blaisemi Posted September 23, 2014 ID:882053 Share Posted September 23, 2014 I installed Camstudio and inadvertently also installed a program called FoxTab. When I try to uninstall FoxTab using the Windows Control Panel, I get this error message: "You do not have sufficient access to uninstall FoxTab. Please contact your system administrator." I have Administrator rights on my computer. I go to the \Program Files (x86)\FoxTab\1.8.12.0 directory and try to run uninstall.exe. I get the error message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I've tried running Malwarebytes (I have a Premium subscription) but on the infected computer, when I try to launch Malwarebytes, the message "Do you want to allow this program to make changes to this computer?" appears. I click the "Yes" button. Then nothing happens. I've tried downloading and re-installing Malwarebytes but receive installation errors. I've done Internet searches and find several sites that claim to have software that will remove FoxTab, but I'm afraid to install these in case they may actually make the situation worse. I believe FoxTab is loading tabs in my browsers to install various software, including pages that "appear" to be legitimate and include Microsoft partner logos, among other normally trusted sources. I believe it may also be adding fly-in ads to the right margins of my browsers on certain pages. I also have Kaspersky Internet Security and have downloaded Microsoft Windows Malicious Software Removal Tool. I'm currently running scans using these two tools, but am unsure whether they will detect and remove FoxTab. Does anyone have any solutions for removing FoxTab? Thanks! Blaise Link to post Share on other sites More sharing options...
Naathim Posted September 23, 2014 ID:882198 Share Posted September 23, 2014 Hi My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following:Analysis and research take some time, also sometimes real life gets in the way, please be patient.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Paste the logs in your posts, attachments make my work harder and more complicated.Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.I can't foresee everything, so if anything unexpected happens, please stop and inform me!There are no silly questions. Never be afraid to ask if in doubt!Let's start and enjoy the fight! Rules and policiesWe won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Malwarebytes' Anti-MalwarePlease download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.First of all select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Scan with Farbar Recovery Scan ToolPlease download Farbar Recovery Scan Tool and save it to your Desktop.There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.When the tool opens click Yes to disclaimer.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
blaisemi Posted September 23, 2014 Author ID:882301 Share Posted September 23, 2014 Hello, Naathim, Thank you for the detailed instructions. As I mentioned in my original post, I'm having problems using Malwarebytes on the infected machine, but will attempt to reinstall it again. Fortunately, I have a second laptop I can use so I've shut down the infected laptop. I have a full schedule today, but will perform the steps you recommended tomorrow. I'll post the results after I've completed the steps. I greatly appreciate your response. Blaise Link to post Share on other sites More sharing options...
Naathim Posted September 23, 2014 ID:882326 Share Posted September 23, 2014 Hi Skip MBAM, but generate the FRST reports. Cheers,Naat Link to post Share on other sites More sharing options...
blaisemi Posted September 25, 2014 Author ID:883128 Share Posted September 25, 2014 Naat, Thanks for your help! Here are the results in the FRST.TXT file: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01Ran by blais_000 (administrator) on BLAISE-DELL on 25-09-2014 12:00:28Running from C:\Users\blais_000\DownloadsLoaded Profile: blais_000 (Available profiles: blais_000)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(Term Tutor) C:\Program Files (x86)\TermTutor\Service\ttsvc.exe() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\nst.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Pokki) C:\Users\blais_000\AppData\Local\Pokki\Engine\pokki.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe(Pokki) C:\Users\blais_000\AppData\Local\Pokki\Engine\pokki.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(LastPass) C:\Users\blais_000\AppData\LocalLow\LastPass\LastPassBroker.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\klwtblfs.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)HKLM-x32\...\Run: [scrolling Teleprompter Software.exe] => [X]HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [Pokki] => C:\WINDOWS\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatformHKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [Push Client] => C:\Users\blais_000\AppData\Local\ATT Connect\Participant\pull.exe [983296 2013-11-12] (AT&T Inc.)HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\Run: [Google Update] => C:\Users\blais_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-04] (Google Inc.)HKU\S-1-5-21-2239919557-4028155487-1077561689-1004\...\RunOnce: [Application Restart #1] => C:\Users\blais_000\AppData\Local\Pokki\Engine\pokki.exe [8285512 2013-12-05] (Pokki)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnkShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnkShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\Users\blais_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\blais_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnkShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)Startup: C:\Users\blais_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U277HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.comSearchScopes: HKLM - DefaultScope {32C08433-847D-452E-8B1A-987C9A8AA132} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJSSearchScopes: HKLM - {32C08433-847D-452E-8B1A-987C9A8AA132} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJSSearchScopes: HKLM-x32 - DefaultScope {32C08433-847D-452E-8B1A-987C9A8AA132} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJSSearchScopes: HKLM-x32 - {32C08433-847D-452E-8B1A-987C9A8AA132} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJSSearchScopes: HKCU - DefaultScope {32C08433-847D-452E-8B1A-987C9A8AA132} URL =SearchScopes: HKCU - {32C08433-847D-452E-8B1A-987C9A8AA132} URL =BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)BHO: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files\TermTutor\IE\TermTutorClientIE.dll (Term Tutor)BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)BHO-x32: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files (x86)\TermTutor\IE\TermTutorClientIE.dll (Term Tutor)BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.defaultFF DefaultSearchEngine: BingFF SelectedSearchEngine: BingFF Homepage: about:home|chrome://fvd.speeddial/content/fvd_about_blank.html|about:newtabFF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\blais_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\blais_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\blais_000\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\blais_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\blais_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: pokki.com/PokkiDownloadHelper -> C:\Users\blais_000\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll (Pokki)FF user.js: detected! => C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\user.jsFF Plugin ProgramFiles/Appdata: C:\Users\blais_000\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\blais_000\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\pavel.sherbakov@gmail.com [2014-09-14]FF Extension: Print pages to PDF - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\printPages2Pdf@reinhold.ripper [2014-04-12]FF Extension: LastPass - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\support@lastpass.com [2014-08-19]FF Extension: Add to Amazon Wish List Button - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\amznUWL2@amazon.com.xpi [2014-05-11]FF Extension: Search in a Giphy - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\gt@giphy.com.xpi [2014-05-03]FF Extension: QrCodeR - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4@jetpack.xpi [2014-04-02]FF Extension: Self-Destructing Cookies - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-04-02]FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2014-04-19]FF Extension: Facebook Secret Emoticons - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi [2014-04-03]FF Extension: Buffer for Firefox - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\jid1-zUyU7TGKwejAyA@jetpack.xpi [2014-05-03]FF Extension: Klout - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\kwtr-for-firefox@klout.com.xpi [2014-07-01]FF Extension: Personas Plus - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\personas@christopher.beard.xpi [2014-04-02]FF Extension: Pin It button - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\pinterest@robertnyman.com.xpi [2014-04-02]FF Extension: Rainbow - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\rainbow@colors.org.xpi [2014-04-02]FF Extension: Facebook Phishing Protector - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-04-02]FF Extension: FireFTP - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2014-05-03]FF Extension: Adblock Plus - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-02]FF Extension: Term Tutor - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [2014-09-22]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-18]FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.comFF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-09]FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.comFF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-09]FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.comFF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-09]FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.comFF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-09]FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.comFF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-09]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-14]FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgnFF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn [2014-09-23]FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.comChrome:=======CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-09-23] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-01-21]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [2014-09-12]CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-01-21]CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-01-21]CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-01-21]CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-01-21]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-21] (Kaspersky Lab ZAO)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [150224 2014-09-09] (Dell Inc.)R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-13] (Microsoft Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-05] (Microsoft Corporation)R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-25] (SoftThinks SAS)S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)R2 ttsvc; C:\Program Files (x86)\TermTutor\Service\ttsvc.exe [276048 2014-09-04] (Term Tutor)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-21] (Kaspersky Lab ZAO)S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-01-21] (Kaspersky Lab)U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-24] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-01-21] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-09] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-01-21] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-24] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-01-21] (Kaspersky Lab ZAO)R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)R1 ttnfd; C:\Windows\System32\drivers\ttnfd.sys [58232 2014-09-04] (Term Tutor)R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-09-25 12:00 - 2014-09-25 12:01 - 00036822 _____ () C:\Users\blais_000\Downloads\FRST.txt2014-09-25 11:59 - 2014-09-25 12:00 - 00000000 ____D () C:\FRST2014-09-25 11:59 - 2014-09-25 11:59 - 02108928 _____ (Farbar) C:\Users\blais_000\Downloads\FRST64.exe2014-09-22 18:19 - 2014-09-22 18:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\blais_000\Downloads\mbam-setup-2.0.2.1012.exe2014-09-22 