Jump to content

Can Malwarebytes remove FoxTab?


blaisemi

Recommended Posts

I installed Camstudio and inadvertently also installed a program called FoxTab. When I try to uninstall FoxTab using the Windows Control Panel, I get this error message: "You do not have sufficient access to uninstall FoxTab. Please contact your system administrator." I have Administrator rights on my computer.

 

I go to the \Program Files (x86)\FoxTab\1.8.12.0 directory and try to run uninstall.exe. I get the error message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

 

I've tried running Malwarebytes (I have a Premium subscription) but on the infected computer, when I try to launch Malwarebytes, the message "Do you want to allow this program to make changes to this computer?" appears. I click the "Yes" button. Then nothing happens. I've tried downloading and re-installing Malwarebytes but receive installation errors.

 

I've done Internet searches and find several sites that claim to have software that will remove FoxTab, but I'm afraid to install these in case they may actually make the situation worse.

 

I believe FoxTab is loading tabs in my browsers to install various software, including pages that "appear" to be legitimate and include Microsoft partner logos, among other normally trusted sources. I believe it may also be adding fly-in ads to the right margins of my browsers on certain pages.

 

I also have Kaspersky Internet Security and have downloaded Microsoft Windows Malicious Software Removal Tool. I'm currently running scans using these two tools, but am unsure whether they will detect and remove FoxTab.

 

Does anyone have any solutions for removing FoxTab?

 

Thanks!

 

Blaise

Link to post
Share on other sites

Hi :)



 

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)



warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.






51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.
  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Hello, Naathim,

 

Thank you for the detailed instructions. As I mentioned in my original post, I'm having problems using Malwarebytes on the infected machine, but will attempt to reinstall it again.

 

Fortunately, I have a second laptop I can use so I've shut down the infected laptop. I have a full schedule today, but will perform the steps you recommended tomorrow. I'll post the results after I've completed the steps.

 

I greatly appreciate your response.

 

Blaise

Link to post
Share on other sites

Naat,

 

