccy.lnk 2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\Program Files\Speccy 2014-09-11 17:36 - 2014-09-11 17:36 - 04890736 _____ (Piriform Ltd) C:\Users\test\Downloads\spsetup126.exe 2014-09-10 20:15 - 2014-09-23 19:16 - 03675824 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-09 14:50 - 2014-09-09 15:00 - 00010514 _____ () C:\Users\test\Downloads\ms_blank_timetable2.xlsx 2014-09-08 18:38 - 2014-09-29 15:58 - 00000230 _____ () C:\Users\test\Documents\youtube.bat 2014-09-07 18:59 - 2014-09-07 18:59 - 00160310 _____ () C:\Users\test\Downloads\theshrinkphone.pdn 2014-09-07 18:44 - 2014-09-07 18:44 - 03646369 _____ () C:\Users\test\Documents\justinyoungvlog1.wma 2014-09-04 17:47 - 2014-09-04 17:47 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft2 2014-09-04 17:13 - 2014-09-04 17:13 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-03 20:43 - 2014-01-02 20:29 - 00000000 ____D () C:\FRST 2014-10-03 20:39 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-03 20:39 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-03 20:23 - 2013-02-19 20:46 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2014-10-03 20:22 - 2014-03-22 12:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-03 20:22 - 2013-02-19 20:42 - 00000000 ____D () C:\Program Files\Java 2014-10-03 20:21 - 2014-03-22 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2014-10-03 20:15 - 2012-03-15 21:14 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-10-03 20:02 - 2013-10-22 19:18 - 00000000 ____D () C:\Users\test\workspace 2014-10-03 18:27 - 2012-05-30 13:43 - 01230686 _____ () C:\windows\WindowsUpdate.log 2014-10-03 18:27 - 2009-07-14 01:13 - 00787656 _____ () C:\windows\system32\PerfStringBackup.INI 2014-10-03 18:23 - 2013-06-08 17:00 - 00000000 ____D () C:\Users\test\AppData\Roaming\Dropbox 2014-10-03 18:21 - 2014-08-10 17:32 - 00000000 ____D () C:\ProgramData\VMware 2014-10-03 18:20 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-30 18:21 - 2014-06-30 15:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-29 19:02 - 2014-04-02 19:21 - 00000000 ____D () C:\Users\test\AppData\Roaming\Audacity 2014-09-29 18:54 - 2014-09-01 15:44 - 00000000 ____D () C:\Users\test\AppData\Roaming\vlc 2014-09-29 15:47 - 2013-06-03 12:55 - 00000000 ____D () C:\Users\test\AppData\Local\Paint.NET 2014-09-29 14:45 - 2014-07-08 17:49 - 00000091 _____ () C:\Users\test\Desktop\fibonacci.py 2014-09-29 14:41 - 2014-06-28 13:43 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-09-28 20:40 - 2013-08-01 16:11 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-28 10:45 - 2013-07-10 19:11 - 00000000 ____D () C:\Users\test\Documents\.minecraft 2014-09-28 10:34 - 2012-08-13 09:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs 2014-09-28 09:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-28 09:56 - 2012-08-13 09:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-09-28 09:56 - 2012-08-13 09:29 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2014-09-28 09:56 - 2012-03-15 21:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-09-28 09:50 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild 2014-09-28 08:57 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-09-27 19:30 - 2014-05-11 14:54 - 00000000 ____D () C:\ProgramData\Samsung 2014-09-27 19:30 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\spool 2014-09-27 19:30 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF 2014-09-26 21:29 - 2013-03-04 20:48 - 00000000 ____D () C:\Users\test\AppData\Local\CrashDumps 2014-09-26 21:27 - 2007-12-11 15:06 - 00444952 _____ (Creative Labs) C:\windows\SysWOW64\wrap_oal.dll 2014-09-26 21:27 - 2007-12-11 15:06 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\windows\SysWOW64\OpenAL32.dll 2014-09-26 12:32 - 2013-03-08 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 19:52 - 2013-03-03 21:00 - 00000000 ____D () C:\Users\test\Documents\Camtasia Studio 2014-09-24 20:12 - 2014-09-02 19:53 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-09-23 19:16 - 2012-03-15 21:14 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 19:16 - 2012-03-15 21:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 19:16 - 2012-03-15 21:14 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-09-21 20:06 - 2013-10-22 19:16 - 00000000 ____D () C:\Users\test\Desktop\AndroidStuffScott 2014-09-21 20:00 - 2014-07-23 14:30 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-21 20:00 - 2014-06-29 15:36 - 00000000 ____D () C:\Users\test\Desktop\some bat files 2014-09-21 20:00 - 2014-04-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake 2014-09-21 20:00 - 2013-05-04 12:14 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2014-09-21 20:00 - 2013-05-04 12:06 - 00000000 ____D () C:\Users\test\AppData\Roaming\uTorrent 2014-09-21 20:00 - 2013-02-11 20:28 - 00000000 ____D () C:\windows\Minidump 2014-09-21 20:00 - 2013-02-10 22:06 - 00000000 ___RD () C:\Users\test\Desktop\utility 2014-09-21 20:00 - 2012-03-15 04:37 - 00000000 ____D () C:\windows\Panther 2014-09-21 10:21 - 2014-08-10 18:07 - 00000000 ____D () C:\Users\test\AppData\Roaming\VMware 2014-09-21 09:40 - 2013-05-09 17:13 - 00000000 ____D () C:\Users\test\Desktop\IMPORTANT MINECRAFT 2014-09-20 18:35 - 2012-03-15 21:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-09-18 11:23 - 2013-06-08 17:07 - 00001028 _____ () C:\Users\test\Desktop\Dropbox.lnk 2014-09-18 11:23 - 2013-06-08 17:02 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-16 20:31 - 2014-06-28 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-09-15 15:26 - 2013-02-22 09:04 - 00000000 ____D () C:\Users\test\AppData\Roaming\SoftGrid Client 2014-09-15 14:20 - 2013-11-16 21:33 - 00000000 ____D () C:\Users\test\Desktop\TABLETANDPHONE IMPORTANT 2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-09-14 19:30 - 2014-08-13 15:28 - 00000000 ____D () C:\Users\test\AppData\Roaming\Spotify 2014-09-12 21:57 - 2012-08-13 09:26 - 00771966 _____ () C:\windows\SysWOW64\PerfStringBackup.INI 2014-09-12 21:54 - 2014-05-06 20:57 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-11 17:49 - 2013-03-03 20:39 - 00006656 _____ () C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-10 09:10 - 2009-07-14 01:08 - 00032550 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-09-08 14:44 - 2014-08-13 15:40 - 00000000 ____D () C:\Users\test\AppData\Local\Spotify 2014-09-04 17:49 - 2014-06-13 20:18 - 00000000 ____D () C:\VoidLauncher 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.voidswrath 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.7.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.6.4 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.6.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.5.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.pokepack 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.jurassiccraft 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.fellowship 2014-09-04 17:47 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.electriciansjourney 2014-09-04 17:37 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.dreamcraft Some content of TEMP: ==================== C:\Users\test\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3r0val.dll C:\Users\test\AppData\Local\Temp\FINALISE.exe C:\Users\test\AppData\Local\Temp\jblas329696117017846908libgfortran-3.dll C:\Users\test\AppData\Local\Temp\jblas6074898242201706979libgcc_s_sjlj-1.dll C:\Users\test\AppData\Local\Temp\jblas7692879862842798818jblas.dll C:\Users\test\AppData\Local\Temp\jblas8757903554699266430jblas_arch_flavor.dll C:\Users\test\AppData\Local\Temp\libgcc_s_sjlj-1.dll C:\Users\test\AppData\Local\Temp\libgfortran-3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-29 17:05 ==================== End Of Log ============================ FRST addition log: next reply RK log coming in my next reply
-
Hi Malwarebytes. My PC has been acting weird lately, mostly my cursor randomly going out of control and huge program lag. So I went to task maneger thinking that it was just a program taking up memory that I should re-install....... But my CPU usage was VERY low, around 1-3% of usage. So it might be malware............ Anyways, here's the FRST log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 Ran by test (administrator) on JUSTIIN-PC on 01-10-2014 15:52:00 Running from C:\Users\test\Downloads\FRST-OlderVersion\FRST-OlderVersion Loaded Profile: test (Available profiles: Justiin & test & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\test\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Dropbox, Inc.) C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless Inc.) C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor) HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-17] (SRS Labs, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation) HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [740792 2011-12-21] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-02-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [TRUUpdater] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329072 2011-11-03] (Sierra Wireless, Inc.) HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Rogers\Rogers Connection Manager\WaHelper.exe [140656 2011-08-04] (Sierra Wireless Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation) HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [129584 2009-10-22] (VMware, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKU\S-1-5-21-573630501-3468752300-2657990606-1004\...