18:16 - 2014-09-22 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-09-22 18:15 - 2014-09-22 18:21 - 00000000 ____D () C:\Users\blais_000\Desktop\mbar2014-09-22 18:15 - 2014-09-22 18:15 - 12582688 _____ (Malwarebytes Corp.) C:\Users\blais_000\Downloads\mbar-1.07.0.1008.exe2014-09-22 15:48 - 2014-09-22 15:48 - 00765984 _____ ( ) C:\Users\blais_000\Downloads\CamStudioSetup_v2.7.2.exe2014-09-22 15:31 - 2014-09-22 16:18 - 00000408 _____ () C:\Users\blais_000\AppData\Roaming\CamShapes.ini2014-09-22 15:31 - 2014-09-22 16:18 - 00000408 _____ () C:\Users\blais_000\AppData\Roaming\CamLayout.ini2014-09-22 15:31 - 2014-09-22 16:18 - 00000129 _____ () C:\Users\blais_000\AppData\Roaming\Camdata.ini2014-09-22 15:31 - 2014-09-22 16:16 - 00004535 _____ () C:\Users\blais_000\AppData\Roaming\CamStudio.cfg2014-09-22 15:29 - 2014-09-22 15:57 - 00000000 ____D () C:\Users\blais_000\Documents\My CamStudio Temp Files2014-09-22 15:27 - 2014-09-22 15:49 - 00000096 _____ () C:\Users\blais_000\AppData\Roaming\version2.xml2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files\TermTutor2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\TermTutor2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\Foxtab2014-09-20 07:31 - 2014-09-20 07:31 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\06366727.sys2014-09-19 12:00 - 2014-09-19 12:00 - 00699016 _____ (CNET Download.com) C:\Users\blais_000\Downloads\cbsidlm-cbsi213-Screen_Recorder-ORG-75937532.exe2014-09-19 11:57 - 2014-09-19 11:57 - 01751696 _____ (SightFiesta Co., Ltd. ) C:\Users\blais_000\Downloads\FreeVideoCapture_CNET(1).exe2014-09-19 10:48 - 2014-09-19 22:19 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\New Version Available2014-09-19 10:46 - 2014-09-19 10:46 - 01751696 _____ (SightFiesta Co., Ltd. ) C:\Users\blais_000\Downloads\FreeVideoCapture_CNET.exe2014-09-19 10:38 - 2014-09-19 10:38 - 00692224 _____ () C:\WINDOWS\SysWOW64\bsrmgcv.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00585728 _____ () C:\WINDOWS\SysWOW64\bsratswf.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00192512 _____ () C:\WINDOWS\SysWOW64\bsrmgps.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00147456 _____ () C:\WINDOWS\SysWOW64\bsratwmv.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00098304 _____ () C:\WINDOWS\SysWOW64\bsreffs.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00090112 _____ () C:\WINDOWS\SysWOW64\bsrlback.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00081920 _____ () C:\WINDOWS\SysWOW64\bsrgvas.dll2014-09-19 10:37 - 2014-09-19 10:38 - 15588344 _____ (BSRSoft) C:\Users\blais_000\Downloads\InstallBSR_v6.exe2014-09-19 09:43 - 2014-09-19 09:43 - 00005111 _____ () C:\ProgramData\eaapqbsg.gfr2014-09-19 09:43 - 2014-09-19 09:43 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Movavi2014-09-18 19:30 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\ProgramData\Movavi2014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture 52014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\Program Files (x86)\Movavi Screen Capture 52014-09-18 09:04 - 2014-09-18 09:07 - 56819280 _____ (Movavi) C:\Users\blais_000\Downloads\MovaviScreenRecorderSetup.exe2014-09-18 08:21 - 2014-09-18 08:22 - 00000000 ____D () C:\Users\blais_000\Documents\_Rewards Rebates Coupons2014-09-18 08:13 - 2014-09-18 08:13 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\074253FE.sys2014-09-18 06:28 - 2014-09-18 06:28 - 01333204 _____ () C:\Users\blais_000\Downloads\E5000000614.zip2014-09-15 07:44 - 2014-09-15 07:44 - 00000000 ___RD () C:\Users\blais_000\Podcasts2014-09-14 17:13 - 2014-09-14 17:13 - 02281443 _____ () C:\Users\blais_000\Downloads\Free_PowerPoint_Templates.zip2014-09-13 19:11 - 2014-08-23 00:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2014-09-13 19:11 - 2014-08-23 00:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2014-09-13 19:11 - 2014-08-22 23:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll2014-09-13 19:11 - 2014-08-22 22:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll2014-09-13 19:11 - 2014-08-22 21:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2014-09-13 19:11 - 2014-08-22 21:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-09-13 19:11 - 2014-08-22 21:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll2014-09-13 19:11 - 2014-08-22 21:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2014-09-13 19:11 - 2014-08-22 21:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-09-13 19:11 - 2014-07-29 18:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll2014-09-13 19:11 - 2014-07-28 22:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll2014-09-13 19:11 - 2014-07-24 08:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-09-13 19:11 - 2014-07-24 06:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-09-13 19:11 - 2014-07-24 02:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2014-09-13 19:11 - 2014-07-24 02:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2014-09-13 19:11 - 2014-07-24 00:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2014-09-13 19:11 - 2014-07-24 00:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2014-09-13 19:10 - 2014-07-24 08:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS2014-09-13 19:10 - 2014-07-24 08:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys2014-09-13 19:10 - 2014-07-24 08:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys2014-09-13 19:10 - 2014-07-24 08:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys2014-09-13 19:10 - 2014-07-24 08:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys2014-09-13 19:10 - 2014-07-24 08:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-09-13 19:10 - 2014-07-24 08:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2014-09-13 19:10 - 2014-07-24 08:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll2014-09-13 19:10 - 2014-07-24 08:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll2014-09-13 19:10 - 2014-07-24 08:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe2014-09-13 19:10 - 2014-07-24 08:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL2014-09-13 19:10 - 2014-07-24 08:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe2014-09-13 19:10 - 2014-07-24 08:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-09-13 19:10 - 2014-07-24 08:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys2014-09-13 19:10 - 2014-07-24 08:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-09-13 19:10 - 2014-07-24 08:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-09-13 19:10 - 2014-07-24 08:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2014-09-13 19:10 - 2014-07-24 08:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2014-09-13 19:10 - 2014-07-24 08:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2014-09-13 19:10 - 2014-07-24 08:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll2014-09-13 19:10 - 2014-07-24 08:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll2014-09-13 19:10 - 2014-07-24 08:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll2014-09-13 19:10 - 2014-07-24 08:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2014-09-13 19:10 - 2014-07-24 08:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll2014-09-13 19:10 - 2014-07-24 07:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-09-13 19:10 - 2014-07-24 07:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys2014-09-13 19:10 - 2014-07-24 06:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll2014-09-13 19:10 - 2014-07-24 06:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL2014-09-13 19:10 - 2014-07-24 06:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe2014-09-13 19:10 - 2014-07-24 06:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll2014-09-13 19:10 - 2014-07-24 06:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2014-09-13 19:10 - 2014-07-24 06:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll2014-09-13 19:10 - 2014-07-24 06:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll2014-09-13 19:10 - 2014-07-24 06:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll2014-09-13 19:10 - 2014-07-24 06:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll2014-09-13 19:10 - 2014-07-24 04:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL2014-09-13 19:10 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL2014-09-13 19:10 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL2014-09-13 19:10 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL2014-09-13 19:10 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL2014-09-13 19:10 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL2014-09-13 19:10 - 2014-07-24 04:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL2014-09-13 19:10 - 2014-07-24 04:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll2014-09-13 19:10 - 2014-07-24 04:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys2014-09-13 19:10 - 2014-07-24 04:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys2014-09-13 19:10 - 2014-07-24 04:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys2014-09-13 19:10 - 2014-07-24 04:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys2014-09-13 19:10 - 2014-07-24 04:42 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys2014-09-13 19:10 - 2014-07-24 04:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys2014-09-13 19:10 - 2014-07-24 04:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys2014-09-13 19:10 - 2014-07-24 04:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys2014-09-13 19:10 - 2014-07-24 04:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys2014-09-13 19:10 - 2014-07-24 04:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-09-13 19:10 - 2014-07-24 04:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2014-09-13 19:10 - 2014-07-24 04:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll2014-09-13 19:10 - 2014-07-24 04:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll2014-09-13 19:10 - 2014-07-24 04:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll2014-09-13 19:10 - 2014-07-24 04:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll2014-09-13 19:10 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL2014-09-13 19:10 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL2014-09-13 19:10 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL2014-09-13 19:10 - 2014-07-24 03:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL2014-09-13 19:10 - 2014-07-24 03:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL2014-09-13 19:10 - 2014-07-24 03:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL2014-09-13 19:10 - 2014-07-24 03:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL2014-09-13 19:10 - 2014-07-24 03:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll2014-09-13 19:10 - 2014-07-24 03:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2014-09-13 19:10 - 2014-07-24 03:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl2014-09-13 19:10 - 2014-07-24 03:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll2014-09-13 19:10 - 2014-07-24 03:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll2014-09-13 19:10 - 2014-07-24 03:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll2014-09-13 19:10 - 2014-07-24 03:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll2014-09-13 19:10 - 2014-07-24 03:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-09-13 19:10 - 2014-07-24 03:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll2014-09-13 19:10 - 2014-07-24 03:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll2014-09-13 19:10 - 2014-07-24 03:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll2014-09-13 19:10 - 2014-07-24 03:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll2014-09-13 19:10 - 2014-07-24 03:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll2014-09-13 19:10 - 2014-07-24 02:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll2014-09-13 19:10 - 2014-07-24 02:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll2014-09-13 19:10 - 2014-07-24 02:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl2014-09-13 19:10 - 2014-07-24 02:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll2014-09-13 19:10 - 2014-07-24 02:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll2014-09-13 19:10 - 2014-07-24 02:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll2014-09-13 19:10 - 2014-07-24 02:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll2014-09-13 19:10 - 2014-07-24 02:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll2014-09-13 19:10 - 2014-07-24 02:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-09-13 19:10 - 2014-07-24 02:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll2014-09-13 19:10 - 2014-07-24 02:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll2014-09-13 19:10 - 2014-07-24 02:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll2014-09-13 19:10 - 2014-07-24 02:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll2014-09-13 19:10 - 2014-07-24 02:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll2014-09-13 19:10 - 2014-07-24 02:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll2014-09-13 19:10 - 2014-07-24 02:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll2014-09-13 19:10 - 2014-07-24 02:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll2014-09-13 19:10 - 2014-07-24 02:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe2014-09-13 19:10 - 2014-07-24 02:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll2014-09-13 19:10 - 2014-07-24 02:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll2014-09-13 19:10 - 2014-07-24 02:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll2014-09-13 19:10 - 2014-07-24 02:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll2014-09-13 19:10 - 2014-07-24 02:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe2014-09-13 19:10 - 2014-07-24 02:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll2014-09-13 19:10 - 2014-07-24 02:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2014-09-13 19:10 - 2014-07-24 01:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll2014-09-13 19:10 - 2014-07-24 01:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll2014-09-13 19:10 - 2014-07-24 01:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll2014-09-13 19:10 - 2014-07-24 01:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2014-09-13 19:10 - 2014-07-24 01:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll2014-09-13 19:10 - 2014-07-24 01:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll2014-09-13 19:10 - 2014-07-24 01:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll2014-09-13 19:10 - 2014-07-24 01:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll2014-09-13 19:10 - 2014-07-24 01:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll2014-09-13 19:10 - 2014-07-24 01:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll2014-09-13 19:10 - 2014-07-24 01:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll2014-09-13 19:10 - 2014-07-24 01:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll2014-09-13 19:10 - 2014-07-24 01:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll2014-09-13 19:10 - 2014-07-24 01:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll2014-09-13 19:10 - 2014-07-24 01:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll2014-09-13 19:10 - 2014-07-24 01:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll2014-09-13 19:10 - 2014-07-24 01:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll2014-09-13 19:10 - 2014-07-24 01:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll2014-09-13 19:10 - 2014-07-24 01:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-13 19:10 - 2014-07-24 01:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll2014-09-13 19:10 - 2014-07-24 01:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv2014-09-13 19:10 - 2014-07-24 01:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll2014-09-13 19:10 - 2014-07-24 01:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll2014-09-13 19:10 - 2014-07-24 01:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll2014-09-13 19:10 - 2014-07-24 01:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-09-13 19:10 - 2014-07-24 01:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll2014-09-13 19:10 - 2014-07-24 01:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe2014-09-13 19:10 - 2014-07-24 01:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-09-13 19:10 - 2014-07-24 01:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll2014-09-13 19:10 - 2014-07-24 01:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll2014-09-13 19:10 - 2014-07-24 01:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-09-13 19:10 - 2014-07-24 01:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll2014-09-13 19:10 - 2014-07-24 01:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll2014-09-13 19:10 - 2014-07-24 01:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll2014-09-13 19:10 - 2014-07-24 01:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-13 19:10 - 2014-07-24 01:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2014-09-13 19:10 - 2014-07-24 01:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll2014-09-13 19:10 - 2014-07-24 01:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll2014-09-13 19:10 - 2014-07-24 01:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv2014-09-13 19:10 - 2014-07-24 01:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll2014-09-13 19:10 - 2014-07-24 01:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll2014-09-13 19:10 - 2014-07-24 01:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-09-13 19:10 - 2014-07-24 01:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-09-13 19:10 - 2014-07-24 01:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll2014-09-13 19:10 - 2014-07-24 01:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-09-13 19:10 - 2014-07-24 01:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-09-13 19:10 - 2014-07-24 01:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll2014-09-13 19:10 - 2014-07-24 01:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll2014-09-13 19:10 - 2014-07-24 01:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll2014-09-13 19:10 - 2014-07-24 01:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll2014-09-13 19:10 - 2014-07-24 00:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll2014-09-13 19:10 - 2014-07-24 00:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll2014-09-13 19:10 - 2014-07-24 00:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll2014-09-13 19:10 - 2014-07-24 00:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll2014-09-13 19:10 - 2014-07-24 00:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-09-13 19:10 - 2014-07-24 00:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll2014-09-13 19:10 - 2014-07-24 00:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll2014-09-13 19:10 - 2014-07-24 00:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll2014-09-13 19:10 - 2014-07-24 00:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll2014-09-13 19:10 - 2014-07-24 00:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-09-13 19:10 - 2014-07-24 00:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-09-13 19:10 - 2014-07-24 00:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll2014-09-13 19:10 - 2014-07-24 00:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll2014-09-13 19:10 - 2014-07-24 00:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-09-13 19:10 - 2014-07-24 00:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-09-13 19:10 - 2014-07-24 00:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll2014-09-13 19:10 - 2014-07-24 00:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll2014-09-13 19:10 - 2014-07-23 21:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls2014-09-13 19:10 - 2014-07-23 21:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls2014-09-13 19:10 - 2014-07-11 22:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll2014-09-13 19:10 - 2014-07-11 22:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-09-13 19:10 - 2014-07-11 21:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll2014-09-13 19:10 - 2014-07-11 21:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-09-13 19:10 - 2014-07-11 21:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-09-13 19:10 - 2014-07-09 16:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-09-13 19:10 - 2014-07-04 05:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys2014-09-13 19:10 - 2014-07-04 03:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll2014-09-13 19:10 - 2014-07-04 03:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll2014-09-13 19:10 - 2014-07-04 03:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll2014-09-13 19:10 - 2014-07-04 03:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll2014-09-13 19:10 - 2014-07-04 02:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll2014-09-13 19:10 - 2014-07-04 02:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll2014-09-13 19:10 - 2014-06-26 23:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys2014-09-13 19:10 - 2014-06-25 17:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll2014-09-13 19:10 - 2014-06-25 17:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll2014-09-13 19:10 - 2014-06-19 16:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys2014-09-13 19:10 - 2014-06-18 19:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys2014-09-13 19:10 - 2014-06-13 23:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll2014-09-13 19:10 - 2014-06-13 22:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll2014-09-13 19:10 - 2014-06-07 05:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll2014-09-13 19:10 - 2014-06-07 03:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll2014-09-13 19:10 - 2014-06-05 07:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys2014-09-13 19:10 - 2014-06-05 03:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll2014-09-13 19:10 - 2014-06-05 02:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll2014-09-13 19:10 - 2014-05-30 22:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll2014-09-13 19:10 - 2014-05-30 21:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll2014-09-13 19:10 - 2014-05-28 23:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll2014-09-13 19:10 - 2014-05-28 22:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll2014-09-13 19:10 - 2014-05-28 22:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2014-09-13 19:10 - 2014-05-28 21:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2014-09-13 19:10 - 2014-05-26 00:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll2014-09-13 19:10 - 2014-05-10 03:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll2014-09-13 19:10 - 2014-05-10 01:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll2014-09-13 19:10 - 2014-05-05 21:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll2014-09-13 19:10 - 2014-05-05 17:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll2014-09-13 19:10 - 2014-03-24 19:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll2014-09-13 19:10 - 2014-03-24 19:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll2014-09-13 19:10 - 2014-03-24 18:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll2014-09-13 19:10 - 2014-03-24 18:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll2014-09-13 19:02 - 2014-08-14 17:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys2014-09-13 06:43 - 2014-09-13 06:43 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\PhotoScape2014-09-13 06:43 - 2014-09-13 06:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape2014-09-13 06:42 - 2014-09-13 06:43 - 00000000 ____D () C:\Program Files (x86)\PhotoScape2014-09-12 17:37 - 2014-08-15 19:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-09-12 17:37 - 2014-08-15 19:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-09-12 17:37 - 2014-08-15 19:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-09-12 17:37 - 2014-08-15 19:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-09-12 17:37 - 2014-08-15 18:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2014-09-12 17:37 - 2014-08-15 18:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2014-09-12 17:37 - 2014-08-15 18:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-09-12 17:37 - 2014-08-15 18:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2014-09-12 17:37 - 2014-08-15 18:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-09-12 17:37 - 2014-08-15 18:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll2014-09-12 17:37 - 2014-08-15 18:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2014-09-12 17:37 - 2014-08-15 18:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2014-09-12 17:37 - 2014-08-15 18:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-09-12 17:37 - 2014-08-15 18:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-09-12 17:37 - 2014-08-15 18:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-09-12 17:37 - 2014-08-15 18:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll2014-09-12 