Thanks for your help! Here are the results in the FRST.TXT file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01
Ran by blais_000 (administrator) on BLAISE-DELL on 25-09-2014 12:00:28
Running from C:\Users\blais_000\Downloads
Loaded Profile: blais_000 (Available profiles: blais_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Term Tutor) C:\Program Files (x86)\TermTutor\Service\ttsvc.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Pokki) C:\Users\blais_000\AppData\Local\Pokki\Engine\pokki.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Pokki) C:\Users\blais_000\AppData\Local\Pokki\Engine\pokki.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(LastPass) C:\Users\blais_000\AppData\LocalLow\LastPass\LastPassBroker.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\klwtblfs.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [scrolling Teleprompter Software.exe] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [Pokki] => C:\WINDOWS\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [Push Client] => C:\Users\blais_000\AppData\Local\ATT Connect\Participant\pull.exe [983296 2013-11-12] (AT&T Inc.)
HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [Google Update] => C:\Users\blais_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-04] (Google Inc.)
HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\RunOnce: [Application Restart #1] => C:\Users\blais_000\AppData\Local\Pokki\Engine\pokki.exe [8285512 2013-12-05] (Pokki)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\blais_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\blais_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\blais_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U277
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {32C08433-847D-452E-8B1A-987C9A8AA132} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {32C08433-847D-452E-8B1A-987C9A8AA132} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {32C08433-847D-452E-8B1A-987C9A8AA132} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {32C08433-847D-452E-8B1A-987C9A8AA132} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {32C08433-847D-452E-8B1A-987C9A8AA132} URL =
SearchScopes: HKCU - {32C08433-847D-452E-8B1A-987C9A8AA132} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files\TermTutor\IE\TermTutorClientIE.dll (Term Tutor)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll (Term Tutor)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: about:home|chrome://fvd.speeddial/content/fvd_about_blank.html|about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\blais_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\blais_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\blais_000\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\blais_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\blais_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pokki.com/PokkiDownloadHelper -> C:\Users\blais_000\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)
FF user.js: detected! => C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\blais_000\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\blais_000\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\pavel.sherbakov@gmail.com [2014-09-14]
FF Extension: Print pages to PDF - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\printPages2Pdf@reinhold.ripper [2014-04-12]
FF Extension: LastPass - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\support@lastpass.com [2014-08-19]
FF Extension: Add to Amazon Wish List Button - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\amznUWL2@amazon.com.xpi [2014-05-11]
FF Extension: Search in a Giphy - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\gt@giphy.com.xpi [2014-05-03]
FF Extension: QrCodeR - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4@jetpack.xpi [2014-04-02]
FF Extension: Self-Destructing Cookies - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-04-02]
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2014-04-19]
FF Extension: Facebook Secret Emoticons - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi [2014-04-03]
FF Extension: Buffer for Firefox - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\jid1-zUyU7TGKwejAyA@jetpack.xpi [2014-05-03]
FF Extension: Klout - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\kwtr-for-firefox@klout.com.xpi [2014-07-01]
FF Extension: Personas Plus - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\personas@christopher.beard.xpi [2014-04-02]
FF Extension: Pin It button - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\pinterest@robertnyman.com.xpi [2014-04-02]
FF Extension: Rainbow - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\rainbow@colors.org.xpi [2014-04-02]
FF Extension: Facebook Phishing Protector - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-04-02]
FF Extension: FireFTP - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-05-03]
FF Extension: Adblock Plus - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-02]
FF Extension: Term Tutor - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [2014-09-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-09]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-01-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-21] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [150224 2014-09-09] (Dell Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-13] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-05] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-25] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 ttsvc; C:\Program Files (x86)\TermTutor\Service\ttsvc.exe [276048 2014-09-04] (Term Tutor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-21] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-01-21] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-01-21] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-01-21] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-24] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-01-21] (Kaspersky Lab ZAO)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
R1 ttnfd; C:\Windows\System32\drivers\ttnfd.sys [58232 2014-09-04] (Term Tutor)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 12:00 - 2014-09-25 12:01 - 00036822 _____ () C:\Users\blais_000\Downloads\FRST.txt
2014-09-25 11:59 - 2014-09-25 12:00 - 00000000 ____D () C:\FRST
2014-09-25 11:59 - 2014-09-25 11:59 - 02108928 _____ (Farbar) C:\Users\blais_000\Downloads\FRST64.exe
2014-09-22 18:19 - 2014-09-22 18:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\blais_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 18:16 - 2014-09-22 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 18:15 - 2014-09-22 18:21 - 00000000 ____D () C:\Users\blais_000\Desktop\mbar
2014-09-22 18:15 - 2014-09-22 18:15 - 12582688 _____ (Malwarebytes Corp.) C:\Users\blais_000\Downloads\mbar-1.07.0.1008.exe
2014-09-22 15:48 - 2014-09-22 15:48 - 00765984 _____ ( ) C:\Users\blais_000\Downloads\CamStudioSetup_v2.7.2.exe
2014-09-22 15:31 - 2014-09-22 16:18 - 00000408 _____ () C:\Users\blais_000\AppData\Roaming\CamShapes.ini
2014-09-22 15:31 - 2014-09-22 16:18 - 00000408 _____ () C:\Users\blais_000\AppData\Roaming\CamLayout.ini
2014-09-22 15:31 - 2014-09-22 16:18 - 00000129 _____ () C:\Users\blais_000\AppData\Roaming\Camdata.ini
2014-09-22 15:31 - 2014-09-22 16:16 - 00004535 _____ () C:\Users\blais_000\AppData\Roaming\CamStudio.cfg
2014-09-22 15:29 - 2014-09-22 15:57 - 00000000 ____D () C:\Users\blais_000\Documents\My CamStudio Temp Files
2014-09-22 15:27 - 2014-09-22 15:49 - 00000096 _____ () C:\Users\blais_000\AppData\Roaming\version2.xml
2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files\TermTutor
2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\TermTutor
2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\Foxtab
2014-09-20 07:31 - 2014-09-20 07:31 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\06366727.sys
2014-09-19 12:00 - 2014-09-19 12:00 - 00699016 _____ (CNET Download.com) C:\Users\blais_000\Downloads\cbsidlm-cbsi213-Screen_Recorder-ORG-75937532.exe
2014-09-19 11:57 - 2014-09-19 11:57 - 01751696 _____ (SightFiesta Co., Ltd. ) C:\Users\blais_000\Downloads\FreeVideoCapture_CNET(1).exe
2014-09-19 10:48 - 2014-09-19 22:19 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\New Version Available
2014-09-19 10:46 - 2014-09-19 10:46 - 01751696 _____ (SightFiesta Co., Ltd. ) C:\Users\blais_000\Downloads\FreeVideoCapture_CNET.exe
2014-09-19 10:38 - 2014-09-19 10:38 - 00692224 _____ () C:\WINDOWS\SysWOW64\bsrmgcv.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00585728 _____ () C:\WINDOWS\SysWOW64\bsratswf.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00192512 _____ () C:\WINDOWS\SysWOW64\bsrmgps.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00147456 _____ () C:\WINDOWS\SysWOW64\bsratwmv.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00098304 _____ () C:\WINDOWS\SysWOW64\bsreffs.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00090112 _____ () C:\WINDOWS\SysWOW64\bsrlback.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00081920 _____ () C:\WINDOWS\SysWOW64\bsrgvas.dll
2014-09-19 10:37 - 2014-09-19 10:38 - 15588344 _____ (BSRSoft) C:\Users\blais_000\Downloads\InstallBSR_v6.exe
2014-09-19 09:43 - 2014-09-19 09:43 - 00005111 _____ () C:\ProgramData\eaapqbsg.gfr
2014-09-19 09:43 - 2014-09-19 09:43 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Movavi
2014-09-18 19:30 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\ProgramData\Movavi
2014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture 5
2014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\Program Files (x86)\Movavi Screen Capture 5
2014-09-18 09:04 - 2014-09-18 09:07 - 56819280 _____ (Movavi) C:\Users\blais_000\Downloads\MovaviScreenRecorderSetup.exe
2014-09-18 08:21 - 2014-09-18 08:22 - 00000000 ____D () C:\Users\blais_000\Documents\_Rewards Rebates Coupons
2014-09-18 08:13 - 2014-09-18 08:13 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\074253FE.sys
2014-09-18 06:28 - 2014-09-18 06:28 - 01333204 _____ () C:\Users\blais_000\Downloads\E5000000614.zip
2014-09-15 07:44 - 2014-09-15 07:44 - 00000000 ___RD () C:\Users\blais_000\Podcasts
2014-09-14 17:13 - 2014-09-14 17:13 - 02281443 _____ () C:\Users\blais_000\Downloads\Free_PowerPoint_Templates.zip
2014-09-13 19:11 - 2014-08-23 00:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-13 19:11 - 2014-08-23 00:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-13 19:11 - 2014-08-22 23:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-13 19:11 - 2014-08-22 22:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-13 19:11 - 2014-08-22 21:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-13 19:11 - 2014-08-22 21:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-13 19:11 - 2014-08-22 21:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-13 19:11 - 2014-08-22 21:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-13 19:11 - 2014-08-22 21:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-13 19:11 - 2014-07-29 18:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-13 19:11 - 2014-07-28 22:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-13 19:11 - 2014-07-24 08:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-13 19:11 - 2014-07-24 06:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-13 19:11 - 2014-07-24 02:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-13 19:11 - 2014-07-24 02:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-13 19:11 - 2014-07-24 00:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-13 19:11 - 2014-07-24 00:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-13 19:10 - 2014-07-24 08:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-13 19:10 - 2014-07-24 08:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-13 19:10 - 2014-07-24 08:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-13 19:10 - 2014-07-24 08:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-13 19:10 - 2014-07-24 08:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-13 19:10 - 2014-07-24 08:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-13 19:10 - 2014-07-24 08:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-13 19:10 - 2014-07-24 08:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-13 19:10 - 2014-07-24 08:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-13 19:10 - 2014-07-24 08:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-13 19:10 - 2014-07-24 08:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-13 19:10 - 2014-07-24 08:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-13 19:10 - 2014-07-24 08:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-13 19:10 - 2014-07-24 08:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-13 19:10 - 2014-07-24 08:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-13 19:10 - 2014-07-24 08:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-13 19:10 - 2014-07-24 08:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-13 19:10 - 2014-07-24 08:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-13 19:10 - 2014-07-24 08:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-13 19:10 - 2014-07-24 08:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-13 19:10 - 2014-07-24 08:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-13 19:10 - 2014-07-24 08:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-13 19:10 - 2014-07-24 08:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-13 19:10 - 2014-07-24 08:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-13 19:10 - 2014-07-24 07:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-13 19:10 - 2014-07-24 07:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-13 19:10 - 2014-07-24 06:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-13 19:10 - 2014-07-24 06:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-13 19:10 - 2014-07-24 06:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-13 19:10 - 2014-07-24 06:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-13 19:10 - 2014-07-24 06:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-13 19:10 - 2014-07-24 06:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-13 19:10 - 2014-07-24 06:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-13 19:10 - 2014-07-24 06:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-13 19:10 - 2014-07-24 06:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-13 19:10 - 2014-07-24 04:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-13 19:10 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-13 19:10 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-13 19:10 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-13 19:10 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-13 19:10 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-13 19:10 - 2014-07-24 04:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-13 19:10 - 2014-07-24 04:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-13 19:10 - 2014-07-24 04:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-13 19:10 - 2014-07-24 04:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-13 19:10 - 2014-07-24 04:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-13 19:10 - 2014-07-24 04:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-13 19:10 - 2014-07-24 04:42 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-09-13 19:10 - 2014-07-24 04:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-13 19:10 - 2014-07-24 04:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-13 19:10 - 2014-07-24 04:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-09-13 19:10 - 2014-07-24 04:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-13 19:10 - 2014-07-24 04:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-13 19:10 - 2014-07-24 04:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-13 19:10 - 2014-07-24 04:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-13 19:10 - 2014-07-24 04:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-13 19:10 - 2014-07-24 04:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-13 19:10 - 2014-07-24 04:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-13 19:10 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-13 19:10 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-13 19:10 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-13 19:10 - 2014-07-24 03:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-13 19:10 - 2014-07-24 03:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-13 19:10 - 2014-07-24 03:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-13 19:10 - 2014-07-24 03:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-13 19:10 - 2014-07-24 03:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-13 19:10 - 2014-07-24 03:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-13 19:10 - 2014-07-24 03:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-13 19:10 - 2014-07-24 03:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-13 19:10 - 2014-07-24 03:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-13 19:10 - 2014-07-24 03:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-13 19:10 - 2014-07-24 03:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-13 19:10 - 2014-07-24 03:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-13 19:10 - 2014-07-24 03:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-13 19:10 - 2014-07-24 03:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-13 19:10 - 2014-07-24 03:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-13 19:10 - 2014-07-24 03:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-13 19:10 - 2014-07-24 03:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-13 19:10 - 2014-07-24 02:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-13 19:10 - 2014-07-24 02:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-13 19:10 - 2014-07-24 02:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-13 19:10 - 2014-07-24 02:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-13 19:10 - 2014-07-24 02:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-13 19:10 - 2014-07-24 02:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-13 19:10 - 2014-07-24 02:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-13 19:10 - 2014-07-24 02:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-13 19:10 - 2014-07-24 02:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-13 19:10 - 2014-07-24 02:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-13 19:10 - 2014-07-24 02:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-13 19:10 - 2014-07-24 02:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-13 19:10 - 2014-07-24 02:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-13 19:10 - 2014-07-24 02:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-13 19:10 - 2014-07-24 02:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-13 19:10 - 2014-07-24 02:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-13 19:10 - 2014-07-24 02:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-13 19:10 - 2014-07-24 02:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-13 19:10 - 2014-07-24 02:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-13 19:10 - 2014-07-24 02:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-13 19:10 - 2014-07-24 02:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-13 19:10 - 2014-07-24 02:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-13 19:10 - 2014-07-24 02:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-13 19:10 - 2014-07-24 02:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-13 19:10 - 2014-07-24 02:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-13 19:10 - 2014-07-24 01:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-13 19:10 - 2014-07-24 01:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-13 19:10 - 2014-07-24 01:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-13 19:10 - 2014-07-24 01:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-13 19:10 - 2014-07-24 01:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-13 19:10 - 2014-07-24 01:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-13 19:10 - 2014-07-24 01:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-13 19:10 - 2014-07-24 01:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-13 19:10 - 2014-07-24 01:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-13 19:10 - 2014-07-24 01:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-13 19:10 - 2014-07-24 01:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-13 19:10 - 2014-07-24 01:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-13 19:10 - 2014-07-24 01:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-13 19:10 - 2014-07-24 01:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-13 19:10 - 2014-07-24 01:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-13 19:10 - 2014-07-24 01:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-13 19:10 - 2014-07-24 01:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-13 19:10 - 2014-07-24 01:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-13 19:10 - 2014-07-24 01:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-13 19:10 - 2014-07-24 01:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-13 19:10 - 2014-07-24 01:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-13 19:10 - 2014-07-24 01:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-13 19:10 - 2014-07-24 01:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-13 19:10 - 2014-07-24 01:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-13 19:10 - 2014-07-24 01:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-13 19:10 - 2014-07-24 01:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-13 19:10 - 2014-07-24 01:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-13 19:10 - 2014-07-24 01:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-13 19:10 - 2014-07-24 01:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-13 19:10 - 2014-07-24 01:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-13 19:10 - 2014-07-24 01:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-13 19:10 - 2014-07-24 01:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-13 19:10 - 2014-07-24 01:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-13 19:10 - 2014-07-24 01:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-13 19:10 - 2014-07-24 01:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-13 19:10 - 2014-07-24 01:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-13 19:10 - 2014-07-24 01:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-13 19:10 - 2014-07-24 01:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-13 19:10 - 2014-07-24 01:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-13 19:10 - 2014-07-24 01:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-13 19:10 - 2014-07-24 01:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-13 19:10 - 2014-07-24 01:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-13 19:10 - 2014-07-24 01:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-13 19:10 - 2014-07-24 01:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-13 19:10 - 2014-07-24 01:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-13 19:10 - 2014-07-24 01:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-13 19:10 - 2014-07-24 01:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-13 19:10 - 2014-07-24 01:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-13 19:10 - 2014-07-24 01:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-13 19:10 - 2014-07-24 01:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-13 19:10 - 2014-07-24 00:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-13 19:10 - 2014-07-24 00:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-13 19:10 - 2014-07-24 00:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-13 19:10 - 2014-07-24 00:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-13 19:10 - 2014-07-24 00:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-13 19:10 - 2014-07-24 00:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-13 19:10 - 2014-07-24 00:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-13 19:10 - 2014-07-24 00:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-13 19:10 - 2014-07-24 00:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-13 19:10 - 2014-07-24 00:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-13 19:10 - 2014-07-24 00:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-13 19:10 - 2014-07-24 00:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-13 19:10 - 2014-07-24 00:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-13 19:10 - 2014-07-24 00:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-13 