\Run: [spotify Web Helper] => C:\Users\test\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-27] (Spotify Ltd) Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\test\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\test\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCD_enCA496 SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCD_enCA496 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.) Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [338480] (VMware, Inc.) Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.) Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [438320] (VMware, Inc.) Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 Tcpip\..\Interfaces\{DDAE1420-FBB2-4842-BB26-9E85FD354A7E}: [NameServer] 64.71.255.254 64.71.255.253 FireFox: ======== FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default FF DefaultSearchEngine: Norton Safe Search FF SelectedSearchEngine: Norton Safe Search FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml FF Extension: LastPass - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\Extensions\support@lastpass.com [2014-09-03] FF Extension: Adblock Plus - C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\zwr99lbc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-02] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-02] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed] R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation) R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [321392 2011-11-03] (Sierra Wireless, Inc.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed] S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.) S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-06-23] (BlueStack Systems) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] () S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed] S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated) S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.) S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Sierra Wireless Inc.) R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 17:13 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2014-09-30 17:13 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2014-09-29 18:54 - 2014-09-29 18:54 - 00133367 _____ () C:\Users\test\Documents\MS-DOS.ogg 2014-09-29 14:24 - 2014-09-30 17:44 - 00000000 ____D () C:\Users\test\AppData\Roaming\.minecraft 2014-09-29 14:20 - 2014-10-01 14:16 - 01004810 _____ () C:\Users\test\Documents\DiscoM0n.pptx 2014-09-28 20:01 - 2014-09-28 20:05 - 905878897 _____ () C:\Users\test\Documents\.minecraft.zip 2014-09-28 10:42 - 2014-09-28 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 2014-09-28 10:42 - 2014-09-28 10:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0 2014-09-28 10:41 - 2014-09-28 10:41 - 00122317 _____ () C:\Users\test\Downloads\shrinking potion.zip 2014-09-28 10:39 - 2014-09-28 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1 2014-09-28 10:39 - 2014-09-28 10:39 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits 2014-09-28 10:35 - 2014-09-28 19:14 - 00000000 ____D () C:\Users\test\Documents\Visual Studio 2013 2014-09-28 10:34 - 2014-09-28 10:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE 2014-09-28 10:28 - 2014-09-28 10:28 - 00000000 ____D () C:\Program Files (x86)\AppInsights 2014-09-28 10:21 - 2014-09-28 10:21 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits 2014-09-28 10:03 - 2014-09-28 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files (x86)\Workflow Manager Tools 2014-09-28 10:00 - 2014-09-28 10:00 - 00000000 ____D () C:\Program Files (x86)\Open XML SDK 2014-09-28 09:59 - 2014-09-28 09:59 - 00567998 _____ () C:\Users\test\Downloads\rollercoasterv14_beta28027653.zip 2014-09-28 09:59 - 2014-09-28 09:59 - 00000000 ____D () C:\Program Files\Windows Identity Foundation 2014-09-28 09:59 - 2014-09-28 09:59 - 00000000 ____D () C:\Program Files (x86)\Windows Identity Foundation 2014-09-28 09:54 - 2014-09-28 10:31 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit 2014-09-28 09:54 - 2014-09-28 09:54 - 00000000 ____D () C:\Program Files\Application Verifier 2014-09-28 09:54 - 2014-09-28 09:54 - 00000000 ____D () C:\Program Files (x86)\Application Verifier 2014-09-28 09:52 - 2014-09-28 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2014-09-28 09:50 - 2014-09-28 09:50 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions 2014-09-28 09:47 - 2014-09-28 09:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2014-09-28 09:45 - 2014-09-28 09:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools 2014-09-28 09:44 - 2014-09-28 10:30 - 00000000 ____D () C:\Program Files\IIS Express 2014-09-28 09:44 - 2014-09-28 10:30 - 00000000 ____D () C:\Program Files (x86)\IIS Express 2014-09-28 09:44 - 2014-09-28 09:44 - 00000000 ____D () C:\ProgramData\NuGet 2014-09-28 09:44 - 2014-09-28 09:44 - 00000000 ____D () C:\Program Files (x86)\NuGet 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files\IIS 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services 2014-09-28 09:43 - 2014-09-28 09:43 - 00000000 ____D () C:\Program Files (x86)\IIS 2014-09-28 09:41 - 2014-09-28 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression 2014-09-28 09:39 - 2014-09-28 09:52 - 00000000 ____D () C:\Program Files (x86)\Windows Kits 2014-09-28 09:28 - 2014-09-28 09:28 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop 2014-09-28 09:27 - 2014-09-28 09:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer 2014-09-28 09:21 - 2014-09-28 09:56 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-09-28 09:21 - 2014-09-28 09:34 - 00000000 ____D () C:\windows\SysWOW64\1033 2014-09-28 09:20 - 2014-09-28 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013 2014-09-28 09:01 - 2014-09-28 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0 2014-09-28 09:00 - 2014-09-28 09:25 - 00000000 ____D () C:\windows\system32\1033 2014-09-28 09:00 - 2014-09-28 09:00 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0 2014-09-28 08:56 - 2014-09-28 08:56 - 00095541 _____ () C:\Users\test\Downloads\minecraft_2.zip 2014-09-27 21:31 - 2014-09-27 21:31 - 01236880 _____ (Microsoft Corporation) C:\Users\test\Downloads\vs_ultimate.exe 2014-09-27 19:39 - 2014-09-27 19:39 - 00470812 _____ () C:\Users\test\Downloads\infiniterollercoaster.zip 2014-09-27 19:30 - 2014-09-27 19:30 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate 2014-09-26 21:27 - 2014-09-26 21:27 - 01867776 _____ () C:\windows\SysWOW64\ssmci2.scr 2014-09-26 21:27 - 2014-09-26 21:27 - 01233408 _____ () C:\windows\SysWOW64\libvorbis.dll 2014-09-26 21:27 - 2014-09-26 21:27 - 01186750 _____ () C:\windows\SysWOW64\MCI_Screensaver2_Uninstall.exe 2014-09-26 21:27 - 2014-09-26 21:27 - 00061440 _____ () C:\windows\SysWOW64\libogg.dll 2014-09-26 21:27 - 2014-09-26 21:27 - 00017383 _____ () C:\windows\SysWOW64\libogg-License.txt 2014-09-26 21:27 - 2014-09-26 21:27 - 00000996 _____ () C:\windows\SysWOW64\MCI_Screensaver2_install.log 2014-09-26 21:27 - 2014-09-26 21:27 - 00000000 ____D () C:\windows\SysWOW64\MCI_Data 2014-09-26 21:27 - 2014-09-26 21:27 - 00000000 ____D () C:\Users\test\AppData\Roaming\ssmci 2014-09-25 17:04 - 2014-09-25 17:04 - 00005526 _____ () C:\windows\PFRO.log 2014-09-24 14:52 - 2014-09-24 14:52 - 00000000 ____D () C:\Users\test\Downloads\MCI_Screensaver2_Installation 2014-09-24 14:51 - 2014-09-24 14:52 - 02764938 _____ () C:\Users\test\Downloads\MCI_Screensaver2_Installation.rar 2014-09-23 19:23 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-09-23 19:23 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-09-22 20:00 - 2014-09-22 20:00 - 03028902 _____ () C:\Users\test\Downloads\metaworldsInstaller0_985.jar 2014-09-22 14:25 - 2014-09-28 16:51 - 00148216 _____ () C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-22 14:24 - 2014-10-01 14:58 - 00001176 _____ () C:\windows\setupact.log 2014-09-22 14:24 - 2014-09-28 16:50 - 05149328 _____ () C:\windows\system32\FNTCACHE.DAT 2014-09-22 14:24 - 2014-09-22 14:24 - 00000000 _____ () C:\windows\setuperr.log 2014-09-21 20:02 - 2014-09-21 20:02 - 00136174 _____ () C:\Users\test\Documents\cc_20140921_200213.reg 2014-09-20 18:38 - 2014-09-20 18:38 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2014-09-20 18:38 - 2014-09-20 18:38 - 00001268 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2014-09-20 18:23 - 2014-09-20 18:23 - 00614792 _____ (Adobe Systems Incorporated) C:\Users\test\Downloads\CreativeCloudSet-Up.exe 2014-09-19 20:19 - 2014-09-19 20:19 - 00167936 _____ (ICSharpCode.net) C:\Users\test\Downloads\ICSharpCode.SharpZipLib1.dll 2014-09-19 20:11 - 2014-09-19 20:11 - 01164800 _____ () C:\Users\test\Downloads\Godzilla Mod Installer.exe 2014-09-15 18:12 - 2014-09-15 18:13 - 12416135 _____ () C:\Users\test\Downloads\modpack(7).zip 2014-09-15 18:06 - 2014-09-15 18:06 - 12416135 _____ () C:\Users\test\Downloads\modpack(6).zip 2014-09-15 18:05 - 2014-09-15 18:05 - 12416135 _____ () C:\Users\test\Downloads\modpack(3).zip 2014-09-15 14:37 - 2014-09-15 14:37 - 00000000 ____D () C:\Users\test\Documents\The Study 2014-09-14 18:18 - 2014-09-14 18:18 - 12416135 _____ () C:\Users\test\Downloads\modpack(5).zip 2014-09-14 18:14 - 2014-09-14 18:15 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack(2).zip 2014-09-14 18:08 - 2014-09-14 18:09 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack(1).zip 2014-09-14 17:43 - 2014-09-14 17:44 - 12416135 _____ () C:\Users\test\Downloads\thedestructivepack.zip 