17:37 - 2014-08-15 18:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-09-12 17:37 - 2014-08-15 18:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-09-12 17:37 - 2014-08-15 18:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-09-12 17:37 - 2014-08-15 18:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-09-12 17:37 - 2014-08-15 18:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-09-12 17:37 - 2014-08-15 17:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll2014-09-12 17:37 - 2014-08-15 17:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-09-12 17:37 - 2014-08-15 17:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-09-12 17:37 - 2014-08-15 17:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-09-12 17:37 - 2014-08-15 17:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-09-12 17:37 - 2014-08-15 17:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-09-12 17:37 - 2014-08-15 17:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-09-12 17:37 - 2014-08-15 17:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-09-12 17:37 - 2014-08-15 17:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-09-12 17:37 - 2014-08-15 17:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-09-12 17:37 - 2014-08-15 17:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-09-12 17:37 - 2014-08-15 17:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-09-12 17:37 - 2014-08-15 17:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-09-12 17:37 - 2014-08-15 17:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-09-12 16:06 - 2014-09-12 16:06 - 00000000 ____D () C:\Program Files (x86)\Dell Update2014-09-12 10:08 - 2014-09-12 10:08 - 00000000 ____D () C:\Users\blais_000\Documents\eSigs2014-09-11 18:54 - 2014-09-04 19:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2014-09-11 18:54 - 2014-09-04 19:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-09-11 18:54 - 2014-09-04 17:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-09-11 18:54 - 2014-08-01 17:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll2014-09-11 18:53 - 2014-07-23 20:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll2014-09-11 18:53 - 2014-07-23 20:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll2014-09-11 14:59 - 2014-09-11 14:59 - 00895120 _____ (Google Inc.) C:\Users\blais_000\Downloads\GoogleVoiceAndVideoSetup(1).exe2014-09-10 16:08 - 2014-09-10 16:08 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\51FF6DD8.sys2014-09-09 04:29 - 2014-09-09 04:29 - 00001115 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk2014-09-08 14:58 - 2014-09-08 15:01 - 00000000 ____D () C:\Program Files\Zune2014-09-08 14:58 - 2014-09-08 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune2014-09-08 14:51 - 2014-09-08 14:52 - 105664248 _____ (Microsoft Corporation) C:\Users\blais_000\Downloads\ZuneSetupPkg.exe2014-09-07 11:09 - 2014-09-07 11:09 - 00000000 ____D () C:\Program Files\Microsoft Mathematics Add-in2014-09-07 11:08 - 2014-09-07 11:09 - 16808712 _____ (Microsoft Corporation) C:\Users\blais_000\Downloads\edumathaddin.exe2014-09-05 20:08 - 2014-09-05 20:08 - 00000000 _____ () C:\WINDOWS\DVDShrink.txt2014-09-05 19:51 - 2014-09-05 19:51 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\WebApp2014-09-05 19:50 - 2014-09-05 19:50 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Cyberlink2014-09-04 10:22 - 2014-09-04 10:22 - 00058232 _____ (Term Tutor) C:\WINDOWS\system32\Drivers\ttnfd.sys2014-09-02 12:32 - 2014-09-02 12:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\3ED50ED5.sys2014-09-01 16:01 - 2014-09-01 16:01 - 00425286 _____ () C:\Users\blais_000\Downloads\_Postcards-Medium.zip2014-08-29 16:40 - 2014-09-01 09:49 - 00000000 ____D () C:\Users\blais_000\Documents\Writing2014-08-29 15:25 - 2014-08-29 15:26 - 33386447 _____ () C:\Users\blais_000\Downloads\4 Responsive HTML & Wp Templates.zip2014-08-29 11:51 - 2014-08-29 11:52 - 249710296 _____ () C:\Users\blais_000\Downloads\four-hour-chef_audio-book-64kps-higher-fidelity.zip2014-08-29 05:42 - 2014-08-29 05:42 - 91670064 _____ (The GIMP Team ) C:\Users\blais_000\Downloads\gimp-2.8.14-setup.exe2014-08-28 00:27 - 2014-08-22 17:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-08-28 00:16 - 2014-08-28 00:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\76267CA4.sys2014-08-26 07:49 - 2014-08-26 07:49 - 05709626 _____ () C:\Users\blais_000\Downloads\washingtonnoxiousweedlist2014.apk==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-09-25 12:01 - 2014-09-25 12:00 - 00036822 _____ () C:\Users\blais_000\Downloads\FRST.txt2014-09-25 12:00 - 2014-09-25 11:59 - 00000000 ____D () C:\FRST2014-09-25 12:00 - 2014-05-09 20:28 - 00000370 _____ () C:\WINDOWS\Tasks\HP Photo Creations Communicator.job2014-09-25 12:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-09-25 11:59 - 2014-09-25 11:59 - 02108928 _____ (Farbar) C:\Users\blais_000\Downloads\FRST64.exe2014-09-25 11:57 - 2014-03-08 16:33 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2239919557-4028155487-1077561689-10042014-09-25 11:56 - 2014-03-24 13:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-25 11:54 - 2014-03-08 21:44 - 00005000 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BLAISE-DELL-blais_000 Blaise-Dell2014-09-25 11:52 - 2014-06-15 22:22 - 00000000 ____D () C:\Users\blais_000\AppData\Local\CrashDumps2014-09-25 11:52 - 2014-03-08 18:45 - 01051712 _____ () C:\WINDOWS\WindowsUpdate.log2014-09-25 11:51 - 2014-04-02 15:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-09-25 11:51 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-09-25 11:49 - 2014-08-04 10:44 - 00000948 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004UA.job2014-09-25 11:49 - 2014-03-09 12:02 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-09-25 11:47 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-09-25 11:46 - 2014-03-14 13:48 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Adobe2014-09-25 11:37 - 2014-04-14 12:22 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-09-25 11:35 - 2014-03-18 12:03 - 00000610 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2239919557-4028155487-1077561689-1004.job2014-09-25 11:32 - 2014-03-08 19:35 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0CEE6D12-1562-4AE7-913E-51482FA99052}2014-09-25 11:30 - 2014-04-13 10:32 - 00000000 ____D () C:\Users\blais_000\Documents\Outlook Files2014-09-25 11:23 - 2013-07-04 14:58 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery2014-09-25 11:22 - 2014-03-08 18:57 - 00000000 __RDO () C:\Users\blais_000\SkyDrive2014-09-25 11:19 - 2014-04-14 12:22 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-09-25 11:19 - 2014-03-22 22:04 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Pokki2014-09-23 06:06 - 2014-06-15 15:56 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NSTx642014-09-23 06:06 - 2014-06-15 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe2014-09-22 18:22 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-09-22 18:21 - 2014-09-22 18:15 - 00000000 ____D () C:\Users\blais_000\Desktop\mbar2014-09-22 18:21 - 2014-03-10 18:28 - 00000000 ___RD () C:\Users\blais_000\Dropbox2014-09-22 18:21 - 2013-08-22 06:25 - 01310720 ___SH () C:\WINDOWS\system32\config\BBI2014-09-22 18:19 - 2014-09-22 18:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\blais_000\Downloads\mbam-setup-2.0.2.1012.exe2014-09-22 18:16 - 2014-09-22 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-09-22 18:15 - 2014-09-22 18:15 - 12582688 _____ (Malwarebytes Corp.) C:\Users\blais_000\Downloads\mbar-1.07.0.1008.exe2014-09-22 16:53 - 2014-03-08 16:26 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Packages2014-09-22 16:47 - 2014-03-10 18:18 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\Dropbox2014-09-22 16:43 - 2014-03-08 16:26 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\Adobe2014-09-22 16:18 - 2014-09-22 15:31 - 00000408 _____ () C:\Users\blais_000\AppData\Roaming\CamShapes.ini2014-09-22 16:18 - 2014-09-22 15:31 - 00000408 _____ () C:\Users\blais_000\AppData\Roaming\CamLayout.ini2014-09-22 16:18 - 2014-09-22 15:31 - 00000129 _____ () C:\Users\blais_000\AppData\Roaming\Camdata.ini2014-09-22 16:16 - 2014-09-22 15:31 - 00004535 _____ () C:\Users\blais_000\AppData\Roaming\CamStudio.cfg2014-09-22 15:57 - 2014-09-22 15:29 - 00000000 ____D () C:\Users\blais_000\Documents\My CamStudio Temp Files2014-09-22 15:49 - 2014-09-22 15:27 - 00000096 _____ () C:\Users\blais_000\AppData\Roaming\version2.xml2014-09-22 15:48 - 2014-09-22 15:48 - 00765984 _____ ( ) C:\Users\blais_000\Downloads\CamStudioSetup_v2.7.2.exe2014-09-22 15:35 - 2014-06-01 17:55 - 00000000 ____D () C:\Users\blais_000\BMDS2502014-09-22 15:32 - 2014-07-18 11:21 - 00000000 ____D () C:\Users\blais_000\Desktop\Backstage2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files\TermTutor2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\TermTutor2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\Foxtab2014-09-22 15:27 - 2014-09-18 19:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-09-22 13:38 - 2014-03-15 14:11 - 06537728 ___SH () C:\Users\blais_000\Downloads\Thumbs.db2014-09-22 10:49 - 2014-08-04 10:44 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004Core.job2014-09-21 19:04 - 2014-03-08 18:33 - 00000000 ____D () C:\Users\blais_0002014-09-21 17:11 - 2014-04-11 00:15 - 00309760 ___SH () C:\Users\blais_000\Desktop\Thumbs.db2014-09-20 07:31 - 2014-09-20 07:31 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\06366727.sys2014-09-20 06:35 - 2013-11-14 00:20 - 00033862 _____ () C:\WINDOWS\PFRO.log2014-09-19 22:19 - 2014-09-19 10:48 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\New Version Available2014-09-19 16:04 - 2014-03-17 11:00 - 00000000 ____D () C:\Program Files (x86)\ScreenRecorder2014-09-19 12:00 - 2014-09-19 12:00 - 00699016 _____ (CNET Download.com) C:\Users\blais_000\Downloads\cbsidlm-cbsi213-Screen_Recorder-ORG-75937532.exe2014-09-19 11:57 - 2014-09-19 11:57 - 01751696 _____ (SightFiesta Co., Ltd. ) C:\Users\blais_000\Downloads\FreeVideoCapture_CNET(1).exe2014-09-19 11:48 - 2014-03-18 18:40 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\Skype2014-09-19 11:46 - 2014-03-18 18:40 - 00000000 ____D () C:\ProgramData\Skype2014-09-19 10:46 - 2014-09-19 10:46 - 01751696 _____ (SightFiesta Co., Ltd. ) C:\Users\blais_000\Downloads\FreeVideoCapture_CNET.exe2014-09-19 10:39 - 2014-05-23 22:30 - 00000000 ____D () C:\Users\blais_000\Documents\BSR Photos2014-09-19 10:38 - 2014-09-19 10:38 - 00692224 _____ () C:\WINDOWS\SysWOW64\bsrmgcv.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00585728 _____ () C:\WINDOWS\SysWOW64\bsratswf.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00192512 _____ () C:\WINDOWS\SysWOW64\bsrmgps.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00147456 _____ () C:\WINDOWS\SysWOW64\bsratwmv.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00098304 _____ () C:\WINDOWS\SysWOW64\bsreffs.