19:10 - 2014-07-24 00:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-13 19:10 - 2014-07-24 00:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-13 19:10 - 2014-07-24 00:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-13 19:10 - 2014-07-23 21:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-13 19:10 - 2014-07-23 21:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-13 19:10 - 2014-07-11 22:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-13 19:10 - 2014-07-11 22:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-13 19:10 - 2014-07-11 21:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-13 19:10 - 2014-07-11 21:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-13 19:10 - 2014-07-11 21:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-13 19:10 - 2014-07-09 16:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-13 19:10 - 2014-07-04 05:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-13 19:10 - 2014-07-04 03:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-13 19:10 - 2014-07-04 03:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-13 19:10 - 2014-07-04 03:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-13 19:10 - 2014-07-04 03:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-13 19:10 - 2014-07-04 02:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-13 19:10 - 2014-07-04 02:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-13 19:10 - 2014-06-26 23:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-13 19:10 - 2014-06-25 17:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-13 19:10 - 2014-06-25 17:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-13 19:10 - 2014-06-19 16:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-13 19:10 - 2014-06-18 19:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-13 19:10 - 2014-06-13 23:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-13 19:10 - 2014-06-13 22:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-13 19:10 - 2014-06-07 05:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-13 19:10 - 2014-06-07 03:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-13 19:10 - 2014-06-05 07:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-13 19:10 - 2014-06-05 03:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-13 19:10 - 2014-06-05 02:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-13 19:10 - 2014-05-30 22:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-13 19:10 - 2014-05-30 21:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-13 19:10 - 2014-05-28 23:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-13 19:10 - 2014-05-28 22:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-13 19:10 - 2014-05-28 22:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-13 19:10 - 2014-05-28 21:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-13 19:10 - 2014-05-26 00:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-13 19:10 - 2014-05-10 03:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-13 19:10 - 2014-05-10 01:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-13 19:10 - 2014-05-05 21:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-13 19:10 - 2014-05-05 17:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-13 19:10 - 2014-03-24 19:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-13 19:10 - 2014-03-24 19:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-13 19:10 - 2014-03-24 18:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-13 19:10 - 2014-03-24 18:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-13 19:02 - 2014-08-14 17:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-13 06:43 - 2014-09-13 06:43 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\PhotoScape
2014-09-13 06:43 - 2014-09-13 06:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-09-13 06:42 - 2014-09-13 06:43 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-09-12 17:37 - 2014-08-15 19:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-12 17:37 - 2014-08-15 19:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-12 17:37 - 2014-08-15 19:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-12 17:37 - 2014-08-15 19:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-12 17:37 - 2014-08-15 18:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-12 17:37 - 2014-08-15 18:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-12 17:37 - 2014-08-15 18:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-12 17:37 - 2014-08-15 18:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-12 17:37 - 2014-08-15 18:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-12 17:37 - 2014-08-15 18:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-12 17:37 - 2014-08-15 18:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-12 17:37 - 2014-08-15 18:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-12 17:37 - 2014-08-15 18:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-12 17:37 - 2014-08-15 18:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-12 17:37 - 2014-08-15 18:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-12 17:37 - 2014-08-15 18:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-12 17:37 - 2014-08-15 18:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-12 17:37 - 2014-08-15 18:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-12 17:37 - 2014-08-15 18:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-12 17:37 - 2014-08-15 18:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-12 17:37 - 2014-08-15 18:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-12 17:37 - 2014-08-15 17:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 17:37 - 2014-08-15 17:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-12 17:37 - 2014-08-15 17:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-12 17:37 - 2014-08-15 17:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-12 17:37 - 2014-08-15 17:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-12 17:37 - 2014-08-15 17:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-12 17:37 - 2014-08-15 17:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-12 17:37 - 2014-08-15 17:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-12 17:37 - 2014-08-15 17:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-12 17:37 - 2014-08-15 17:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-12 17:37 - 2014-08-15 17:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-12 17:37 - 2014-08-15 17:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-12 17:37 - 2014-08-15 17:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-12 17:37 - 2014-08-15 17:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-12 16:06 - 2014-09-12 16:06 - 00000000 ____D () C:\Program Files (x86)\Dell Update
2014-09-12 10:08 - 2014-09-12 10:08 - 00000000 ____D () C:\Users\blais_000\Documents\eSigs
2014-09-11 18:54 - 2014-09-04 19:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-11 18:54 - 2014-09-04 19:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-11 18:54 - 2014-09-04 17:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-11 18:54 - 2014-08-01 17:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 18:53 - 2014-07-23 20:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 18:53 - 2014-07-23 20:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-11 14:59 - 2014-09-11 14:59 - 00895120 _____ (Google Inc.) C:\Users\blais_000\Downloads\GoogleVoiceAndVideoSetup(1).exe
2014-09-10 16:08 - 2014-09-10 16:08 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\51FF6DD8.sys
2014-09-09 04:29 - 2014-09-09 04:29 - 00001115 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-09-08 14:58 - 2014-09-08 15:01 - 00000000 ____D () C:\Program Files\Zune
2014-09-08 14:58 - 2014-09-08 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
2014-09-08 14:51 - 2014-09-08 14:52 - 105664248 _____ (Microsoft Corporation) C:\Users\blais_000\Downloads\ZuneSetupPkg.exe
2014-09-07 11:09 - 2014-09-07 11:09 - 00000000 ____D () C:\Program Files\Microsoft Mathematics Add-in
2014-09-07 11:08 - 2014-09-07 11:09 - 16808712 _____ (Microsoft Corporation) C:\Users\blais_000\Downloads\edumathaddin.exe
2014-09-05 20:08 - 2014-09-05 20:08 - 00000000 _____ () C:\WINDOWS\DVDShrink.txt
2014-09-05 19:51 - 2014-09-05 19:51 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\WebApp
2014-09-05 19:50 - 2014-09-05 19:50 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Cyberlink
2014-09-04 10:22 - 2014-09-04 10:22 - 00058232 _____ (Term Tutor) C:\WINDOWS\system32\Drivers\ttnfd.sys
2014-09-02 12:32 - 2014-09-02 12:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\3ED50ED5.sys
2014-09-01 16:01 - 2014-09-01 16:01 - 00425286 _____ () C:\Users\blais_000\Downloads\_Postcards-Medium.zip
2014-08-29 16:40 - 2014-09-01 09:49 - 00000000 ____D () C:\Users\blais_000\Documents\Writing
2014-08-29 15:25 - 2014-08-29 15:26 - 33386447 _____ () C:\Users\blais_000\Downloads\4 Responsive HTML & Wp Templates.zip
2014-08-29 11:51 - 2014-08-29 11:52 - 249710296 _____ () C:\Users\blais_000\Downloads\four-hour-chef_audio-book-64kps-higher-fidelity.zip
2014-08-29 05:42 - 2014-08-29 05:42 - 91670064 _____ (The GIMP Team ) C:\Users\blais_000\Downloads\gimp-2.8.14-setup.exe
2014-08-28 00:27 - 2014-08-22 17:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-28 00:16 - 2014-08-28 00:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\76267CA4.sys
2014-08-26 07:49 - 2014-08-26 07:49 - 05709626 _____ () C:\Users\blais_000\Downloads\washingtonnoxiousweedlist2014.apk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 12:01 - 2014-09-25 12:00 - 00036822 _____ () C:\Users\blais_000\Downloads\FRST.txt
2014-09-25 12:00 - 2014-09-25 11:59 - 00000000 ____D () C:\FRST
2014-09-25 12:00 - 2014-05-09 20:28 - 00000370 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2014-09-25 12:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-25 11:59 - 2014-09-25 11:59 - 02108928 _____ (Farbar) C:\Users\blais_000\Downloads\FRST64.exe
2014-09-25 11:57 - 2014-03-08 16:33 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2239919557-4028155487-1077561689-1004
2014-09-25 11:56 - 2014-03-24 13:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 11:54 - 2014-03-08 21:44 - 00005000 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BLAISE-DELL-blais_000 Blaise-Dell
2014-09-25 11:52 - 2014-06-15 22:22 - 00000000 ____D () C:\Users\blais_000\AppData\Local\CrashDumps
2014-09-25 11:52 - 2014-03-08 18:45 - 01051712 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-25 11:51 - 2014-04-02 15:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-25 11:51 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-25 11:49 - 2014-08-04 10:44 - 00000948 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004UA.job
2014-09-25 11:49 - 2014-03-09 12:02 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-25 11:47 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-25 11:46 - 2014-03-14 13:48 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Adobe
2014-09-25 11:37 - 2014-04-14 12:22 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 11:35 - 2014-03-18 12:03 - 00000610 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2239919557-4028155487-1077561689-1004.job
2014-09-25 11:32 - 2014-03-08 19:35 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0CEE6D12-1562-4AE7-913E-51482FA99052}
2014-09-25 11:30 - 2014-04-13 10:32 - 00000000 ____D () C:\Users\blais_000\Documents\Outlook Files
2014-09-25 11:23 - 2013-07-04 14:58 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-25 11:22 - 2014-03-08 18:57 - 00000000 __RDO () C:\Users\blais_000\SkyDrive
2014-09-25 11:19 - 2014-04-14 12:22 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 11:19 - 2014-03-22 22:04 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Pokki
2014-09-23 06:06 - 2014-06-15 15:56 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NSTx64
2014-09-23 06:06 - 2014-06-15 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-09-22 18:22 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-22 18:21 - 2014-09-22 18:15 - 00000000 ____D () C:\Users\blais_000\Desktop\mbar
2014-09-22 18:21 - 2014-03-10 18:28 - 00000000 ___RD () C:\Users\blais_000\Dropbox