2014-09-14 14:36 - 2014-09-14 14:37 - 15472959 _____ () C:\Users\test\Downloads\orespawn164v19.zip 2014-09-12 21:59 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-09-12 21:59 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-09-12 21:59 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-09-12 21:59 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-09-12 21:59 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-09-12 21:59 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-09-12 21:59 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-09-12 21:59 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-09-12 21:59 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-09-12 21:59 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-09-12 21:59 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-09-12 21:59 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-09-12 21:59 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-09-12 21:59 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-09-12 21:59 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-09-12 21:59 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-09-12 21:59 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-09-12 21:59 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-09-12 21:59 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-09-12 21:59 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-09-12 21:59 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-09-12 21:59 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-09-12 21:59 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-09-12 21:59 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-09-12 21:59 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-09-12 21:59 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-09-12 21:59 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-09-12 21:59 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-09-12 21:59 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-09-12 21:59 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-09-12 21:59 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-09-12 21:59 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-09-12 21:59 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-09-12 21:59 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-09-12 21:59 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-09-12 21:59 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-09-12 21:59 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-09-12 21:59 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-12 21:59 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-09-12 21:59 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-09-12 21:59 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-09-12 21:59 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-09-12 21:59 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-09-12 21:59 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-09-12 21:59 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-09-12 21:59 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-09-12 21:59 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-09-12 21:59 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-09-12 21:59 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-09-12 21:59 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-09-12 21:59 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-09-12 21:59 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-09-12 21:55 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2014-09-12 21:55 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll 2014-09-12 20:04 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2014-09-12 20:04 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll 2014-09-12 20:03 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-09-12 20:03 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2014-09-12 20:02 - 2014-09-04 22:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-09-12 20:02 - 2014-09-04 22:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-09-12 20:02 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-09-12 20:02 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2014-09-12 20:02 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2014-09-12 20:02 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2014-09-12 20:02 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2014-09-12 19:56 - 2014-09-12 19:57 - 00204496 _____ (Malwarebytes) C:\Users\test\Downloads\startuplite-setup-1.07.exe 2014-09-11 17:40 - 2014-09-11 17:40 - 00096815 _____ () C:\Users\test\Documents\systeminfo.txt 2014-09-11 17:37 - 2014-09-11 17:37 - 00000807 _____ () C:\Users\Public\Desktop\Speccy.lnk 2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-09-11 17:37 - 2014-09-11 17:37 - 00000000 ____D () C:\Program Files\Speccy 2014-09-11 17:36 - 2014-09-11 17:36 - 04890736 _____ (Piriform Ltd) C:\Users\test\Downloads\spsetup126.exe 2014-09-10 20:15 - 2014-09-23 19:16 - 03675824 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-09 14:50 - 2014-09-09 15:00 - 00010514 _____ () C:\Users\test\Downloads\ms_blank_timetable2.xlsx 2014-09-08 18:38 - 2014-09-29 15:58 - 00000230 _____ () C:\Users\test\Documents\youtube.bat 2014-09-07 18:59 - 2014-09-07 18:59 - 00160310 _____ () C:\Users\test\Downloads\theshrinkphone.pdn 2014-09-07 18:44 - 2014-09-07 18:44 - 03646369 _____ () C:\Users\test\Documents\justinyoungvlog1.wma 2014-09-04 17:47 - 2014-09-04 17:47 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft2 2014-09-04 17:13 - 2014-09-04 17:13 - 00000000 ____D () C:\Users\test\AppData\Roaming\.crazycraft 2014-09-02 20:21 - 2014-09-02 20:21 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-09-02 19:56 - 2014-09-02 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-09-02 19:53 - 2014-09-24 20:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-09-02 19:51 - 2014-09-02 19:52 - 01034936 _____ (Microsoft Corporation) C:\Users\test\Downloads\Setup.X86.en-US_O365HomePremRetail_4f8fe66d-41bd-4c99-bb2a-1f947a789f2e_TX_PR_.exe 2014-09-01 15:44 - 2014-09-29 18:54 - 00000000 ____D () C:\Users\test\AppData\Roaming\vlc 2014-09-01 15:44 - 2014-09-01 15:44 - 00001037 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-09-01 15:44 - 2014-09-01 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-09-01 15:42 - 2014-09-01 15:42 - 24743106 _____ () C:\Users\test\Downloads\vlc-2.1.5-win32.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-01 15:52 - 2014-01-02 20:29 - 00000000 ____D () C:\FRST 2014-10-01 15:15 - 2012-03-15 21:14 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-10-01 15:08 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-01 15:08 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-01 15:04 - 2012-05-30 13:43 - 01095921 _____ () C:\windows\WindowsUpdate.log 2014-10-01 15:01 - 2013-06-08 17:00 - 00000000 ____D () C:\Users\test\AppData\Roaming\Dropbox 2014-10-01 15:00 - 2014-08-10 17:32 - 00000000 ____D () C:\ProgramData\VMware 2014-10-01 14:59 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-09-30 18:21 - 2014-06-30 15:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-29 19:02 - 2014-04-02 19:21 - 00000000 ____D () C:\Users\test\AppData\Roaming\Audacity 2014-09-29 15:47 - 2013-06-03 12:55 - 00000000 ____D () C:\Users\test\AppData\Local\Paint.NET 2014-09-29 14:45 - 2014-07-08 17:49 - 00000091 _____ () C:\Users\test\Desktop\fibonacci.py 2014-09-29 14:41 - 2014-06-28 13:43 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-09-28 20:40 - 2013-08-01 16:11 - 00000000 ____D () C:\ProgramData\Package Cache 2014-09-28 10:45 - 2013-07-10 19:11 - 00000000 ____D () C:\Users\test\Documents\.minecraft 2014-09-28 10:34 - 2012-08-13 09:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs 2014-09-28 09:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-28 09:56 - 2012-08-13 09:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-09-28 09:56 - 2012-08-13 09:29 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2014-09-28 09:56 - 2012-03-15 21:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-09-28 09:50 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild 2014-09-28 08:57 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-09-27 19:30 - 2014-05-11 14:54 - 00000000 ____D () C:\ProgramData\Samsung 2014-09-27 19:30 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\spool 2014-09-27 19:30 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF 2014-09-26 21:29 - 2013-03-04 20:48 - 00000000 ____D () C:\Users\test\AppData\Local\CrashDumps 2014-09-26 21:27 - 2007-12-11 15:06 - 00444952 _____ (Creative Labs) C:\windows\SysWOW64\wrap_oal.dll 2014-09-26 21:27 - 2007-12-11 15:06 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\windows\SysWOW64\OpenAL32.dll 2014-09-26 12:32 - 2013-03-08 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-25 19:52 - 2013-03-03 21:00 - 00000000 ____D () C:\Users\test\Documents\Camtasia Studio 2014-09-23 19:16 - 2012-03-15 21:14 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 19:16 - 2012-03-15 21:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 19:16 - 2012-03-15 21:14 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-09-21 20:06 - 2013-10-22 19:16 - 00000000 ____D () C:\Users\test\Desktop\AndroidStuffScott 2014-09-21 20:00 - 2014-07-23 14:30 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-21 20:00 - 2014-06-29 15:36 - 00000000 ____D () C:\Users\test\Desktop\some bat files 2014-09-21 20:00 - 2014-04-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake 2014-09-21 20:00 - 2014-03-22 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2014-09-21 20:00 - 2013-05-04 12:14 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft 2014-09-21 20:00 - 2013-05-04 12:06 - 00000000 ____D () C:\Users\test\AppData\Roaming\uTorrent 2014-09-21 20:00 - 2013-02-11 20:28 - 00000000 ____D () C:\windows\Minidump 2014-09-21 20:00 - 2013-02-10 22:06 - 00000000 ___RD () C:\Users\test\Desktop\utility 2014-09-21 20:00 - 2012-03-15 04:37 - 00000000 ____D () C:\windows\Panther 2014-09-21 17:56 - 2009-07-14 01:13 - 00787656 _____ () C:\windows\system32\PerfStringBackup.INI 2014-09-21 10:21 - 2014-08-10 18:07 - 00000000 ____D () C:\Users\test\AppData\Roaming\VMware 2014-09-21 09:40 - 2013-05-09 17:13 - 00000000 ____D () C:\Users\test\Desktop\IMPORTANT MINECRAFT 2014-09-20 18:35 - 2012-03-15 21:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-09-18 11:23 - 2013-06-08 17:07 - 00001028 _____ () C:\Users\test\Desktop\Dropbox.lnk 2014-09-18 11:23 - 2013-06-08 17:02 - 00000000 ____D () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-16 20:31 - 2014-06-28 13:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-09-15 15:26 - 2013-02-22 09:04 - 00000000 ____D () C:\Users\test\AppData\Roaming\SoftGrid Client 2014-09-15 14:20 - 2013-11-16 21:33 - 00000000 ____D () C:\Users\test\Desktop\TABLETANDPHONE IMPORTANT 2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-09-14 19:30 - 2014-08-13 15:28 - 00000000 ____D () C:\Users\test\AppData\Roaming\Spotify 2014-09-12 21:57 - 2012-08-13 09:26 - 00771966 _____ () C:\windows\SysWOW64\PerfStringBackup.INI 2014-09-12 21:54 - 2014-05-06 20:57 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-09-11 17:49 - 2013-03-03 20:39 - 00006656 _____ () C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-10 09:10 - 2009-07-14 01:08 - 00032550 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-09-08 14:44 - 2014-08-13 15:40 - 00000000 ____D () C:\Users\test\AppData\Local\Spotify 2014-09-04 17:49 - 2014-06-13 20:18 - 00000000 ____D () C:\VoidLauncher 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.voidswrath 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.7.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.6.4 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.6.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.vanilla1.5.2 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.pokepack 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.jurassiccraft 2014-09-04 17:47 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.fellowship 2014-09-04 17:47 - 2014-06-29 15:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\.electriciansjourney 2014-09-04 17:37 - 2014-07-10 14:33 - 00000000 ____D () C:\Users\test\AppData\Roaming\.dreamcraft 2014-09-02 20:21 - 2012-03-15 21:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-09-02 18:51 - 2014-06-13 20:18 - 00000000 ____D () C:\Users\test\AppData\Roaming\.aethericcrusade 2014-09-01 17:15 - 2013-10-22 19:18 - 00000000 ____D () C:\Users\test\workspace 2014-09-01 16:48 - 2013-10-08 20:41 - 00000000 ____D () C:\Users\test\android-sdks 2014-09-01 15:43 - 2014-04-07 17:19 - 00000000 ____D () C:\Program Files (x86)\VideoLAN Some content of TEMP: ==================== C:\Users\test\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5racow.dll C:\Users\test\AppData\Local\Temp\FINALISE.exe C:\Users\test\AppData\Local\Temp\jblas329696117017846908libgfortran-3.dll C:\Users\test\AppData\Local\Temp\jblas6074898242201706979libgcc_s_sjlj-1.dll C:\Users\test\AppData\Local\Temp\jblas7692879862842798818jblas.dll C:\Users\test\AppData\Local\Temp\jblas8757903554699266430jblas_arch_flavor.dll C:\Users\test\AppData\Local\Temp\libgcc_s_sjlj-1.dll C:\Users\test\AppData\Local\Temp\libgfortran-3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-29 17:05 ==================== End Of Log ============================
-
Okay, it's what I thought Anyways, thanks for your help, see you later
-
Hi, are you still here? Thanks
-
whoops
-
Lol didn't know you where on the mbam forums naat It's jman005 from g2g
-
UPDATE: the computer also had trouble starting, it had to do startup repair(which failed), but I was still able to start the computer
-
Okay, i'm back Now, you might wonder these things about the attached log: Q: Why is the PC name Laura? A: the computer wasn't always mine Q: why are the drives messed up(they might be)? A: A while back, this computer had a pretty bad infection (before I knew about the mbam forums) and got a technician, and his "solution" was to install a new hard drive. Logs attatched. FRST.txt Addition.txt CheckResults.txt