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00090112 _____ () C:\WINDOWS\SysWOW64\bsrlback.dll2014-09-19 10:38 - 2014-09-19 10:38 - 00081920 _____ () C:\WINDOWS\SysWOW64\bsrgvas.dll2014-09-19 10:38 - 2014-09-19 10:37 - 15588344 _____ (BSRSoft) C:\Users\blais_000\Downloads\InstallBSR_v6.exe2014-09-19 10:38 - 2014-03-22 22:00 - 00000000 ____D () C:\Users\Default\AppData\Local\Bulents2014-09-19 10:38 - 2014-03-22 22:00 - 00000000 ____D () C:\Users\Default User\AppData\Local\Bulents2014-09-19 10:38 - 2014-03-22 22:00 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Bulents2014-09-19 10:38 - 2014-03-22 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 62014-09-19 10:38 - 2014-03-22 22:00 - 00000000 ____D () C:\Program Files\BSR Screen Recorder 62014-09-19 10:02 - 2014-04-02 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-09-19 09:43 - 2014-09-19 09:43 - 00005111 _____ () C:\ProgramData\eaapqbsg.gfr2014-09-19 09:43 - 2014-09-19 09:43 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Movavi2014-09-18 12:38 - 2014-03-18 12:03 - 00003624 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2239919557-4028155487-1077561689-10042014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\ProgramData\Movavi2014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture 52014-09-18 11:28 - 2014-09-18 11:28 - 00000000 ____D () C:\Program Files (x86)\Movavi Screen Capture 52014-09-18 09:07 - 2014-09-18 09:04 - 56819280 _____ (Movavi) C:\Users\blais_000\Downloads\MovaviScreenRecorderSetup.exe2014-09-18 08:22 - 2014-09-18 08:21 - 00000000 ____D () C:\Users\blais_000\Documents\_Rewards Rebates Coupons2014-09-18 08:13 - 2014-09-18 08:13 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\074253FE.sys2014-09-18 07:19 - 2014-03-08 20:29 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-09-18 06:28 - 2014-09-18 06:28 - 01333204 _____ () C:\Users\blais_000\Downloads\E5000000614.zip2014-09-17 20:43 - 2014-03-10 18:20 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-09-17 18:02 - 2014-07-16 12:48 - 00025600 ___SH () C:\Users\blais_000\Documents\Thumbs.db2014-09-17 18:02 - 2014-06-08 16:26 - 00000000 ____D () C:\Users\blais_000\Documents\_US Patent Office2014-09-17 12:56 - 2014-04-02 15:25 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-09-17 12:41 - 2014-03-14 14:30 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk2014-09-17 12:41 - 2014-03-14 14:30 - 00002232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk2014-09-17 12:41 - 2014-03-14 14:30 - 00002071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk2014-09-17 07:12 - 2013-11-14 00:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-09-17 06:29 - 2013-07-04 14:51 - 00000000 ____D () C:\ProgramData\PCDr2014-09-17 04:46 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache2014-09-16 16:49 - 2013-08-22 07:44 - 05330584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-09-16 14:44 - 2013-08-22 07:46 - 00307843 _____ () C:\WINDOWS\setupact.log2014-09-15 07:44 - 2014-09-15 07:44 - 00000000 ___RD () C:\Users\blais_000\Podcasts2014-09-15 07:31 - 2013-11-14 00:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod2014-09-15 07:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\setup2014-09-15 07:31 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\oobe2014-09-14 17:13 - 2014-09-14 17:13 - 02281443 _____ () C:\Users\blais_000\Downloads\Free_PowerPoint_Templates.zip2014-09-13 06:52 - 2014-07-09 05:16 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2014-09-13 06:43 - 2014-09-13 06:43 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\PhotoScape2014-09-13 06:43 - 2014-09-13 06:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape2014-09-13 06:43 - 2014-09-13 06:42 - 00000000 ____D () C:\Program Files (x86)\PhotoScape2014-09-12 17:38 - 2014-06-11 00:02 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll2014-09-12 17:38 - 2014-06-11 00:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll2014-09-12 17:38 - 2014-06-11 00:02 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe2014-09-12 17:38 - 2014-06-11 00:02 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe2014-09-12 17:38 - 2014-06-11 00:02 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe2014-09-12 17:38 - 2014-06-11 00:02 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll2014-09-12 17:38 - 2014-06-11 00:02 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll2014-09-12 17:38 - 2014-06-11 00:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll2014-09-12 17:38 - 2014-06-11 00:02 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll2014-09-12 17:38 - 2014-06-11 00:02 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll2014-09-12 17:38 - 2014-06-11 00:02 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll2014-09-12 17:38 - 2014-06-11 00:02 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll2014-09-12 17:38 - 2014-06-11 00:02 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll2014-09-12 17:38 - 2014-06-11 00:02 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll2014-09-12 17:38 - 2014-05-02 11:11 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2014-09-12 17:38 - 2014-05-02 11:11 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2014-09-12 16:06 - 2014-09-12 16:06 - 00000000 ____D () C:\Program Files (x86)\Dell Update2014-09-12 16:06 - 2013-07-04 14:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell2014-09-12 15:46 - 2014-03-08 13:09 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-09-12 10:08 - 2014-09-12 10:08 - 00000000 ____D () C:\Users\blais_000\Documents\eSigs2014-09-11 14:59 - 2014-09-11 14:59 - 00895120 _____ (Google Inc.) C:\Users\blais_000\Downloads\GoogleVoiceAndVideoSetup(1).exe2014-09-10 16:08 - 2014-09-10 16:08 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\51FF6DD8.sys2014-09-09 10:51 - 2014-04-02 15:15 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater2014-09-09 04:29 - 2014-09-09 04:29 - 00001115 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk2014-09-09 04:29 - 2014-03-14 13:49 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-09-08 15:01 - 2014-09-08 14:58 - 00000000 ____D () C:\Program Files\Zune2014-09-08 14:58 - 2014-09-08 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune2014-09-08 14:52 - 2014-09-08 14:51 - 105664248 _____ (Microsoft Corporation) C:\Users\blais_000\Downloads\ZuneSetupPkg.exe2014-09-07 11:09 - 2014-09-07 11:09 - 00000000 ____D () C:\Program Files\Microsoft Mathematics Add-in2014-09-07 11:09 - 2014-09-07 11:08 - 16808712 _____ (Microsoft Corporation) C:\Users\blais_000\Downloads\edumathaddin.exe2014-09-05 20:08 - 2014-09-05 20:08 - 00000000 _____ () C:\WINDOWS\DVDShrink.txt2014-09-05 20:08 - 2014-06-04 01:14 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\AVS4YOU2014-09-05 19:51 - 2014-09-05 19:51 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\WebApp2014-09-05 19:50 - 2014-09-05 19:50 - 00000000 ____D () C:\Users\blais_000\AppData\Local\Cyberlink2014-09-05 19:50 - 2014-05-24 10:09 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\CyberLink2014-09-05 19:50 - 2014-03-17 10:43 - 00000000 ____D () C:\Users\blais_000\Documents\CyberLink2014-09-04 19:36 - 2014-09-11 18:54 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2014-09-04 19:31 - 2014-09-11 18:54 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-09-04 17:48 - 2014-09-11 18:54 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-09-04 10:22 - 2014-09-04 10:22 - 00058232 _____ (Term Tutor) C:\WINDOWS\system32\Drivers\ttnfd.sys2014-09-02 13:06 - 2014-08-14 06:01 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-09-02 13:06 - 2014-08-14 06:01 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-09-02 12:32 - 2014-09-02 12:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\3ED50ED5.sys2014-09-01 16:01 - 2014-09-01 16:01 - 00425286 _____ () C:\Users\blais_000\Downloads\_Postcards-Medium.zip2014-09-01 09:49 - 2014-08-29 16:40 - 00000000 ____D () C:\Users\blais_000\Documents\Writing2014-08-31 13:49 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-08-31 07:33 - 2014-04-12 11:54 - 00000000 ____D () C:\Users\blais_000\AppData\Roaming\HpUpdate2014-08-29 15:26 - 2014-08-29 15:25 - 33386447 _____ () C:\Users\blais_000\Downloads\4 Responsive HTML & Wp Templates.zip2014-08-29 13:01 - 2014-03-08 13:09 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-08-29 11:52 - 2014-08-29 11:51 - 249710296 _____ () C:\Users\blais_000\Downloads\four-hour-chef_audio-book-64kps-higher-fidelity.zip2014-08-29 05:48 - 2014-04-01 11:05 - 00000912 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk2014-08-29 05:42 - 2014-08-29 05:42 - 91670064 _____ (The GIMP Team ) C:\Users\blais_000\Downloads\gimp-2.8.14-setup.exe2014-08-28 09:11 - 2014-03-24 12:44 - 00000000 ____D () C:\Users\blais_000\Documents\_PERSONAL2014-08-28 00:16 - 2014-08-28 00:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\76267CA4.sys2014-08-26 07:49 - 2014-08-26 07:49 - 05709626 _____ () C:\Users\blais_000\Downloads\washingtonnoxiousweedlist2014.apkSome content of TEMP:====================C:\Users\blais_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplgiva8.dllC:\Users\blais_000\AppData\Local\Temp\jre-8u11-windows-au.exeC:\Users\blais_000\AppData\Local\Temp\mpam-87f28361.exeC:\Users\blais_000\AppData\Local\Temp\OfficeSetup.exeC:\Users\blais_000\AppData\Local\Temp\Onetastic Installer.exeC:\Users\blais_000\AppData\Local\Temp\paint.net.4.0.install.exeC:\Users\blais_000\AppData\Local\Temp\Scrivener-1730-update.exeC:\Users\blais_000\AppData\Local\Temp\UninstallBSR6.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-09-20 05:12==================== End Of Log ============================ Link to post Share on other sites More sharing options...
blaisemi Posted September 25, 2014 Author ID:883129 Share Posted September 25, 2014 Naat, Here are the results of the ADDITION.TXT file: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01Ran by blais_000 at 2014-09-25 12:01:34Running from C:\Users\blais_000\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) HiddenAdobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)Adobe Edge Animate CC (HKLM-x32\...\{1C5E96F4-6F15-4A96-BF62-9D1F60B44FF1}) (Version: 3.0 - Adobe Systems Incorporated)Adobe Edge Code CC (HKLM-x32\...\{641F742F-1497-51B4-F481-1037096A90A0}) (Version: 0.97 - Adobe Systems Incorporated)Adobe Edge Inspect CC (HKLM-x32\...\{67D22EA0-4601-4450-9C99-042DABB0A315}) (Version: 1.0.408 - Adobe Systems Incorporated)Adobe Edge Reflow CC Preview (HKLM\...\{4CBD2327-FA4C-4D42-8903-CE1E96FE0FBF}) (Version: 0.37.15833 - Adobe Systems Incorporated)Adobe Exchange Panel (HKLM-x32\...\{41A12FFC-89E9-4743-A51E-00975CA31F40}) (Version: 1 - Adobe Systems Incorporated)Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)Adobe Gaming SDK 1.3 (HKLM-x32\...\{62FFC6DD-18BB-49FC-AF65-71FB1C0B08AA}) (Version: 1.3 - Adobe Systems Incorporated)Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) HiddenAdobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)Adobe InCopy CC (HKLM-x32\...\{2606D96F-C1A3-1014-9A8F-E3561A1AC78D}) (Version: 9.0 - Adobe Systems Incorporated)Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)Adobe Muse (HKLM-x32\...\{9A554C9D-E12D-4205-8101-9F4337CD5673}) (Version: 7.2 - Adobe Systems Incorporated)Adobe Muse (HKLM-x32\...\AdobeMuse) (Version: 7.2.232 - Adobe Systems Incorporated)Adobe Muse (x32 Version: 7.2.232 - Adobe Systems Incorporated) HiddenAdobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)Adobe Prelude CC (HKLM-x32\...\{5D73C19B-BE10-44A6-96B2-A516756ED29F}) (Version: 2.2.0 - Adobe Systems Incorporated)Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.2 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Adobe Scout CC (HKLM\...\{BA573BFE-83B4-11E3-93D2-D231FEB1DC81}) (Version: 1.1.3.354121 - Adobe Systems Incorporated)Adobe SpeedGrade CC (HKLM-x32\...\{29AA12E9-934C-485E-A9A1-D823FEB29880}) (Version: 7.2.1 - Adobe Systems Incorporated)Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) HiddenAmazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)AT&T Connect Participant Application v9.5.51 (HKLM-x32\...\{E42E8753-9A8E-48E9-9829-B3571D91A945}) (Version: 9.5.51 - AT&T Inc.)AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)AVS Audio Recorder 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: 4.0.2.22 - Online Media Technologies Ltd.)AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.)AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.1.529 - Online Media Technologies Ltd.)AVS Document Converter 2.3.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.1.232 - Online Media Technologies Ltd.)AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.)AVS Image Converter 3.1.1.275 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.1.1.275 - Online Media Technologies Ltd.)AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)AVS Photo Editor 2.2.1.140 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.2.1.140 - Online Media Technologies Ltd.)AVS Registry Cleaner 2.3.3.258 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.3.258 - Online Media Technologies Ltd.)AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.)AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)bl (x32 Version: 1.0.0 - Your Company Name) HiddenBSR Screen Recorder 6 (HKLM-x32\...\BSRScreenRecorder6) (Version: - )Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)CrystalGraphics 3D Character Slides Vol. 1 for PowerPoint (HKLM-x32\...\{86ACBEEB-C64A-4D06-9ACD-D2D4480DD96D}) (Version: 1.00.0000 - CrystalGraphics)CrystalGraphics 3D Character Slides Vol. 2 for PowerPoint (HKLM-x32\...\{7FE8DEB1-29FB-48D5-9D81-B9C17F0D8BE4}) (Version: 1.00.0000 - CrystalGraphics)CrystalGraphics 3D Character Slides Vol. 3 for PowerPoint (HKLM-x32\...\{F1265B81-97C7-4E3B-AFCC-5F723EEE0721}) (Version: 1.00.0000 - CrystalGraphics)CrystalGraphics Chart and Diagram Slides for PowerPoint - Combo 2 (HKLM-x32\...\{3365DA96-F2D7-42E3-BBAE-C6A23A78E794}) (Version: 1.00.0000 - CrystalGraphics)CrystalGraphics Chart and Diagram Slides for PowerPoint - Volume 1 (HKLM-x32\...\{56D3E280-BF62-4B0D-BB4B-3CA8C053A8B8}) (Version: 1.00.0000 - CrystalGraphics)CrystalGraphics Chart and Diagram Slides for PowerPoint - Volume 11 (HKLM-x32\...