2014-09-22 18:21 - 2013-08-22 06:25 - 01310720 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-22 18:19 - 2014-09-22 18:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\blais_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 18:16 - 2014-09-22 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-22 18:15 - 2014-09-22 18:15 - 12582688 _____ (Malwarebytes Corp.) C:\Users\blais_000\Downloads\mbar-1.07.0.1008.exe
2014-09-22 16:53 - 2014-03-08 16:26 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Packages
2014-09-22 16:47 - 2014-03-10 18:18 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\Dropbox
2014-09-22 16:43 - 2014-03-08 16:26 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\Adobe
2014-09-22 16:18 - 2014-09-22 15:31 - 00000408 _____ () C:\Users\blais_000\AppData\Roaming\CamShapes.ini
2014-09-22 16:18 - 2014-09-22 15:31 - 00000408 _____ () C:\Users\blais_000\AppData\Roaming\CamLayout.ini
2014-09-22 16:18 - 2014-09-22 15:31 - 00000129 _____ () C:\Users\blais_000\AppData\Roaming\Camdata.ini
2014-09-22 16:16 - 2014-09-22 15:31 - 00004535 _____ () C:\Users\blais_000\AppData\Roaming\CamStudio.cfg
2014-09-22 15:57 - 2014-09-22 15:29 - 00000000 ____D () C:\Users\blais_000\Documents\My CamStudio Temp Files
2014-09-22 15:49 - 2014-09-22 15:27 - 00000096 _____ () C:\Users\blais_000\AppData\Roaming\version2.xml
2014-09-22 15:48 - 2014-09-22 15:48 - 00765984 _____ ( ) C:\Users\blais_000\Downloads\CamStudioSetup_v2.7.2.exe
2014-09-22 15:35 - 2014-06-01 17:55 - 00000000 ____D () C:\Users\blais_000\BMDS250
2014-09-22 15:32 - 2014-07-18 11:21 - 00000000 ____D () C:\Users\blais_000\Desktop\Backstage
2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files\TermTutor
2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\TermTutor
2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\Foxtab
2014-09-22 15:27 - 2014-09-18 19:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-22 13:38 - 2014-03-15 14:11 - 06537728 ___SH () C:\Users\blais_000\Downloads\Thumbs.db
2014-09-22 10:49 - 2014-08-04 10:44 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004Core.job
2014-09-21 19:04 - 2014-03-08 18:33 - 00000000 ____D () C:\Users\blais_000
2014-09-21 17:11 - 2014-04-11 00:15 - 00309760 ___SH () C:\Users\blais_000\Desktop\Thumbs.db
2014-09-20 07:31 - 2014-09-20 07:31 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\06366727.sys
2014-09-20 06:35 - 2013-11-14 00:20 - 00033862 _____ () C:\WINDOWS\PFRO.log
2014-09-19 22:19 - 2014-09-19 10:48 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\New Version Available
2014-09-19 16:04 - 2014-03-17 11:00 - 00000000 ____D () C:\Program Files (x86)\ScreenRecorder
2014-09-19 12:00 - 2014-09-19 12:00 - 00699016 _____ (CNET Download.com) C:\Users\blais_000\Downloads\cbsidlm-cbsi213-Screen_Recorder-ORG-75937532.exe
2014-09-19 11:57 - 2014-09-19 11:57 - 01751696 _____ (SightFiesta Co., Ltd. ) C:\Users\blais_000\Downloads\FreeVideoCapture_CNET(1).exe
2014-09-19 11:48 - 2014-03-18 18:40 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\Skype
2014-09-19 11:46 - 2014-03-18 18:40 - 00000000 ____D () C:\ProgramData\Skype
2014-09-19 10:46 - 2014-09-19 10:46 - 01751696 _____ (SightFiesta Co., Ltd. ) C:\Users\blais_000\Downloads\FreeVideoCapture_CNET.exe
2014-09-19 10:39 - 2014-05-23 22:30 - 00000000 ____D () C:\Users\blais_000\Documents\BSR Photos
2014-09-19 10:38 - 2014-09-19 10:38 - 00692224 _____ () C:\WINDOWS\SysWOW64\bsrmgcv.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00585728 _____ () C:\WINDOWS\SysWOW64\bsratswf.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00192512 _____ () C:\WINDOWS\SysWOW64\bsrmgps.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00147456 _____ () C:\WINDOWS\SysWOW64\bsratwmv.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00098304 _____ () C:\WINDOWS\SysWOW64\bsreffs.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00090112 _____ () C:\WINDOWS\SysWOW64\bsrlback.dll
2014-09-19 10:38 - 2014-09-19 10:38 - 00081920 _____ () C:\WINDOWS\SysWOW64\bsrgvas.dll
2014-09-19 10:38 - 2014-09-19 10:37 - 15588344 _____ (BSRSoft) C:\Users\blais_000\Downloads\InstallBSR_v6.exe
2014-09-19 10:38 - 2014-03-22 22:00 - 00000000 ____D () C:\Users\Default\AppData\Local\Bulents
2014-09-19 10:38 - 2014-03-22 22:00 - 00000000 ____D () C:\Users\Default User\AppData\Local\Bulents
2014-09-19 10:38 - 2014-03-22 22:00 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Bulents
2014-09-19 10:38 - 2014-03-22 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6
2014-09-19 10:38 - 2014-03-22 22:00 - 00000000 ____D () C:\Program Files\BSR Screen Recorder 6
2014-09-19 10:02 - 2014-04-02 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 09:43 - 2014-09-19 09:43 - 00005111 _____ () C:\ProgramData\eaapqbsg.gfr
2014-09-19 09:43 - 2014-09-19 09:43 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Movavi
2014-09-18 12:38 - 2014-03-18 12:03 - 00003624 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2239919557-4028155487-1077561689-1004
2014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\ProgramData\Movavi
2014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture 5
2014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\Program Files (x86)\Movavi Screen Capture 5
2014-09-18 09:07 - 2014-09-18 09:04 - 56819280 _____ (Movavi) C:\Users\blais_000\Downloads\MovaviScreenRecorderSetup.exe
2014-09-18 08:22 - 2014-09-18 08:21 - 00000000 ____D () C:\Users\blais_000\Documents\_Rewards Rebates Coupons
2014-09-18 08:13 - 2014-09-18 08:13 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\074253FE.sys
2014-09-18 07:19 - 2014-03-08 20:29 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-18 06:28 - 2014-09-18 06:28 - 01333204 _____ () C:\Users\blais_000\Downloads\E5000000614.zip
2014-09-17 20:43 - 2014-03-10 18:20 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 18:02 - 2014-07-16 12:48 - 00025600 ___SH () C:\Users\blais_000\Documents\Thumbs.db
2014-09-17 18:02 - 2014-06-08 16:26 - 00000000 ____D () C:\Users\blais_000\Documents\_US Patent Office
2014-09-17 12:56 - 2014-04-02 15:25 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 12:41 - 2014-03-14 14:30 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-09-17 12:41 - 2014-03-14 14:30 - 00002232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-09-17 12:41 - 2014-03-14 14:30 - 00002071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-09-17 07:12 - 2013-11-14 00:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-17 06:29 - 2013-07-04 14:51 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-17 04:46 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-16 16:49 - 2013-08-22 07:44 - 05330584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-16 14:44 - 2013-08-22 07:46 - 00307843 _____ () C:\WINDOWS\setupact.log
2014-09-15 07:44 - 2014-09-15 07:44 - 00000000 ___RD () C:\Users\blais_000\Podcasts
2014-09-15 07:31 - 2013-11-14 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-15 07:31 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-14 17:13 - 2014-09-14 17:13 - 02281443 _____ () C:\Users\blais_000\Downloads\Free_PowerPoint_Templates.zip
2014-09-13 06:52 - 2014-07-09 05:16 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-13 06:43 - 2014-09-13 06:43 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\PhotoScape
2014-09-13 06:43 - 2014-09-13 06:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-09-13 06:43 - 2014-09-13 06:42 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-09-12 17:38 - 2014-06-11 00:02 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-12 17:38 - 2014-06-11 00:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-12 17:38 - 2014-06-11 00:02 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-12 17:38 - 2014-06-11 00:02 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-12 17:38 - 2014-06-11 00:02 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-12 17:38 - 2014-06-11 00:02 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-12 17:38 - 2014-06-11 00:02 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-12 17:38 - 2014-06-11 00:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-12 17:38 - 2014-06-11 00:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-12 17:38 - 2014-06-11 00:02 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-12 17:38 - 2014-06-11 00:02 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-12 17:38 - 2014-06-11 00:02 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-12 17:38 - 2014-06-11 00:02 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-12 17:38 - 2014-06-11 00:02 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-12 17:38 - 2014-05-02 11:11 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-12 17:38 - 2014-05-02 11:11 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-12 16:06 - 2014-09-12 16:06 - 00000000 ____D () C:\Program Files (x86)\Dell Update
2014-09-12 16:06 - 2013-07-04 14:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-12 15:46 - 2014-03-08 13:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-12 10:08 - 2014-09-12 10:08 - 00000000 ____D () C:\Users\blais_000\Documents\eSigs
2014-09-11 14:59 - 2014-09-11 14:59 - 00895120 _____ (Google Inc.) C:\Users\blais_000\Downloads\GoogleVoiceAndVideoSetup(1).exe
2014-09-10 16:08 - 2014-09-10 16:08 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\51FF6DD8.sys
2014-09-09 10:51 - 2014-04-02 15:15 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 04:29 - 2014-09-09 04:29 - 00001115 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-09-09 04:29 - 2014-03-14 13:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-08 15:01 - 2014-09-08 14:58 - 00000000 ____D () C:\Program Files\Zune
2014-09-08 14:58 - 2014-09-08 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
2014-09-08 14:52 - 2014-09-08 14:51 - 105664248 _____ (Microsoft Corporation) C:\Users\blais_000\Downloads\ZuneSetupPkg.exe
2014-09-07 11:09 - 2014-09-07 11:09 - 00000000 ____D () C:\Program Files\Microsoft Mathematics Add-in
2014-09-07 11:09 - 2014-09-07 11:08 - 16808712 _____ (Microsoft Corporation) C:\Users\blais_000\Downloads\edumathaddin.exe
2014-09-05 20:08 - 2014-09-05 20:08 - 00000000 _____ () C:\WINDOWS\DVDShrink.txt
2014-09-05 20:08 - 2014-06-04 01:14 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\AVS4YOU
2014-09-05 19:51 - 2014-09-05 19:51 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\WebApp
2014-09-05 19:50 - 2014-09-05 19:50 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Cyberlink
2014-09-05 19:50 - 2014-05-24 10:09 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\CyberLink
2014-09-05 19:50 - 2014-03-17 10:43 - 00000000 ____D () C:\Users\blais_000\Documents\CyberLink
2014-09-04 19:36 - 2014-09-11 18:54 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-04 19:31 - 2014-09-11 18:54 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-04 17:48 - 2014-09-11 18:54 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-04 10:22 - 2014-09-04 10:22 - 00058232 _____ (Term Tutor) C:\WINDOWS\system32\Drivers\ttnfd.sys
2014-09-02 13:06 - 2014-08-14 06:01 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 13:06 - 2014-08-14 06:01 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-02 12:32 - 2014-09-02 12:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\3ED50ED5.sys
2014-09-01 16:01 - 2014-09-01 16:01 - 00425286 _____ () C:\Users\blais_000\Downloads\_Postcards-Medium.zip
2014-09-01 09:49 - 2014-08-29 16:40 - 00000000 ____D () C:\Users\blais_000\Documents\Writing
2014-08-31 13:49 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-31 07:33 - 2014-04-12 11:54 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\HpUpdate
2014-08-29 15:26 - 2014-08-29 15:25 - 33386447 _____ () C:\Users\blais_000\Downloads\4 Responsive HTML & Wp Templates.zip
2014-08-29 13:01 - 2014-03-08 13:09 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-29 11:52 - 2014-08-29 11:51 - 249710296 _____ () C:\Users\blais_000\Downloads\four-hour-chef_audio-book-64kps-higher-fidelity.zip
2014-08-29 05:48 - 2014-04-01 11:05 - 00000912 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-08-29 05:42 - 2014-08-29 05:42 - 91670064 _____ (The GIMP Team ) C:\Users\blais_000\Downloads\gimp-2.8.14-setup.exe
2014-08-28 09:11 - 2014-03-24 12:44 - 00000000 ____D () C:\Users\blais_000\Documents\_PERSONAL
2014-08-28 00:16 - 2014-08-28 00:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\76267CA4.sys
2014-08-26 07:49 - 2014-08-26 07:49 - 05709626 _____ () C:\Users\blais_000\Downloads\washingtonnoxiousweedlist2014.apk

Some content of TEMP:
====================
C:\Users\blais_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplgiva8.dll
C:\Users\blais_000\AppData\Local\Temp\jre-8u11-windows-au.exe
C:\Users\blais_000\AppData\Local\Temp\mpam-87f28361.exe
C:\Users\blais_000\AppData\Local\Temp\OfficeSetup.exe
C:\Users\blais_000\AppData\Local\Temp\Onetastic Installer.exe
C:\Users\blais_000\AppData\Local\Temp\paint.net.4.0.install.exe
C:\Users\blais_000\AppData\Local\Temp\Scrivener-1730-update.exe
C:\Users\blais_000\AppData\Local\Temp\UninstallBSR6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-20 05:12

==================== End Of Log ============================

Link to post
Share on other sites

Naat,

 

Here are the results of the ADDITION.TXT file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by blais_000 at 2014-09-25 12:01:34
Running from C:\Users\blais_000\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Edge Animate CC (HKLM-x32\...\{1C5E96F4-6F15-4A96-BF62-9D1F60B44FF1}) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Edge Code CC (HKLM-x32\...\{641F742F-1497-51B4-F481-1037096A90A0}) (Version: 0.97 - Adobe Systems Incorporated)
Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)
Adobe Edge Reflow CC Preview (HKLM\...\{4CBD2327-FA4C-4D42-8903-CE1E96FE0FBF}) (Version: 0.37.15833 - Adobe Systems Incorporated)
Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Gaming SDK 1.3 (HKLM-x32\...\{62FFC6DD-18BB-49FC-AF65-71FB1C0B08AA}) (Version: 1.3 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InCopy CC (HKLM-x32\...\{2606D96F-C1A3-1014-9A8F-E3561A1AC78D}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Muse (HKLM-x32\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 7.2 - Adobe Systems Incorporated)
Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.2.232 - Adobe Systems Incorporated)
Adobe Muse (x32 Version: 7.2.232 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Prelude CC (HKLM-x32\...\{5D73C19B-BE10-44A6-96B2-A516756ED29F}) (Version: 2.2.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Scout CC (HKLM\...\{BA573BFE-83B4-11E3-93D2-D231FEB1DC81}) (Version: 1.1.3.354121 - Adobe Systems Incorporated)
Adobe SpeedGrade CC (HKLM-x32\...\{29AA12E9-934C-485E-A9A1-D823FEB29880}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
AT&T Connect Participant Application v9.5.51 (HKLM-x32\...\{E42E8753-9A8E-48E9-9829-B3571D91A945}) (Version: 9.5.51 - AT&T Inc.)
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
AVS Audio Recorder 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: 4.0.2.22 - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.1.529 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.1.232 - Online Media Technologies Ltd.)
AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.)
AVS Image Converter 3.1.1.275 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.1.1.275 - Online Media Technologies Ltd.)
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
AVS Photo Editor 2.2.1.140 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.2.1.140 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.3.258 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.3.258 - Online Media Technologies Ltd.)
AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BSR Screen Recorder 6 (HKLM-x32\...\BSRScreenRecorder6) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)
CrystalGraphics 3D Character Slides Vol. 1 for PowerPoint (HKLM-x32\...\{86ACBEEB-C64A-4D06-9ACD-D2D4480DD96D}) (Version: 1.00.0000 - CrystalGraphics)
CrystalGraphics 3D Character Slides Vol. 2 for PowerPoint (HKLM-x32\...\{7FE8DEB1-29FB-48D5-9D81-B9C17F0D8BE4}) (Version: 1.00.0000 - CrystalGraphics)
CrystalGraphics 3D Character Slides Vol. 3 for PowerPoint (HKLM-x32\...\{F1265B81-97C7-4E3B-AFCC-5F723EEE0721}) (Version: 1.00.0000 - CrystalGraphics)
CrystalGraphics Chart and Diagram Slides for PowerPoint - Combo 2 (HKLM-x32\...\{3365DA96-F2D7-42E3-BBAE-C6A23A78E794}) (Version: 1.00.0000 - CrystalGraphics)
CrystalGraphics Chart and Diagram Slides for PowerPoint - Volume 1 (HKLM-x32\...\{56D3E280-BF62-4B0D-BB4B-3CA8C053A8B8}) (Version: 1.00.0000 - CrystalGraphics)
CrystalGraphics Chart and Diagram Slides for PowerPoint - Volume 11 (HKLM-x32\...\{C3825BC4-B635-4E2F-87A5-52549D9C7621}) (Version: 1.00.0000 - CrystalGraphics)
CrystalGraphics Chart and Diagram Slides for PowerPoint - Volume 12 (HKLM-x32\...\{B907BBF1-4915-4D63-AAAA-21460CD5CF98}) (Version: 1.00.0000 - CrystalGraphics)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Damage (MAGIX) version 2.5 (HKLM-x32\...\{03D0FE1B-9788-418C-A95E-DA7D4376F82C}_is1) (Version: 2.5 - Digieffects)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.5.0.19 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{7E07B3E7-9A66-41F3-A91D-EC2CCE14E5B9}) (Version: 1.1.1072.0 - Dell Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.2.6032.125 - PC-Doctor, Inc.) Hidden
EasySketchPro version 1.0.9 (HKLM-x32\...\{90BB7D95-EBCA-4276-B15E-156F85E8B1DA}_is1) (Version: 1.0.9 - Inner Cirle Riches)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Folder Marker Pro (HKLM\...\Folder Marker Pro_is1) (Version: 4.2 - ArcticLine Software)
Foxtab (HKLM-x32\...\foxtab) (Version:  - FoxTab) <==== ATTENTION
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 7.0.0.1694 (HKCU\...\GoToMeeting) (Version: 7.0.0.1694 - CitrixOnline)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Inkscape 0.48 (HKLM-x32\...\Inkscape) (Version: 0.48 - Partha Bagchi)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
KUSO EXIF Viewer (HKLM-x32\...\KUSO EXIF Viewer) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
MadCap Analyzer V7 (HKLM-x32\...\{00DBC204-2EA0-4103-A35F-5B6B72AD3008}) (Version: 7.0.0 - MadCap Software)
MadCap Capture V6 (HKLM-x32\...\{F3AA2838-A5CC-49A8-92EB-8BA6082CD3F0}) (Version: 6.0 - MadCap Software)
MadCap Contributor V6 (HKLM-x32\...\{52664DBA-CC11-4355-916F-472E65974796}) (Version: 6.0.0 - MadCap Software)
MadCap Flare V10 (HKLM-x32\...\{6A0F3E37-0390-4C95-A354-ECA3E05275C0}) (Version: 10.0.0 - MadCap Software)
MadCap Help Viewer V6.3 (HKLM-x32\...\{248D8B6E-2BB9-4BBE-B717-A27F0DC16B39}) (Version: 6.3.0 - MadCap Software)
MadCap Lingo V8 (HKLM-x32\...\{BCD63536-93DA-4D3B-BEC8-E74F0DC51DC7}) (Version: 8.0 - MadCap Software)
MadCap Mimic V7 (HKLM-x32\...\{5402751A-93F8-4B18-8357-174FCF51679C}) (Version: 7.0.0 - MadCap Software)
MadCap Movie Viewer V7 (HKLM-x32\...\{3BB9F7A2-FF0E-4E03-B715-B020BDBDB89A}) (Version: 7.0.0 - MadCap Software)
MAGIX Photo Manager 12 Deluxe (HKLM-x32\...\MAGIX_{9B97E77A-A186-4269-9DCB-E99EFE3DFDEB}) (Version: 10.0.0.268 - MAGIX AG)
MAGIX Photo Manager 12 Deluxe (Version: 10.0.0.268 - MAGIX AG) Hidden
MAGIX Photo Manager 12 Deluxe Update (Version: 10.0.1.286 - MAGIX AG) Hidden
MAGIX Photostory 2014 Deluxe (HKLM-x32\...\MX.{AE683014-426B-4028-9809-9F20C5AB3401}) (Version: 13.0.2.87 - MAGIX AG)
MAGIX Photostory 2014 Deluxe (Version: 13.0.2.87 - MAGIX AG) Hidden
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{ADB6CF23-87C3-493D-A12D-DCE526E0418C}) (Version: 2.0.1.9 - MAGIX AG)
MAGIX Slideshow Maker 2 (Version: 2.0.1.9 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{871A2557-8636-4640-966B-ACBF6CF0B0FF}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Video Sound Cleaning Lab 2014 (HKLM-x32\...\MX.{73BCF310-97CE-4E75-AF46-01C55D42ED0D}) (Version: 20.0.0.18 - MAGIX Software GmbH)
MAGIX Video Sound Cleaning Lab 2014 (Version: 20.0.0.18 - MAGIX Software GmbH) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics Add-In for Word and OneNote (HKLM\...\{90150000-00D8-0409-1000-0000000FF1CE}) (Version: 15.0.4481.1002 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Project Professional 2013 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft SharePoint Designer 2013 - en-us (HKLM\...\SPDRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Movavi Screen Capture 5 (HKLM-x32\...\Movavi Screen Capture 5) (Version: 5.0.0 - Movavi)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
oDesk Team (HKCU\...\oDVT) (Version:  - oDesk Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
Pokki (HKCU\...\Pokki) (Version: 0.267.1.208 - Pokki)
Pokki Download Helper (HKCU\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
PowerPlugs: Music for PowerPoint (HKLM-x32\...\{14899532-CFC3-4218-9700-3DD75388F6C5}) (Version: 1.00.0000 - CrystalGraphics)
PowerPlugs: QuizMaster (HKLM-x32\...\{459FFA6D-3C47-4AAB-B8BB-87562F1B21E3}) (Version: 1.00.0000 - crystalgraphics)
PowerPlugs: Transitions and/or 3D Titles (HKLM-x32\...\PowerPlugs) (Version:  - )
PowerPlugs: Video Backgrounds (HKLM-x32\...\{62D35477-42F1-438F-B5CA-0EC5A2991946}) (Version: 1.00.0002 - CrystalGraphics)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Scrivener (HKLM-x32\...\Scrivener 1610) (Version: 1610 - Literature and Latte)
Scrolling Teleprompter Software (HKLM-x32\...\Scrolling Teleprompter Software_is1) (Version:  - Sobolsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Term Tutor (HKLM-x32\...\TermTutor) (Version: 1.9.0.8 - Term Tutor) <==== ATTENTION
Vasco da Gama 7 HDPro (HKLM-x32\...\{5C3CDFD0-45B3-48D0-941F-E3F76F343765}) (Version: 7.00.0000 - MotionStudios)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\blais_000\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\blais_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\blais_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\blais_000\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-09-2014 23:56:37 Dell Update: Intel HD Graphics 4000 Driver
12-09-2014 23:57:59 Dell Update: Intel HM77 Chipset Driver
20-09-2014 12:34:11 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0142519F-FFB1-4AE0-828A-7E95741EEFB1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {044000F3-3CA0-4AA5-9905-879740F5839B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2013-02-14] (PC-Doctor, Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {08D99932-3A39-43D0-83EF-E81C5880E890} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {24F08B8D-E909-4C60-8058-8864CC9F7697} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
Task: {253FCF1B-81B3-4603-A671-68D374987845} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {294F3854-0AD2-46AA-8738-3BAED8A7F835} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2FC19C81-4AC2-4B93-99AE-703170803658} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-17] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3963D70D-028C-4351-AC68-72F53FE7878D} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3E704EDC-DC47-4097-99EA-D83121F3391F} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
Task: {466BAF8B-3F49-4262-BB91-BFB151EA85D4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-28] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5498C9AB-6483-4668-AF61-A85D3CCBF056} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-02] (CyberLink Corp.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {722E8B1F-B979-4435-A333-0ACC267AC4EB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {729EB9A8-8DD8-4965-AC82-E5971933068E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-02] (CyberLink)
Task: {73970FF2-3E8E-4F6B-94E3-C39CCEF2B94A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {73D9FFEB-3505-4396-9AFB-9510F44B8CDC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BLAISE-DELL-blais_000 Blaise-Dell => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-17] (Microsoft Corporation)
Task: {74E1ACD6-7EA8-4C2E-90DA-E76415CD144E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2239919557-4028155487-1077561689-1004 => C:\Users\blais_000\AppData\Local\Citrix\GoToMeeting\1694\g2mupdate.exe [2014-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {797ECDB0-9DFC-4FDE-BAD8-8933DD291F16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-28] (Microsoft Corporation)
Task: {7AF61BC5-688B-40FE-AC8D-6FEB32D8676E} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2239919557-4028155487-1077561689-1004
Task: {7F17FF04-CB19-495C-96D2-BC9EB553DF71} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {8175DAC7-53AF-45DE-9E2B-8F8A51A42716} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-blaisem@techfleur.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BF46E40-6E20-49EE-BC27-6647FF9163FE} - System32\Tasks\HP AR Program Upload - 28e190b0147c424292af49d82ca7b1a82a8b55fbb60441adaea39f8be33a897c => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9616F14D-8458-4399-B15B-A80EDA423414} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {9D0D3E15-3066-4E9A-AEDE-AF8FD4D1F1D7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A2CEE73F-9861-4769-942F-B6DD0A1EFF19} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004Core => C:\Users\blais_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-04] (Google Inc.)
Task: {A8898055-C7FA-4792-A81F-AF3E9DBD1ED5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
Task: {AA134A20-BC14-4725-ABE4-7BB1B339CEDA} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe
Task: {B227A64D-2A0A-4300-917C-42BF03353E0C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D2A8F4BD-2971-4C32-A6D5-8498E82A2983} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D94EF0CE-2118-4E8F-B6B1-177B03F87B50} - System32\Tasks\HP AR Program Upload - 91abd20060c84e558aef44725a62ff960e1f0684dad743ec9a652d06ae18e1ca => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {D9C17359-1CA3-4662-99A2-F9B8D743EF65} - System32\Tasks\PocketCloud => C:\Program
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC8E9000-9B3F-4755-B4DD-228852D4A1A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004UA => C:\Users\blais_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-04] (Google Inc.)
Task: {DD1FC8C9-4876-4741-851F-327A78A76A10} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2239919557-4028155487-1077561689-1004 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {E52E4813-C297-4913-926F-3BE139FD746C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-22] (Synaptics Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EC5C52AC-1D53-4619-A367-FF372A9F4F58} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2013-02-14] (PC-Doctor, Inc.)
Task: {F643DAA9-0B70-49DF-943A-6E4323A2AF86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2239919557-4028155487-1077561689-1004.job => C:\Users\blais_000\AppData\Local\Citrix\GoToMeeting\1694\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004Core.job => C:\Users\blais_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004UA.job => C:\Users\blais_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2014-03-08 20:29 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-07-04 14:56 - 2012-04-24 19:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-06-21 19:46 - 2013-06-21 19:46 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-06-21 19:35 - 2013-06-21 19:35 - 00032256 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-06-21 19:31 - 2013-06-21 19:31 - 00035840 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2013-12-05 11:24 - 2013-12-05 11:24 - 02330440 _____ () C:\Users\blais_000\AppData\Local\Pokki\ocdeskband_0.dll
2014-02-11 03:21 - 2014-02-11 03:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-08-28 23:38 - 2014-09-17 20:59 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-01-25 03:22 - 2014-01-25 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-08 20:30 - 2014-09-17 20:59 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\AppVIsvStream64.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-09-12 17:38 - 2014-09-12 17:38 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\ba24f9916c8dc4bcddd9d8fda57e1f4e\PSIClient.ni.dll
2013-07-04 14:44 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00569856 _____ () C:\Users\blais_000\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 01400846 _____ () C:\Users\blais_000\AppData\Local\Pokki\Engine\avcodec-54.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00151054 _____ () C:\Users\blais_000\AppData\Local\Pokki\Engine\avutil-51.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00222734 _____ () C:\Users\blais_000\AppData\Local\Pokki\Engine\avformat-54.dll
2013-07-04 14:54 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\blais_000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "Zune Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKCU\...\StartupApproved\Run: => "GoogleDriveSync"
HKCU\...\StartupApproved\Run: => "Push Client"