\{C3825BC4-B635-4E2F-87A5-52549D9C7621}) (Version: 1.00.0000 - CrystalGraphics)CrystalGraphics Chart and Diagram Slides for PowerPoint - Volume 12 (HKLM-x32\...\{B907BBF1-4915-4D63-AAAA-21460CD5CF98}) (Version: 1.00.0000 - CrystalGraphics)CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) HiddenCyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) HiddenCyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) HiddenCyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) HiddenCyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDamage (MAGIX) version 2.5 (HKLM-x32\...\{03D0FE1B-9788-418C-A95E-DA7D4376F82C}_is1) (Version: 2.5 - Digieffects)Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Dell Inc.)Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Dell Inc.)Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.)Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.5.0.19 - Dell)Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)Dell Update (HKLM-x32\...\{7E07B3E7-9A66-41F3-A91D-EC2CCE14E5B9}) (Version: 1.1.1072.0 - Dell Inc.)Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)DSC/AA Factory Installer (Version: 3.2.6032.125 - PC-Doctor, Inc.) HiddenEasySketchPro version 1.0.9 (HKLM-x32\...\{90BB7D95-EBCA-4276-B15E-156F85E8B1DA}_is1) (Version: 1.0.9 - Inner Cirle Riches)Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)Folder Marker Pro (HKLM\...\Folder Marker Pro_is1) (Version: 4.2 - ArcticLine Software)Foxtab (HKLM-x32\...\foxtab) (Version: - FoxTab) <==== ATTENTIONGIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGoToMeeting 7.0.0.1694 (HKCU\...\GoToMeeting) (Version: 7.0.0.1694 - CitrixOnline)HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) HiddenInkscape 0.48 (HKLM-x32\...\Inkscape) (Version: 0.48 - Partha Bagchi)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) HiddenIntel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) HiddenIntel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddenJava SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) HiddenKUSO EXIF Viewer (HKLM-x32\...\KUSO EXIF Viewer) (Version: - )LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)MadCap Analyzer V7 (HKLM-x32\...\{00DBC204-2EA0-4103-A35F-5B6B72AD3008}) (Version: 7.0.0 - MadCap Software)MadCap Capture V6 (HKLM-x32\...\{F3AA2838-A5CC-49A8-92EB-8BA6082CD3F0}) (Version: 6.0 - MadCap Software)MadCap Contributor V6 (HKLM-x32\...\{52664DBA-CC11-4355-916F-472E65974796}) (Version: 6.0.0 - MadCap Software)MadCap Flare V10 (HKLM-x32\...\{6A0F3E37-0390-4C95-A354-ECA3E05275C0}) (Version: 10.0.0 - MadCap Software)MadCap Help Viewer V6.3 (HKLM-x32\...\{248D8B6E-2BB9-4BBE-B717-A27F0DC16B39}) (Version: 6.3.0 - MadCap Software)MadCap Lingo V8 (HKLM-x32\...\{BCD63536-93DA-4D3B-BEC8-E74F0DC51DC7}) (Version: 8.0 - MadCap Software)MadCap Mimic V7 (HKLM-x32\...\{5402751A-93F8-4B18-8357-174FCF51679C}) (Version: 7.0.0 - MadCap Software)MadCap Movie Viewer V7 (HKLM-x32\...\{3BB9F7A2-FF0E-4E03-B715-B020BDBDB89A}) (Version: 7.0.0 - MadCap Software)MAGIX Photo Manager 12 Deluxe (HKLM-x32\...\MAGIX_{9B97E77A-A186-4269-9DCB-E99EFE3DFDEB}) (Version: 10.0.0.268 - MAGIX AG)MAGIX Photo Manager 12 Deluxe (Version: 10.0.0.268 - MAGIX AG) HiddenMAGIX Photo Manager 12 Deluxe Update (Version: 10.0.1.286 - MAGIX AG) HiddenMAGIX Photostory 2014 Deluxe (HKLM-x32\...\MX.{AE683014-426B-4028-9809-9F20C5AB3401}) (Version: 13.0.2.87 - MAGIX AG)MAGIX Photostory 2014 Deluxe (Version: 13.0.2.87 - MAGIX AG) HiddenMAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_{ADB6CF23-87C3-493D-A12D-DCE526E0418C}) (Version: 2.0.1.9 - MAGIX AG)MAGIX Slideshow Maker 2 (Version: 2.0.1.9 - MAGIX AG) HiddenMAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{871A2557-8636-4640-966B-ACBF6CF0B0FF}) (Version: 7.0.1.27 - MAGIX AG)MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) HiddenMAGIX Video Sound Cleaning Lab 2014 (HKLM-x32\...\MX.{73BCF310-97CE-4E75-AF46-01C55D42ED0D}) (Version: 20.0.0.18 - MAGIX Software GmbH)MAGIX Video Sound Cleaning Lab 2014 (Version: 20.0.0.18 - MAGIX Software GmbH) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Mathematics Add-In for Word and OneNote (HKLM\...\{90150000-00D8-0409-1000-0000000FF1CE}) (Version: 15.0.4481.1002 - Microsoft Corporation)Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)Microsoft Project Professional 2013 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)Microsoft SharePoint Designer 2013 - en-us (HKLM\...\SPDRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) HiddenMovavi Screen Capture 5 (HKLM-x32\...\Movavi Screen Capture 5) (Version: 5.0.0 - Movavi)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)oDesk Team (HKCU\...\oDVT) (Version: - oDesk Corporation)Office 15 Click-to-Run Extensibility Component (Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hiddenpaint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hiddenph (x32 Version: 1.0.0 - Your Company Name) HiddenPhoto Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPhotoScape (HKLM-x32\...\PhotoScape) (Version: - )PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)Pokki (HKCU\...\Pokki) (Version: 0.267.1.208 - Pokki)Pokki Download Helper (HKCU\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)PowerPlugs: Music for PowerPoint (HKLM-x32\...\{14899532-CFC3-4218-9700-3DD75388F6C5}) (Version: 1.00.0000 - CrystalGraphics)PowerPlugs: QuizMaster (HKLM-x32\...\{459FFA6D-3C47-4AAB-B8BB-87562F1B21E3}) (Version: 1.00.0000 - crystalgraphics)PowerPlugs: Transitions and/or 3D Titles (HKLM-x32\...\PowerPlugs) (Version: - )PowerPlugs: Video Backgrounds (HKLM-x32\...\{62D35477-42F1-438F-B5CA-0EC5A2991946}) (Version: 1.00.0002 - CrystalGraphics)Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)Scrivener (HKLM-x32\...\Scrivener 1610) (Version: 1610 - Literature and Latte)Scrolling Teleprompter Software (HKLM-x32\...\Scrolling Teleprompter Software_is1) (Version: - Sobolsoft)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)Term Tutor (HKLM-x32\...\TermTutor) (Version: 1.9.0.8 - Term Tutor) <==== ATTENTIONVasco da Gama 7 HDPro (HKLM-x32\...\{5C3CDFD0-45B3-48D0-941F-E3F76F343765}) (Version: 7.00.0000 - MotionStudios)Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) HiddenWindows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)Zune (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\blais_000\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\blais_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No FileCustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\blais_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\blais_000\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\FileSyncApi64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2239919557-4028155487-1077561689-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\blais_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)==================== Restore Points =========================12-09-2014 23:56:37 Dell Update: Intel HD Graphics 4000 Driver12-09-2014 23:57:59 Dell Update: Intel HM77 Chipset Driver20-09-2014 12:34:11 Scheduled Checkpoint==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {0142519F-FFB1-4AE0-828A-7E95741EEFB1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)Task: {044000F3-3CA0-4AA5-9905-879740F5839B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2013-02-14] (PC-Doctor, Inc.)Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {08D99932-3A39-43D0-83EF-E81C5880E890} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {24F08B8D-E909-4C60-8058-8864CC9F7697} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exeTask: {253FCF1B-81B3-4603-A671-68D374987845} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {294F3854-0AD2-46AA-8738-3BAED8A7F835} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {2FC19C81-4AC2-4B93-99AE-703170803658} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-17] (Microsoft Corporation)Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)Task: {3963D70D-028C-4351-AC68-72F53FE7878D} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {3E704EDC-DC47-4097-99EA-D83121F3391F} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exeTask: {466BAF8B-3F49-4262-BB91-BFB151EA85D4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-28] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {5498C9AB-6483-4668-AF61-A85D3CCBF056} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-02] (CyberLink Corp.)Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {722E8B1F-B979-4435-A333-0ACC267AC4EB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {729EB9A8-8DD8-4965-AC82-E5971933068E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-02] (CyberLink)Task: {73970FF2-3E8E-4F6B-94E3-C39CCEF2B94A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {73D9FFEB-3505-4396-9AFB-9510F44B8CDC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BLAISE-DELL-blais_000 Blaise-Dell => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-17] (Microsoft Corporation)Task: {74E1ACD6-7EA8-4C2E-90DA-E76415CD144E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2239919557-4028155487-1077561689-1004 => C:\Users\blais_000\AppData\Local\Citrix\GoToMeeting\1694\g2mupdate.exe [2014-09-18] (Citrix Online, a division of Citrix Systems, Inc.)Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {797ECDB0-9DFC-4FDE-BAD8-8933DD291F16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-28] (Microsoft Corporation)Task: {7AF61BC5-688B-40FE-AC8D-6FEB32D8676E} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2239919557-4028155487-1077561689-1004Task: {7F17FF04-CB19-495C-96D2-BC9EB553DF71} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()Task: {8175DAC7-53AF-45DE-9E2B-8F8A51A42716} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-blaisem@techfleur.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8BF46E40-6E20-49EE-BC27-6647FF9163FE} - System32\Tasks\HP AR Program Upload - 28e190b0147c424292af49d82ca7b1a82a8b55fbb60441adaea39f8be33a897c => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {9616F14D-8458-4399-B15B-A80EDA423414} - System32\Tasks\PocketCloudUpdater => C:\ProgramTask: {9D0D3E15-3066-4E9A-AEDE-AF8FD4D1F1D7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-29] (Microsoft Corporation)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {A2CEE73F-9861-4769-942F-B6DD0A1EFF19} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004Core => C:\Users\blais_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-04] (Google Inc.)Task: {A8898055-C7FA-4792-A81F-AF3E9DBD1ED5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)Task: {AA134A20-BC14-4725-ABE4-7BB1B339CEDA} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exeTask: {B227A64D-2A0A-4300-917C-42BF03353E0C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUploadTask: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D2A8F4BD-2971-4C32-A6D5-8498E82A2983} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {D94EF0CE-2118-4E8F-B6B1-177B03F87B50} - System32\Tasks\HP AR Program Upload - 91abd20060c84e558aef44725a62ff960e1f0684dad743ec9a652d06ae18e1ca => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)Task: {D9C17359-1CA3-4662-99A2-F9B8D743EF65} - System32\Tasks\PocketCloud => C:\ProgramTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {DC8E9000-9B3F-4755-B4DD-228852D4A1A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004UA => C:\Users\blais_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-04] (Google Inc.)Task: {DD1FC8C9-4876-4741-851F-327A78A76A10} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2239919557-4028155487-1077561689-1004 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exeTask: {E52E4813-C297-4913-926F-3BE139FD746C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-22] (Synaptics Incorporated)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {EC5C52AC-1D53-4619-A367-FF372A9F4F58} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2013-02-14] (PC-Doctor, Inc.)Task: {F643DAA9-0B70-49DF-943A-6E4323A2AF86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2239919557-4028155487-1077561689-1004.job => C:\Users\blais_000\AppData\Local\Citrix\GoToMeeting\1694\g2mupdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004Core.job => C:\Users\blais_000\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239919557-4028155487-1077561689-1004UA.job => C:\Users\blais_000\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe==================== Loaded Modules (whitelisted) =============2014-03-08 20:29 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-07-04 14:56 - 2012-04-24 19:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe2013-06-21 19:46 - 2013-06-21 19:46 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe2013-06-21 19:35 - 2013-06-21 19:35 - 00032256 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll2013-06-21 19:31 - 2013-06-21 19:31 - 00035840 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll2013-12-05 11:24 - 2013-12-05 11:24 - 02330440 _____ () C:\Users\blais_000\AppData\Local\Pokki\ocdeskband_0.dll2014-02-11 03:21 - 2014-02-11 03:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll2014-08-28 23:38 - 2014-09-17 20:59 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll2014-01-25 03:22 - 2014-01-25 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-03-08 20:30 - 2014-09-17 20:59 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\AppVIsvStream64.dll2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll2014-09-12 17:38 - 2014-09-12 17:38 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\ba24f9916c8dc4bcddd9d8fda57e1f4e\PSIClient.ni.dll2013-07-04 14:44 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2013-09-06 19:11 - 2013-09-06 19:11 - 00569856 _____ () C:\Users\blais_000\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll2013-09-06 19:11 - 2013-09-06 19:11 - 01400846 _____ () C:\Users\blais_000\AppData\Local\Pokki\Engine\avcodec-54.dll2013-09-06 19:11 - 2013-09-06 19:11 - 00151054 _____ () C:\Users\blais_000\AppData\Local\Pokki\Engine\avutil-51.dll2013-09-06 19:11 - 2013-09-06 19:11 - 00222734 _____ () C:\Users\blais_000\AppData\Local\Pokki\Engine\avformat-54.dll2013-07-04 14:54 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\Users\blais_000\SkyDrive:ms-properties==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"HKLM\...