========================= Accounts: ==========================

Administrator (S-1-5-21-2239919557-4028155487-1077561689-500 -> Administrator - Disabled - Status: Degraded)
blais_000 (S-1-5-21-2239919557-4028155487-1077561689-1004 -> Administrator - Enabled - Status: OK) => C:\Users\blais_000
Guest (S-1-5-21-2239919557-4028155487-1077561689-501 -> Limited - Enabled - Status: OK)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2014 11:52:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x15ac
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (09/25/2014 11:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/25/2014 11:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/25/2014 11:34:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0x1288
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (09/25/2014 11:34:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0x2578
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (09/25/2014 11:29:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)
Description: Activation of app 55648JonathanPierce.RemindMeforWindows_anp9h61w2e7b0!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/25/2014 11:29:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/25/2014 11:23:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1d28

Start Time: 01cfd8ed0383a8a9

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: fc6b9ded-44e0-11e4-bfdd-74867a198a44

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (09/25/2014 11:20:47 AM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?.
Rejected Safe Mode action : Microsoft Outlook.

Error: (09/23/2014 06:10:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0x274c
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5


System errors:
=============
Error: (09/25/2014 11:52:51 AM) (Source: DCOM) (EventID: 10010) (User: BLAISE-DELL)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (09/25/2014 11:52:06 AM) (Source: DCOM) (EventID: 10010) (User: BLAISE-DELL)
Description: App.AppX6yygnwabebypxjc6bx7wvtens09wztyw.wwa

Error: (09/25/2014 11:37:57 AM) (Source: DCOM) (EventID: 10010) (User: BLAISE-DELL)
Description: App.AppXzx3k4z9qbqt0wxqq6geevr9ef44m4tpm.wwa

Error: (09/25/2014 11:35:19 AM) (Source: DCOM) (EventID: 10010) (User: BLAISE-DELL)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (09/25/2014 11:20:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/25/2014 11:19:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/25/2014 11:19:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/25/2014 11:18:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/25/2014 11:18:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (09/23/2014 05:03:38 AM) (Source: DCOM) (EventID: 10010) (User: BLAISE-DELL)
Description: App.AppXzx3k4z9qbqt0wxqq6geevr9ef44m4tpm.wwa


Microsoft Office Sessions:
=========================
Error: (09/25/2014 11:52:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd15ac01cfd8f1cd6ab892C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll0b6390cd-44e5-11e4-bfdd-74867a198a44

Error: (09/25/2014 11:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142

Error: (09/25/2014 11:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142

Error: (09/25/2014 11:34:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425128801cfd8ef5b322d3dC:\Users\blais_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll9a209b11-44e2-11e4-bfdd-74867a198a44

Error: (09/25/2014 11:34:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425257801cfd8ed5b1d6a15C:\Users\blais_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll8726ba20-44e2-11e4-bfdd-74867a198a44

Error: (09/25/2014 11:29:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)
Description: 55648JonathanPierce.RemindMeforWindows_anp9h61w2e7b0!App-2144927142

Error: (09/25/2014 11:29:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142

Error: (09/25/2014 11:23:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206051d2801cfd8ed0383a8a94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exefc6b9ded-44e0-11e4-bfdd-74867a198a44microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (09/25/2014 11:20:47 AM) (Source: Microsoft Office 15) (EventID: 2001) (User: )
Description: Microsoft OutlookOutlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.

Do you want to start in safe mode?

Error: (09/23/2014 06:10:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425274c01cfd72fcd02c96cC:\Users\blais_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll0b79ffb6-4323-11e4-bfdd-74867a198a44


CodeIntegrity Errors:
===================================
  Date: 2014-07-01 20:01:24.610
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-01 20:01:24.536
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-01 20:01:24.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-01 20:01:24.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-01 20:01:24.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-01 20:01:24.216
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-01 20:01:24.140
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-01 20:01:24.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-01 20:01:23.972
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-01 20:01:23.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 26%
Total physical RAM: 16253.27 MB
Available physical RAM: 12019.66 MB
Total Pagefile: 18685.27 MB
Available Pagefile: 14555.67 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.31 GB) (Free:706.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F767AA84)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Hi blaisemi.

I will be assisting you for the duration of Naathim's absence.

 
FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
     
    startHKLM\...\Policies\Explorer: [NoControlPanel] 0FF Homepage: about:home|chrome://fvd.speeddial/content/fvd_about_blank.html|about:newtabFF user.js: detected! => C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\user.js2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files\TermTutor2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\TermTutor2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\FoxtabHosts:CMD: bitsadmin /reset /allusersCmd: ipconfig /flushdnsEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    XP users click run after receipt of Windows Security Warning - Open File.
    8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply

Link to post
Share on other sites

Here's the contents of fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01

Ran by blais_000 at 2014-09-27 19:46:30 Run:1

Running from C:\Users\blais_000\Downloads

Loaded Profile: blais_000 (Available profiles: blais_000)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

HKLM\...\Policies\Explorer: [NoControlPanel] 0

FF Homepage: about:home|chrome://fvd.speeddial/content/fvd_about_blank.html|about:newtab

FF user.js: detected! => C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\user.js

2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files\TermTutor

2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\TermTutor

2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\Foxtab

Hosts:

CMD: bitsadmin /reset /allusers

Cmd: ipconfig /flushdns

EmptyTemp:

end

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.

Firefox homepage deleted successfully.

C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\user.js => Moved successfully.

C:\Program Files\TermTutor => Moved successfully.

C:\Program Files (x86)\TermTutor => Moved successfully.

C:\Program Files (x86)\Foxtab => Moved successfully.

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.

Could not reset Hosts.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 3.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

Next,
 
51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

emptyclsid;msconfigcheck;shortcutfix;systemspecs;chrdefaults;ffdedaults;autoclean;
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
     
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.
Link to post
Share on other sites

Carlos,

 

Here's the zoek-results.txt output:

 

Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by blais_000 on Sun 09/28/2014 at 19:55:43.16.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\blais_000\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

9/28/2014 8:00:51 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2239919557-4028155487-1077561689-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_USERS\S-1-5-21-2239919557-4028155487-1077561689-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\BLAIS_~1\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default

user.js not found
---- Lines 5ebdca98-43b3-45bb-87e0-716029fb42ab removed from prefs.js ----
user_pref("extensions.{5ebdca98-43b3-45bb-87e0-716029fb42ab}.install-event-fired", true);
---- FireFox user.js and prefs.js backups ----

prefs_20140928_0831_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted
C:\Users\blais_000\.android deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\!vitruvian-autoenable.js deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\!vitruvian-csp.js deleted
C:\PROGRA~2\Mozilla Firefox\browser\defaults\preferences\!vitruvian-autoenable.js deleted
C:\PROGRA~2\Mozilla Firefox\browser\defaults\preferences\!vitruvian-csp.js deleted
C:\PROGRA~3\simplitec deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\blais_000\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\blais_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\blais_000\Downloads\FreeVideoCapture_CNET.exe deleted
C:\END deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\BLAIS_~1\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\FVD Toolbar deleted
C:\Users\BLAIS_~1\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\jetpack deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 16254 MB
CPU Info: Intel® Core i7-3537U CPU @ 2.00GHz
CPU Speed: 2560.4 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Intel® Centrino® Wireless-N 2230 | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (D: | ) D: TSSTcorpDVD+-RW SU-208CB
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  918.3GB
Hard Disks - Free: C:  715.4GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE |  | DELL   - 1
Time Zone: Pacific Standard Time
Motherboard *: Dell Inc. 0YMFG1
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Kaspersky Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Kaspersky Internet Security disabled
Default Browser: Firefox    32.0.2
Internet Explorer Version: 11.0.9600.17278
Mozilla Firefox version: 32.0.2 (x86 en-US)
Adobe Reader version: 11.0.9.29
Flash Player version: 15.0.0.152

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"termtutor@termtutor.com"="C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com" [09/22/2014 03:27 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\BLAIS_~1\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default
- Print pages to PDF - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\extensions\printPages2Pdf@reinhold.ripper
- LastPass - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\extensions\support@lastpass.com
- Speed Dial [FVD] - New Tab Page Sync... - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\extensions\pavel.sherbakov@gmail.com
- Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
- Term Tutor - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com
- Undetermined - %ProfilePath%\extensions\d47b25ba6430aade8ee2c5ca5ac9d55093f0f03eca6baebb631475d1bf27ebce_lp.key
- Undetermined - %ProfilePath%\extensions\d47b25ba6430aade8ee2c5ca5ac9d55093f0f03eca6baebb631475d1bf27ebce_lp.key
- Speed Dial [FVD] - New Tab Page Sync... - %ProfilePath%\extensions\pavel.sherbakov@gmail.com
- Print pages to PDF - %ProfilePath%\extensions\printPages2Pdf@reinhold.ripper
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Botn de Aadir a la lista de deseos Amazon > - %ProfilePath%\extensions\amznUWL2@amazon.com.xpi
- Search in a Giphy - %ProfilePath%\extensions\gt@giphy.com.xpi
- QrCodeR - %ProfilePath%\extensions\jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4@jetpack.xpi
- Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
- Awesome screenshot: Capture and Annotate - %ProfilePath%\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
- Facebook Secret Emoticons - %ProfilePath%\extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi
- Buffer for Firefox - %ProfilePath%\extensions\jid1-zUyU7TGKwejAyA@jetpack.xpi
- Klout - %ProfilePath%\extensions\kwtr-for-firefox@klout.com.xpi
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Pin It button - %ProfilePath%\extensions\pinterest@robertnyman.com.xpi
- Rainbow Color Tools - %ProfilePath%\extensions\rainbow@colors.org.xpi
- Facebook Phishing Protector - %ProfilePath%\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi
- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Term Tutor - %AppDir%\extensions\termtutor@termtutor.com
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default
DFC9460CC37E5C414DC4680B10C19E7A    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -    Shockwave Flash
FB5621842FDABF9F8359775573498FBC    - C:\Users\blais_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll -    Google Update
5CB01CF141E021DAAE96991A5BA57944    - C:\Users\blais_000\AppData\Roaming\Mozilla\plugins\npo1d.dll -    Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1    - C:\Users\blais_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -    Google Talk Plugin
D6ED6EB98E759460AD8C66DE23070132    - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -    Microsoft Office 2013
18CF51689186AEB9D1D149AEB0E92D03    - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL -    Microsoft Office 2013
E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\blais_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104
FDF7B2D69F2B7AF5B77124FCCB1DE2FC    - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll -    RocketLife Secure Plug-In Layer


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[01/21/2014 05:20 PM]
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[09/12/2014 02:43 AM]
ggkfikfcbnpfoicfjammigpnakpogebh - \C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx\[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[01/21/2014 05:20 PM]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[01/21/2014 05:20 PM]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[03/24/2014 02:23 AM]
nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx[09/20/2014 01:52 AM]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[01/21/2014 05:20 PM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com/?pc=U277"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{32C08433-847D-452E-8B1A-987C9A8AA132}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com/?pc=U277"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{32C08433-847D-452E-8B1A-987C9A8AA132} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2239919557-4028155487-1077561689-1004\Software\Microsoft\Internet Explorer\SearchScopes\{32C08433-847D-452E-8B1A-987C9A8AA132} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6\BSR Screen Recorder 6.lnk - C:\Program Files\BSR Screen Recorder 6\Screen Recorder 6.exe
C:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6\Movie Lab.lnk - C:\Program Files\BSR Screen Recorder 6\Screen Recorder 6.exe  /movielab
C:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6\Movie Studio.lnk - C:\Program Files\BSR Screen Recorder 6\Screen Recorder 6.exe  /moviestudio
C:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6\Screen Recorder 6 Help.lnk - C:\Program Files\BSR Screen Recorder 6\BSR6.chm
C:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6\Uninstall Screen Recorder 6.lnk - C:\Program Files (x86)\BSR Screen Recorder 6\Uninstall Screen Recorder 6.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-FFFF-7760-000000000006}\_SC_Acrobat.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk - C:\Program Files (x86)\Adobe\Adobe Content Viewer\Adobe Content Viewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\FormsCentral\FormsCentralForAcrobat.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Update.lnk - C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture 5\Movavi Screen Capture 5.lnk - C:\Program Files (x86)\Movavi Screen Capture 5\ScreenCapture.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture 5\Screen Capture Homepage.lnk - C:\Program Files (x86)\Movavi Screen Capture 5\Movavi Screen Capture 5.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture 5\Uninstall Movavi Screen Capture 5.lnk - C:\Program Files (x86)\Movavi Screen Capture 5\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe\Norton Identity Safe.LNK - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\cosastub.exe /install /force
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune\Zune.lnk - C:\Program Files (x86)\Zune\Zune.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\blais_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\blais_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\personas\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6378 folders=115 275532622 bytes)

==== Empty Temp Folders ======================

C:\Users\blais_000\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\BLAIS_~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Sun 09/28/2014 at 20:48:40.40 ======================
 

Link to post
Share on other sites

Hello blaisemi,
 
Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 1
 
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 2

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

STEP 3

 

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Link to post
Share on other sites

Carlos, here is the JRT output. I'm executing Steps 2 and 3 next.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 8.1 x64
Ran by blais_000 on Mon 09/29/2014 at 11:59:47.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
========================================================================================
    Pokki    REG_EXPAND_SZ    C:\WINDOWS\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform




~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\blais_000\AppData\Roaming\mozilla\firefox\profiles\3fj6e6e9.default\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/29/2014 at 12:04:00.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Carlos, here's the output of AdwCleaner:

 

# AdwCleaner v3.310 - Report created 29/09/2014 at 12:24:08
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : blais_000 - BLAISE-DELL
# Running from : C:\Users\blais_000\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PokkiDownloadHelper

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\prefs.js ]

Line Deleted : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"79065\",\"name\":\"fleur violette adobe\",\"headerURL\":\"hxxps://addons.cdn.mozilla.net/user-media/addons/79065/Persona_header_LABS.png?126634084[...]

*************************

AdwCleaner[R0].txt - [2226 octets] - [29/09/2014 12:20:38]
AdwCleaner[s0].txt - [2095 octets] - [29/09/2014 12:24:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2155 octets] ##########
 

Link to post
Share on other sites

OK,

 

 To finish.

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

   

  • Activate UAC

       

  • Remove disinfection tools

       

  • Create registry backup

       

  • Purge System Restore

       

  • Reset system settings

     

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder unless you want to keep it....

 

Let me know if there are any remaining issues or concerns....

 

Hug.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.