\StartupApproved\Run: => "Zune Launcher"HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"HKLM\...\StartupApproved\Run32: => "Adobe ARM"HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"HKCU\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"HKCU\...\StartupApproved\Run: => "GoogleDriveSync"HKCU\...\StartupApproved\Run: => "Push Client"========================= Accounts: ==========================Administrator (S-1-5-21-2239919557-4028155487-1077561689-500 -> Administrator - Disabled - Status: Degraded)blais_000 (S-1-5-21-2239919557-4028155487-1077561689-1004 -> Administrator - Enabled - Status: OK) => C:\Users\blais_000Guest (S-1-5-21-2239919557-4028155487-1077561689-501 -> Limited - Enabled - Status: OK)==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (09/25/2014 11:52:06 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x15acFaulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5Error: (09/25/2014 11:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (09/25/2014 11:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (09/25/2014 11:34:37 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3Exception code: 0x80000003Fault offset: 0x000b3425Faulting process id: 0x1288Faulting application start time: 0xSkyDrive.exe0Faulting application path: SkyDrive.exe1Faulting module path: SkyDrive.exe2Report Id: SkyDrive.exe3Faulting package full name: SkyDrive.exe4Faulting package-relative application ID: SkyDrive.exe5Error: (09/25/2014 11:34:05 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3Exception code: 0x80000003Fault offset: 0x000b3425Faulting process id: 0x2578Faulting application start time: 0xSkyDrive.exe0Faulting application path: SkyDrive.exe1Faulting module path: SkyDrive.exe2Report Id: SkyDrive.exe3Faulting package full name: SkyDrive.exe4Faulting package-relative application ID: SkyDrive.exe5Error: (09/25/2014 11:29:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)Description: Activation of app 55648JonathanPierce.RemindMeforWindows_anp9h61w2e7b0!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (09/25/2014 11:29:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (09/25/2014 11:23:22 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 1d28Start Time: 01cfd8ed0383a8a9Termination Time: 4294967295Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exeReport Id: fc6b9ded-44e0-11e4-bfdd-74867a198a44Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweFaulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1Error: (09/25/2014 11:20:47 AM) (Source: Microsoft Office 15) (EventID: 2001) (User: )Description: Microsoft Outlook: Rejected Safe Mode action : Outlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.Do you want to start in safe mode?.Rejected Safe Mode action : Microsoft Outlook.Error: (09/23/2014 06:10:53 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3Exception code: 0x80000003Fault offset: 0x000b3425Faulting process id: 0x274cFaulting application start time: 0xSkyDrive.exe0Faulting application path: SkyDrive.exe1Faulting module path: SkyDrive.exe2Report Id: SkyDrive.exe3Faulting package full name: SkyDrive.exe4Faulting package-relative application ID: SkyDrive.exe5System errors:=============Error: (09/25/2014 11:52:51 AM) (Source: DCOM) (EventID: 10010) (User: BLAISE-DELL)Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwaError: (09/25/2014 11:52:06 AM) (Source: DCOM) (EventID: 10010) (User: BLAISE-DELL)Description: App.AppX6yygnwabebypxjc6bx7wvtens09wztyw.wwaError: (09/25/2014 11:37:57 AM) (Source: DCOM) (EventID: 10010) (User: BLAISE-DELL)Description: App.AppXzx3k4z9qbqt0wxqq6geevr9ef44m4tpm.wwaError: (09/25/2014 11:35:19 AM) (Source: DCOM) (EventID: 10010) (User: BLAISE-DELL)Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwaError: (09/25/2014 11:20:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.Error: (09/25/2014 11:19:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.Error: (09/25/2014 11:19:14 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.Error: (09/25/2014 11:18:43 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.Error: (09/25/2014 11:18:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.Error: (09/23/2014 05:03:38 AM) (Source: DCOM) (EventID: 10010) (User: BLAISE-DELL)Description: App.AppXzx3k4z9qbqt0wxqq6geevr9ef44m4tpm.wwaMicrosoft Office Sessions:=========================Error: (09/25/2014 11:52:06 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd15ac01cfd8f1cd6ab892C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll0b6390cd-44e5-11e4-bfdd-74867a198a44Error: (09/25/2014 11:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142Error: (09/25/2014 11:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142Error: (09/25/2014 11:34:37 AM) (Source: Application Error) (EventID: 1000) (User: )Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425128801cfd8ef5b322d3dC:\Users\blais_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll9a209b11-44e2-11e4-bfdd-74867a198a44Error: (09/25/2014 11:34:05 AM) (Source: Application Error) (EventID: 1000) (User: )Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425257801cfd8ed5b1d6a15C:\Users\blais_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll8726ba20-44e2-11e4-bfdd-74867a198a44Error: (09/25/2014 11:29:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)Description: 55648JonathanPierce.RemindMeforWindows_anp9h61w2e7b0!App-2144927142Error: (09/25/2014 11:29:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BLAISE-DELL)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927142Error: (09/25/2014 11:23:22 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: LiveComm.exe17.5.9600.206051d2801cfd8ed0383a8a94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exefc6b9ded-44e0-11e4-bfdd-74867a198a44microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1Error: (09/25/2014 11:20:47 AM) (Source: Microsoft Office 15) (EventID: 2001) (User: )Description: Microsoft OutlookOutlook couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.Do you want to start in safe mode?Error: (09/23/2014 06:10:53 AM) (Source: Application Error) (EventID: 1000) (User: )Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425274c01cfd72fcd02c96cC:\Users\blais_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll0b79ffb6-4323-11e4-bfdd-74867a198a44CodeIntegrity Errors:=================================== Date: 2014-07-01 20:01:24.610 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-01 20:01:24.536 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-01 20:01:24.463 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-01 20:01:24.377 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-01 20:01:24.305 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-01 20:01:24.216 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-01 20:01:24.140 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-01 20:01:24.046 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-01 20:01:23.972 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-01 20:01:23.900 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.==================== Memory info ===========================Processor: Intel® Core i7-3537U CPU @ 2.00GHzPercentage of memory in use: 26%Total physical RAM: 16253.27 MBAvailable physical RAM: 12019.66 MBTotal Pagefile: 18685.27 MBAvailable Pagefile: 14555.67 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.79 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:918.31 GB) (Free:706.02 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: F767AA84)Partition: GPT Partition Type.==================== End Of Log ============================ Link to post Share on other sites More sharing options...
CarlosTurco Posted September 26, 2014 ID:883423 Share Posted September 26, 2014 Hi blaisemi.I will be assisting you for the duration of Naathim's absence. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Press the + R on your keyboard at the same time. Type Notepad and click OK.Copy the entire content of the codebox below and paste into the Notepad document: startHKLM\...\Policies\Explorer: [NoControlPanel] 0FF Homepage: about:home|chrome://fvd.speeddial/content/fvd_about_blank.html|about:newtabFF user.js: detected! => C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\user.js2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files\TermTutor2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\TermTutor2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\FoxtabHosts:CMD: bitsadmin /reset /allusersCmd: ipconfig /flushdnsEmptyTemp:endClick File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please include it in your reply Link to post Share on other sites More sharing options...
blaisemi Posted September 28, 2014 Author ID:883972 Share Posted September 28, 2014 Here's the contents of fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01 Ran by blais_000 at 2014-09-27 19:46:30 Run:1 Running from C:\Users\blais_000\Downloads Loaded Profile: blais_000 (Available profiles: blais_000) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKLM\...\Policies\Explorer: [NoControlPanel] 0 FF Homepage: about:home|chrome://fvd.speeddial/content/fvd_about_blank.html|about:newtab FF user.js: detected! => C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\user.js 2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files\TermTutor 2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\TermTutor 2014-09-22 15:27 - 2014-09-22 15:27 - 00000000 ____D () C:\Program Files (x86)\Foxtab Hosts: CMD: bitsadmin /reset /allusers Cmd: ipconfig /flushdns EmptyTemp: end ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully. Firefox homepage deleted successfully. C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\user.js => Moved successfully. C:\Program Files\TermTutor => Moved successfully. C:\Program Files (x86)\TermTutor => Moved successfully. C:\Program Files (x86)\Foxtab => Moved successfully. "C:\Windows\System32\Drivers\etc\hosts" => Could not move. Could not reset Hosts. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. © Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 3.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
blaisemi Posted September 28, 2014 Author ID:883973 Share Posted September 28, 2014 Thanks for your help, Carlos. Link to post Share on other sites More sharing options...
CarlosTurco Posted September 28, 2014 ID:883976 Share Posted September 28, 2014 Next, Scan with ZOEK Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)Temporary disable your AntiVirus and AntiSpyware protection - instructions here.emptyclsid;msconfigcheck;shortcutfix;systemspecs;chrdefaults;ffdedaults;autoclean;Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script: Make sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Post its content into your next reply. Link to post Share on other sites More sharing options...
blaisemi Posted September 29, 2014 Author ID:884374 Share Posted September 29, 2014 Carlos, Here's the zoek-results.txt output: Zoek.exe v5.0.0.0 Updated 27-09-2014Tool run by blais_000 on Sun 09/28/2014 at 19:55:43.16.Microsoft Windows 8.1 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\blais_000\Desktop\zoek.exe [scan all users] [script inserted]==== System Restore Info ======================9/28/2014 8:00:51 PM Zoek.exe System Restore Point Created Succesfully.==== Deleting CLSID Registry Keys ======================HKEY_USERS\S-1-5-21-2239919557-4028155487-1077561689-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfullyHKEY_USERS\S-1-5-21-2239919557-4028155487-1077561689-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfullyHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CB99040-7828-4C37-AC01-F15758F43E4D} deleted successfully==== Deleting CLSID Registry Values ========================== Deleting Services ========================== FireFox Fix ======================ProfilePath: C:\Users\BLAIS_~1\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.defaultuser.js not found---- Lines 5ebdca98-43b3-45bb-87e0-716029fb42ab removed from prefs.js ----user_pref("extensions.{5ebdca98-43b3-45bb-87e0-716029fb42ab}.install-event-fired", true);---- FireFox user.js and prefs.js backups ----prefs_20140928_0831_.backup==== Deleting Files \ Folders ======================C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deletedC:\Users\blais_000\.android deletedC:\PROGRA~2\Mozilla Firefox\defaults\preferences\!vitruvian-autoenable.js deletedC:\PROGRA~2\Mozilla Firefox\defaults\preferences\!vitruvian-csp.js deletedC:\PROGRA~2\Mozilla Firefox\browser\defaults\preferences\!vitruvian-autoenable.js deletedC:\PROGRA~2\Mozilla Firefox\browser\defaults\preferences\!vitruvian-csp.js deletedC:\PROGRA~3\simplitec deletedC:\PROGRA~3\Package Cache deletedC:\Users\blais_000\AppData\Local\Pokki deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deletedC:\Users\blais_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deletedC:\Users\blais_000\Downloads\FreeVideoCapture_CNET.exe deletedC:\END deletedC:\WINDOWS\SysNative\config\systemprofile\Searches deletedC:\Users\BLAIS_~1\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\FVD Toolbar deletedC:\Users\BLAIS_~1\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\jetpack deleted==== System Specs ======================Windows: Windows Version 6.2 (Build 9200)Memory (RAM): 16254 MBCPU Info: Intel® Core i7-3537U CPU @ 2.00GHzCPU Speed: 2560.4 MHzSound Card: Speakers (Realtek High Definiti |Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000Monitors: 1x; Generic PnP Monitor |Screen Resolution: 1366 X 768 - 32 bitNetwork: Network PresentNetwork Adapters: Intel® Centrino® Wireless-N 2230 | Realtek PCIe FE Family ControllerCD / DVD Drives: 1x (D: | ) D: TSSTcorpDVD+-RW SU-208CBPorts: COM Ports NOT Present. LPT Port NOT Present.Mouse: 5 Button Wheel Mouse PresentHard Disks: C: 918.3GBHard Disks - Free: C: 715.4GBManufacturer *: Dell Inc.BIOS Info: AT/AT COMPATIBLE | | DELL - 1Time Zone: Pacific Standard TimeMotherboard *: Dell Inc. 0YMFG1Country: United StatesLanguage: ENU==== System Specs (Software) ======================Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)Anti-Virus: Windows Defender On-access scanning disabled (Outdated)Anti-Spyware: Kaspersky Internet Security disabled (Outdated)Anti-Spyware: Windows Defender disabled (Outdated)Firewall: Kaspersky Internet Security disabledDefault Browser: Firefox 32.0.2Internet Explorer Version: 11.0.9600.17278Mozilla Firefox version: 32.0.2 (x86 en-US)Adobe Reader version: 11.0.9.29Flash Player version: 15.0.0.152==== Firefox Extensions Registry ======================[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"termtutor@termtutor.com"="C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com" [09/22/2014 03:27 PM]==== Firefox Extensions ======================ProfilePath: C:\Users\BLAIS_~1\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default- Print pages to PDF - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\extensions\printPages2Pdf@reinhold.ripper- LastPass - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\extensions\support@lastpass.com- Speed Dial [FVD] - New Tab Page Sync... - C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\extensions\pavel.sherbakov@gmail.com- Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn- Term Tutor - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com- Undetermined - %ProfilePath%\extensions\d47b25ba6430aade8ee2c5ca5ac9d55093f0f03eca6baebb631475d1bf27ebce_lp.key- Undetermined - %ProfilePath%\extensions\d47b25ba6430aade8ee2c5ca5ac9d55093f0f03eca6baebb631475d1bf27ebce_lp.key- Speed Dial [FVD] - New Tab Page Sync... - %ProfilePath%\extensions\pavel.sherbakov@gmail.com- Print pages to PDF - %ProfilePath%\extensions\printPages2Pdf@reinhold.ripper- LastPass - %ProfilePath%\extensions\support@lastpass.com- Botn de Aadir a la lista de deseos Amazon > - %ProfilePath%\extensions\amznUWL2@amazon.com.xpi- Search in a Giphy - %ProfilePath%\extensions\gt@giphy.com.xpi- QrCodeR - %ProfilePath%\extensions\jid0-4deOYiOeBrYfBB9hS3xTnGoKZC4@jetpack.xpi- Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi- Awesome screenshot: Capture and Annotate - %ProfilePath%\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi- Facebook Secret Emoticons - %ProfilePath%\extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi- Buffer for Firefox - %ProfilePath%\extensions\jid1-zUyU7TGKwejAyA@jetpack.xpi- Klout - %ProfilePath%\extensions\kwtr-for-firefox@klout.com.xpi- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi- Pin It button - %ProfilePath%\extensions\pinterest@robertnyman.com.xpi- Rainbow Color Tools - %ProfilePath%\extensions\rainbow@colors.org.xpi- Facebook Phishing Protector - %ProfilePath%\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiAppDir: C:\Program Files (x86)\Mozilla Firefox- Term Tutor - %AppDir%\extensions\termtutor@termtutor.com- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi==== Firefox Plugins ======================Profilepath: C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.defaultDFC9460CC37E5C414DC4680B10C19E7A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave FlashFB5621842FDABF9F8359775573498FBC - C:\Users\blais_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update5CB01CF141E021DAAE96991A5BA57944 - C:\Users\blais_000\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video RendererDD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\blais_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk PluginD6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 201318CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL - Microsoft Office 2013E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\blais_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104FDF7B2D69F2B7AF5B77124FCCB1DE2FC - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer==== Chromium Look ======================HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsblbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[01/21/2014 05:20 PM]efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[09/12/2014 02:43 AM]ggkfikfcbnpfoicfjammigpnakpogebh - \C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx\[]hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[01/21/2014 05:20 PM]hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[01/21/2014 05:20 PM]iikflkcanblccfahdhdonehdalibjnif - No path found[]jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[03/24/2014 02:23 AM]nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx[09/20/2014 01:52 AM]pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[01/21/2014 05:20 PM]==== Set IE to Default ======================Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.bing.com/?pc=U277"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{32C08433-847D-452E-8B1A-987C9A8AA132}"New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.bing.com/?pc=U277"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"==== All HKCU SearchScopes ======================HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"{32C08433-847D-452E-8B1A-987C9A8AA132} Unknown Url="Not_Found"==== Reset Google Chrome ======================Nothing found to reset==== Deleting CLSID Registry Keys ======================HKEY_USERS\S-1-5-21-2239919557-4028155487-1077561689-1004\Software\Microsoft\Internet Explorer\SearchScopes\{32C08433-847D-452E-8B1A-987C9A8AA132} deleted successfully==== Deleting CLSID Registry Values ========================== shortcuts in All Users Start Menu ======================C:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6\BSR Screen Recorder 6.lnk - C:\Program Files\BSR Screen Recorder 6\Screen Recorder 6.exeC:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6\Movie Lab.lnk - C:\Program Files\BSR Screen Recorder 6\Screen Recorder 6.exe /movielabC:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6\Movie Studio.lnk - C:\Program Files\BSR Screen Recorder 6\Screen Recorder 6.exe /moviestudioC:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6\Screen Recorder 6 Help.lnk - C:\Program Files\BSR Screen Recorder 6\BSR6.chmC:\ProgramData\Microsoft\Windows\Start Menu\BSR Screen Recorder 6\Uninstall Screen Recorder 6.lnk - C:\Program Files (x86)\BSR Screen Recorder 6\Uninstall Screen Recorder 6.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-FFFF-7760-000000000006}\_SC_Acrobat.icoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk - C:\Program Files (x86)\Adobe\Adobe Content Viewer\Adobe Content Viewer.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\FormsCentral\FormsCentralForAcrobat.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.icoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Update.lnk - C:\Program Files (x86)\Dell Update\DellUpTray.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture 5\Movavi Screen Capture 5.lnk - C:\Program Files (x86)\Movavi Screen Capture 5\ScreenCapture.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture 5\Screen Capture Homepage.lnk - C:\Program Files (x86)\Movavi Screen Capture 5\Movavi Screen Capture 5.urlC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Screen Capture 5\Uninstall Movavi Screen Capture 5.lnk - C:\Program Files (x86)\Movavi Screen Capture 5\uninst.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe\Norton Identity Safe.LNK - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\cosastub.exe /install /forceC:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\uninstall.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune\Zune.lnk - C:\Program Files (x86)\Zune\Zune.exe==== shortcuts in Quick Launch ======================C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Deleting Registry Keys ======================HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ggkfikfcbnpfoicfjammigpnakpogebh deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully==== Empty IE Cache ======================C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\blais_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\blais_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully==== Empty FireFox Cache ======================C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\personas\cache emptied successfully==== Empty Chrome Cache ======================No Chrome User Data found==== Empty All Flash Cache ======================Flash Cache Emptied Successfully==== Empty All Java Cache ======================No Java Cache Found==== C:\zoek_backup content ======================C:\zoek_backup (files=6378 folders=115 275532622 bytes)==== Empty Temp Folders ======================C:\Users\blais_000\AppData\Local\Temp will be emptied at rebootC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at rebootC:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\WINDOWS\Temp will be emptied at reboot==== After Reboot ========================== Empty Temp Folders ======================C:\WINDOWS\Temp successfully emptiedC:\Users\BLAIS_~1\AppData\Local\Temp successfully emptied==== Empty Recycle Bin ======================C:\$RECYCLE.BIN successfully emptied==== Deleting Files / Folders ======================"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted==== EOF on Sun 09/28/2014 at 20:48:40.40 ====================== Link to post Share on other sites More sharing options...
CarlosTurco Posted September 29, 2014 ID:884541 Share Posted September 29, 2014 Hello blaisemi, Please go ahead and run through the following steps and post back the logs when ready. STEP 1 Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.The tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next reply messageWhen completed make sure to re-enable your antivirusSTEP 2Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. STEP 3 Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is untickedClick on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick ScanWait for the scan to finishIf any threats were found, click the 'List of found threats' , then click Export to text file....Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
blaisemi Posted September 29, 2014 Author ID:884613 Share Posted September 29, 2014 Carlos, here is the JRT output. I'm executing Steps 2 and 3 next. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.2.3 (09.27.2014:1)OS: Windows 8.1 x64Ran by blais_000 on Mon 09/29/2014 at 11:59:47.98~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== Pokki REG_EXPAND_SZ C:\WINDOWS\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform~~~ Registry Keys~~~ Files~~~ Folders~~~ FireFoxEmptied folder: C:\Users\blais_000\AppData\Roaming\mozilla\firefox\profiles\3fj6e6e9.default\minidumps [7 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 09/29/2014 at 12:04:00.77End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
blaisemi Posted September 29, 2014 Author ID:884628 Share Posted September 29, 2014 Carlos, here's the output of AdwCleaner: # AdwCleaner v3.310 - Report created 29/09/2014 at 12:24:08# Updated 12/09/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : blais_000 - BLAISE-DELL# Running from : C:\Users\blais_000\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKCU\Software\Classes\pokkiKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.comValue Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]Key Deleted : HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelperKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22848257-6A2D-4D2A-8D56-C886D25B8B58}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22848257-6A2D-4D2A-8D56-C886D25B8B58}Key Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\PokkiKey Deleted : HKLM\SOFTWARE\InstallCoreKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PokkiKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PokkiDownloadHelper***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17278-\\ Mozilla Firefox v32.0.3 (x86 en-US)[ File : C:\Users\blais_000\AppData\Roaming\Mozilla\Firefox\Profiles\3fj6e6e9.default\prefs.js ]Line Deleted : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"79065\",\"name\":\"fleur violette adobe\",\"headerURL\":\"hxxps://addons.cdn.mozilla.net/user-media/addons/79065/Persona_header_LABS.png?126634084[...]*************************AdwCleaner[R0].txt - [2226 octets] - [29/09/2014 12:20:38]AdwCleaner[s0].txt - [2095 octets] - [29/09/2014 12:24:08]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2155 octets] ########## Link to post Share on other sites More sharing options...
blaisemi Posted September 30, 2014 Author ID:884927 Share Posted September 30, 2014 Attached is the ESET log file. ESET log online scan.txt Link to post Share on other sites More sharing options...
CarlosTurco Posted September 30, 2014 ID:884941 Share Posted September 30, 2014 OK, To finish. Download "Delfix by Xplode" and save it to your desktop. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Activate UAC Remove disinfection tools Create registry backup Purge System Restore Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Part of the routine will be to create a registry back up with ERUNT, the back up will be created here: C:\Windows\ERUNT When all is known to be well with your system you can delete that back up folder unless you want to keep it.... Let me know if there are any remaining issues or concerns.... Hug. Link to post Share on other sites More sharing options...
blaisemi Posted October 1, 2014 Author ID:885180 Share Posted October 1, 2014 Carlos, I ran Delfix as instructed. Thanks SO, SO much for your help. I also want to thank Naathim. I'll check back if there are any further issues. Blaise Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 2, 2014 Root Admin ID:885657 Share Posted October 2, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts