Jump to content

Recommended Posts

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 03

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Thank you
Link to post
Share on other sites

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/16/2014 08:09:22 AM in x64 mode.
Windows Version: Windows 8.1 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* E1G60 [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/16/2014 08:09:39 AM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/16/2014
Scan Time: 8:14:33 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.16.03
Rootkit Database: v2014.10.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Eric

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 542651
Time Elapsed: 7 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

rogue killer didn't create any log files on my desktop, it did however take me to http://www.adlice.com/userland-rootkits-part-1-iat-hooks/ though I looked through all the tabs and didn't see anything out of the ordinary.  Here is the data from clicking the report button

RogueKiller V10.0.2.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Eric [Administrator]
Mode : Scan -- Date : 10/16/2014 08:31:42

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 14 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4169390750-4008196466-3721169935-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.barkeware.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4169390750-4008196466-3721169935-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.barkeware.com/ -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-4169390750-4008196466-3721169935-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-4169390750-4008196466-3721169935-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4A524E76-EC74-449D-A74C-40E58B2E39C5} | NameServer : 10.50.50.100 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4A524E76-EC74-449D-A74C-40E58B2E39C5} | NameServer : 10.50.50.100 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4169390750-4008196466-3721169935-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4169390750-4008196466-3721169935-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4169390750-4008196466-3721169935-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4169390750-4008196466-3721169935-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 112 (Driver: Loaded) ¤¤¤
[iAT:Addr] (explorer.exe @ Bcp47Langs.dll) api-ms-win-appmodel-runtime-l1-1-0.dll - GetCurrentPackageFamilyName : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc22604
[iAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Set_Class_Registry_PropertyW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf27f470
[iAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Class_Registry_PropertyW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf27e350
[iAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_IDW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf253c7c
[iAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25a060
[iAT:Addr] (explorer.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf258848
[iAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiUpdateLockScreenApplications : C:\WINDOWS\SYSTEM32\twinapi.appcore.dll @ 0x7ffa9ab7c3c4
[iAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiChangeSessionState : C:\WINDOWS\SYSTEM32\twinapi.appcore.dll @ 0x7ffa9ab62b90
[iAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc225bc
[iAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtAssociateActivationProxy : C:\WINDOWS\SYSTEM32\twinapi.appcore.dll @ 0x7ffa9ab66bac
[iAT:Addr] (explorer.exe @ twinui.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtDisassociateWorkItem : C:\WINDOWS\SYSTEM32\twinapi.appcore.dll @ 0x7ffa9ab7c94c
[iAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtActivateWorkItem : C:\WINDOWS\SYSTEM32\twinapi.appcore.dll @ 0x7ffa9ab7c718
[iAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtFreeMemory : C:\WINDOWS\SYSTEM32\twinapi.appcore.dll @ 0x7ffa9ab68cc8
[iAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtQueryWorkItem : C:\WINDOWS\SYSTEM32\twinapi.appcore.dll @ 0x7ffa9ab7cae0
[iAT:Addr] (explorer.exe @ twinui.appcore.dll) api-ms-win-core-biptcltapi-l1-1-1.dll - BiPtEnumerateWorkItemsForPackageName : C:\WINDOWS\SYSTEM32\twinapi.appcore.dll @ 0x7ffa9ab7c9f0
[iAT:Addr] (explorer.exe @ wpncore.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageFamilyNameFromFullName : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc2282c
[iAT:Addr] (explorer.exe @ SettingSyncCore.dll) api-ms-win-appmodel-state-l1-1-0.dll - GetSystemAppDataKey : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc227d8
[iAT:Addr] (explorer.exe @ SettingSyncCore.dll) api-ms-win-appmodel-state-l1-1-0.dll - CloseState : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc224d8
[iAT:Addr] (explorer.exe @ SettingSyncCore.dll) api-ms-win-appmodel-state-l1-1-0.dll - OpenStateExplicit : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc22814
[iAT:Addr] (explorer.exe @ ondemandconnroutehelper.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetCurrentApplicationUserModelId : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc225d4
[iAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc225bc
[iAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageInstallTime : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc226dc
[iAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf2594c4
[iAT:Addr] (explorer.exe @ WSShared.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf259200
[iAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLClose : C:\WINDOWS\SYSTEM32\sppc.dll @ 0x7ffaac7d566c
[iAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLOpen : C:\WINDOWS\SYSTEM32\sppc.dll @ 0x7ffaac7d78e8
[iAT:Addr] (explorer.exe @ WSSync.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageFamilyNameFromFullName : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc2282c
[iAT:Addr] (explorer.exe @ PackageStateRoaming.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - OpenPackageInfoByFullName : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc227f0
[iAT:Addr] (explorer.exe @ PackageStateRoaming.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetPackagesByPackageFamily : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc22754
[iAT:Addr] (explorer.exe @ PackageStateRoaming.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetStagedPackageOrigin : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc22778
[iAT:Addr] (explorer.exe @ PackageStateRoaming.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - ClosePackageInfo : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc224cc
[iAT:Addr] (explorer.exe @ PackageStateRoaming.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetApplicationUserModelId : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc225c8
[iAT:Addr] (explorer.exe @ PackageStateRoaming.dll) api-ms-win-core-biplmapi-l1-1-1.dll - BiGetActiveBackgroundTasksEvent : C:\WINDOWS\SYSTEM32\twinapi.appcore.dll @ 0x7ffa9ab7c180
[iAT:Addr] (explorer.exe @ PackageStateRoaming.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackagePropertyString : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc22718
[iAT:Addr] (explorer.exe @ PackageStateRoaming.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageContext : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc226a0
[iAT:Addr] (explorer.exe @ PackageStateRoaming.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageProperty : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc2270c
[iAT:Addr] (explorer.exe @ MrmCoreR.dll) api-ms-win-appmodel-identity-l1-1-0.dll - AppXGetOSMaxVersionTested : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc22460
[iAT:Addr] (explorer.exe @ bthprops.cpl) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25a060
[iAT:Addr] (explorer.exe @ bthprops.cpl) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf258848
[iAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetAppModelVersion : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc225bc
[iAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetCurrentPackageApplicationContext : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc225e0
[iAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageOSMaxVersionTested : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc226e8
[iAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetCurrentPackageContext : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc225f8
[iAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-appmodel-runtime-internal-l1-1-0.dll - GetPackageApplicationPropertyString : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc22688
[iAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-core-winrt-robuffer-l1-1-0.dll - RoGetBufferMarshaler : C:\Windows\System32\WinTypes.dll @ 0x7ffa9a3ebf60
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdEx : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25b384
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf258848
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjects : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf259730
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjects : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf2597e8
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf259200
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf2594c4
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevSetObjectProperties : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25b074
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFindProperty : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25c434
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdsEx : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf2893d4
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryEx : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf259d20
[iAT:Addr] (explorer.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25a060
[iAT:Addr] (explorer.exe @ WINMMBASE.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_DevNode_Status : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf253d80
[iAT:Addr] (explorer.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_Interface_List_SizeW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25fa70
[iAT:Addr] (explorer.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_Unregister_Notification : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25ee80
[iAT:Addr] (explorer.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_Interface_ListW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25f7c0
[iAT:Addr] (explorer.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_Open_Device_Interface_KeyW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf2655d4
[iAT:Addr] (explorer.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_MapCrToWin32Err : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25421c
[iAT:Addr] (explorer.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_Register_Notification : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x7ffaaf25e8a0
[iAT:Addr] (explorer.exe @ acppage.dll) sfc.dll - SfcIsFileProtected : C:\WINDOWS\System32\sfc_os.dll @ 0x7ffaa27814c0
[iAT:Addr] (iexplore.exe @ ondemandconnroutehelper.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetCurrentApplicationUserModelId : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc225d4
[iAT:Addr] (iexplore.exe @ SettingSyncCore.dll) api-ms-win-appmodel-state-l1-1-0.dll - GetSystemAppDataKey : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc227d8
[iAT:Addr] (iexplore.exe @ SettingSyncCore.dll) api-ms-win-appmodel-state-l1-1-0.dll - CloseState : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc224d8
[iAT:Addr] (iexplore.exe @ SettingSyncCore.dll) api-ms-win-appmodel-state-l1-1-0.dll - OpenStateExplicit : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc22814
[iAT:Addr] (iexplore.exe @ Bcp47Langs.dll) api-ms-win-appmodel-runtime-l1-1-0.dll - GetCurrentPackageFamilyName : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x7ffaadc22604
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdEx : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf25b384
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf258848
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjects : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf259730
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjects : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf2597e8
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFreeObjectProperties : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf259200
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevGetObjectProperties : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf2594c4
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevSetObjectProperties : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf25b074
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevFindProperty : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf25c434
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryFromIdsEx : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf2893d4
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQueryEx : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf259d20
[iAT:Addr] (iexplore.exe @ DevDispItemProvider.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf25a060
[iAT:Addr] (iexplore.exe @ WINMMBASE.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_DevNode_Status : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf253d80
[iAT:Addr] (iexplore.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Set_Class_Registry_PropertyW : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf27f470
[iAT:Addr] (iexplore.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Class_Registry_PropertyW : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf27e350
[iAT:Addr] (iexplore.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_IDW : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf253c7c
[iAT:Addr] (iexplore.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf25a060
[iAT:Addr] (iexplore.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\WINDOWS\system32\CFGMGR32.dll @ 0x7ffaaf258848
[iAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetConnectW : Unknown @ 0x72c0430
[iAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoW : Unknown @ 0x72c04b0
[iAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpQueryInfoA : Unknown @ 0x72c0490
[iAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetSetStatusCallbackA : Unknown @ 0x72c0410
[iAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetQueryDataAvailable : Unknown @ 0x72c04d0
[iAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFile : Unknown @ 0x72c04f0
[iAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - InternetReadFileExW : Unknown @ 0x72c0510
[iAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpOpenRequestW : Unknown @ 0x72c0450
[iAT:Addr] (iexplore.exe @ urlmon.dll) WININET.dll - HttpSendRequestW : Unknown @ 0x72c0470
[iAT:Addr] (iexplore.exe @ ondemandconnroutehelper.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetCurrentApplicationUserModelId : C:\WINDOWS\SysWOW64\kernel.appcore.dll @ 0x748221ba
[iAT:Addr] (iexplore.exe @ WINMMBASE.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_DevNode_Status : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b0684f
[iAT:Addr] (iexplore.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Set_Class_Registry_PropertyW : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b296a1
[iAT:Addr] (iexplore.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Class_Registry_PropertyW : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b288f4
[iAT:Addr] (iexplore.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_IDW : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b0d590
[iAT:Addr] (iexplore.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b0fdc1
[iAT:Addr] (iexplore.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b10420
[iAT:Addr] (iexplore.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_Interface_List_SizeW : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b04301
[iAT:Addr] (iexplore.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_Interface_ListW : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b040c0
[iAT:Addr] (iexplore.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_Unregister_Notification : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b0daba
[iAT:Addr] (iexplore.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_Register_Notification : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b0e251
[iAT:Addr] (iexplore.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_MapCrToWin32Err : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b0e838
[iAT:Addr] (iexplore.exe @ MFPlat.DLL) api-ms-win-devices-config-l1-1-1.dll - CM_Open_Device_Interface_KeyW : C:\WINDOWS\SysWOW64\cfgmgr32.dll @ 0x74b14239
[iAT:Addr] (iexplore.exe @ MFMediaEngine.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetPackagesByPackageFamily : C:\WINDOWS\SysWOW64\kernel.appcore.dll @ 0x7482233a
[iAT:Addr] (iexplore.exe @ MFMediaEngine.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - PackageIdFromFullName : C:\WINDOWS\SysWOW64\kernel.appcore.dll @ 0x74822436
[iAT:Addr] (iexplore.exe @ MFMediaEngine.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetCurrentPackageFullName : C:\WINDOWS\SysWOW64\kernel.appcore.dll @ 0x748221f6
[iAT:Addr] (iexplore.exe @ Bcp47Langs.dll) api-ms-win-appmodel-runtime-l1-1-0.dll - GetCurrentPackageFamilyName : C:\WINDOWS\SysWOW64\kernel.appcore.dll @ 0x748221ea

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series +++++
--- User ---
[MBR] 92732c4a1faa3cf3c3dd1e5bc252d201
[bSP] c25a676c6ba16448efc381cf1577eabd : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST31000524AS +++++
--- User ---
[MBR] 3318fd8295ac41ba51a62bc046df447e
[bSP] 139b7ffbb4e16be82d56b1e12901f4e0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8.1 Pro x64
Ran by Eric on Thu 10/16/2014 at 20:23:42.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/16/2014 at 20:27:38.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

# AdwCleaner v4.000 - Report created 16/10/2014 at 20:31:39
# Updated 12/10/2014 by Xplode
# Database : 2014-10-16.8
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Eric - ERICS-PC
# Running from : C:\Users\Eric\AppData\Local\Microsoft\Windows\INetCache\IE\XV7H7P3E\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v29.0.1 (en-US)


-\\ Google Chrome v38.0.2125.101

Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [866 octets] - [16/10/2014 20:31:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [925 octets] ##########

Link to post
Share on other sites

# AdwCleaner v4.000 - Report created 17/10/2014 at 07:51:17
# DB v2014-10-17.9
# Updated 12/10/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Eric - ERICS-PC
# Running from : C:\Users\Eric\AppData\Local\Microsoft\Windows\INetCache\IE\715LP5BW\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v29.0.1 (en-US)


-\\ Google Chrome v38.0.2125.101


*************************

AdwCleaner[R0].txt - [1004 octets] - [16/10/2014 20:31:39]
AdwCleaner[R1].txt - [1064 octets] - [17/10/2014 07:48:18]
AdwCleaner[s0].txt - [908 octets] - [17/10/2014 07:51:17]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [967 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/17/2014
Scan Time: 7:54:40 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.17.04
Rootkit Database: v2014.10.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Eric

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 543822
Time Elapsed: 9 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

here's the frst.txt file (I can't figure out how to attach files), and the only way I seem to be able to paste, is by clicking the BBC Code mode button.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Eric (administrator) on ERICS-PC on 17-10-2014 09:54:57
Running from D:\Data\Download
Loaded Profile: Eric (Available profiles: Eric & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() D:\Program Files\ShrewSoft\VPN Client\iked.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
() D:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSAS10_50.SQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSERVER\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Cyber Power Systems, Inc.) D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSERVER\MSSQL\Binn\fdhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
() C:\Users\Eric\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Dropbox, Inc.) C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Cyber Power Systems, Inc.) D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
() D:\Program Files\ShrewSoft\VPN Client\ipsecc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Alm.Shared.Remoting.RemoteContainer\v4.0_12.0.0.0__b03f5f7f11d50a3a\Microsoft.Alm.Shared.Remoting.RemoteContainer.dll
(Microsoft Corporation) C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\CommonExtensions\Microsoft\TestWindow\vstest.discoveryengine.x86.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\CommonExtensions\Microsoft\TestWindow\vstest.executionengine.x86.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\Microsoft.VisualStudio.Web.Host.exe
(Microsoft Corporation) C:\Program Files (x86)\IIS Express\iisexpress.exe
(Microsoft Corporation) C:\Program Files (x86)\IIS Express\iisexpresstray.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\XDesProc.exe
(Microsoft Corporation) D:\KBA\CLOS\CLOS 2.2\CLOS.UI\bin\Debug\CLOS.UI.vshost.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\CommonExtensions\Microsoft\IntelliTrace\12.0.0\IntelliTrace.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [TortoiseHgOverlayIconServer] => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [100616 2014-04-01] ()
HKLM-x32\...\Run: [brMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [362896 2014-03-05] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [LifeCam] => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4169390750-4008196466-3721169935-1001\...\Run: [Amazon Cloud Player] => C:\Users\Eric\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-4169390750-4008196466-3721169935-1001\...\Run: [skyDrive] => C:\Users\Eric\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-4169390750-4008196466-3721169935-1001\...\Run: [installation Diagnostics] => d:\Program Files (x86)\Brother\Brmfl04g\Brinstck.exe [126976 2006-11-04] (Brother Industries, Ltd.)
HKU\S-1-5-21-4169390750-4008196466-3721169935-1001\...\MountPoints2: {7d7ee87f-0d23-11e4-beeb-bc5ff496c790} - "E:\LaunchU3.exe" -a
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> D:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.barkeware.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x491B6076A165CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.barkeware.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> D:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - D:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4A524E76-EC74-449D-A74C-40E58B2E39C5}: [NameServer] 10.50.50.100

FireFox:
========
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\g4rmai35.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Eric\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Eric\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-09]
CHR Extension: (Google Drive) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-09]
CHR Extension: (Google Search) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-09]
CHR Extension: (Porsche) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2013-04-09]
CHR Extension: (Time Track Turbo) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfpdchekaibhfahggibpcepgngnmcia [2013-04-09]
CHR Extension: (Google Wallet) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Gmail) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-04-24] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2014-03-18] (Microsoft Corporation)
R2 iked; D:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [14760 2013-01-01] (Microsoft Corporation)
R2 ipsecd; D:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-12-16] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-12-16] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [210784 2011-06-17] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2014-03-18] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1380592 2013-04-29] (Microsoft Corp.)
R2 MSOLAP$SQLSERVER; D:\Program Files\Microsoft SQL Server\MSAS10_50.SQLSERVER\OLAP\bin\msmdsrv.exe [54791520 2011-06-17] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 MSSQL$SQLSERVER; D:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSERVER\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQLSERVER; D:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSERVER\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 ppped; D:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1030544 2014-03-05] (Cyber Power Systems, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S3 SQLAgent$SQLSERVER; D:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSERVER\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 vmms; C:\Windows\system32\vmms.exe [13401600 2014-05-09] (Microsoft Corporation)
R3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-18] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-03-18] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101376 2011-12-15] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2014-03-18] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34408 2013-09-27] (Microsoft Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2014-03-18] (Microsoft Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2014-03-18] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2014-03-18] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2014-03-18] (Microsoft Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-01-27] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [690688 2014-06-05] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [690688 2014-06-05] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [690688 2014-06-05] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [690688 2014-06-05] (Microsoft Corporation)
S3 VSPerfDrv120; D:\Program Files (x86)\Microsoft Visual Studio 12.0\Team Tools\Performance Tools\x64\VSPerfDrv120.sys [94888 2013-09-23] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 08:05 - 2014-10-17 09:54 - 00000000 ____D () C:\FRST
2014-10-17 08:02 - 2014-10-17 08:02 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-16 20:31 - 2014-10-17 07:51 - 00000000 ____D () C:\AdwCleaner
2014-10-16 20:27 - 2014-10-16 20:27 - 00000695 _____ () C:\Users\Eric\Desktop\JRT.txt
2014-10-16 20:23 - 2014-10-16 20:23 - 01705698 _____ (Thisisu) C:\Users\Eric\Desktop\JRT.exe
2014-10-16 20:23 - 2014-10-16 20:23 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-16 08:24 - 2014-10-16 08:24 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-16 08:24 - 2014-10-16 08:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-16 08:12 - 2014-10-16 08:13 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-10-16 08:12 - 2014-10-16 08:12 - 00000940 _____ () C:\Users\Eric\Desktop\NTREGOPT.lnk
2014-10-16 08:12 - 2014-10-16 08:12 - 00000921 _____ () C:\Users\Eric\Desktop\ERUNT.lnk
2014-10-16 08:12 - 2014-10-16 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-10-16 08:09 - 2014-10-16 08:09 - 00002012 _____ () C:\Users\Eric\Desktop\Rkill.txt
2014-10-15 07:04 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 07:02 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 07:01 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 07:01 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 07:01 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 07:01 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 07:01 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 07:01 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 07:01 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 07:01 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 07:01 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 07:01 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 07:01 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 07:01 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 07:01 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 07:01 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 07:01 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 07:01 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 07:00 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 07:00 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 07:00 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 07:00 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 07:00 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 07:00 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 07:00 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 07:00 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 07:00 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 07:00 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 07:00 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 07:00 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 07:00 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 07:00 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 07:00 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 07:00 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 07:00 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 07:00 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 07:00 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 07:00 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 07:00 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 07:00 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 07:00 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 07:00 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 07:00 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 07:00 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 07:00 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 07:00 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 07:00 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 07:00 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 07:00 - 2014-09-13 01:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 07:00 - 2014-09-13 00:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 06:57 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 06:57 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 06:57 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 06:57 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-09 21:35 - 2014-10-09 21:35 - 00002232 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-10-09 21:35 - 2014-10-09 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-10-01 09:27 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-01 09:27 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-01 09:27 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-01 09:27 - 2014-08-15 23:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-01 09:27 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-01 09:27 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-01 09:27 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-01 09:27 - 2014-08-15 22:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-01 09:27 - 2014-08-15 22:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-01 09:27 - 2014-08-15 22:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-01 09:27 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-01 09:27 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-01 09:27 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-01 09:27 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-01 09:27 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-01 09:27 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-01 09:27 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-01 09:27 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-01 09:27 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-01 09:27 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-01 09:27 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-01 09:27 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-01 09:27 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-01 09:27 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-01 09:27 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-01 09:27 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-01 09:27 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-01 09:27 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-01 09:27 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-01 09:27 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-01 09:27 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-01 09:27 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-01 09:27 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-01 09:27 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-01 09:27 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-01 09:27 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-01 09:27 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-01 09:27 - 2014-07-31 18:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-30 23:34 - 2014-10-02 13:16 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KBA Solutions Inc
2014-09-17 07:20 - 2014-08-23 02:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-17 07:20 - 2014-08-23 02:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-17 07:20 - 2014-08-23 01:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-17 07:20 - 2014-08-23 00:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-17 07:20 - 2014-08-22 23:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-17 07:20 - 2014-08-22 23:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-17 07:20 - 2014-08-22 23:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-17 07:20 - 2014-08-22 23:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-17 07:20 - 2014-08-22 23:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 09:51 - 2014-04-23 14:58 - 00000574 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4169390750-4008196466-3721169935-1001.job
2014-10-17 09:50 - 2014-03-17 22:13 - 01788178 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-17 09:47 - 2014-06-27 12:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 09:25 - 2013-03-16 04:39 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 09:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-17 08:57 - 2013-03-16 01:01 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4169390750-4008196466-3721169935-1001
2014-10-17 08:02 - 2013-03-18 03:00 - 00004970 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ERICS-PC-Eric Erics-PC
2014-10-17 07:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-10-17 07:54 - 2013-04-09 12:29 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-17 07:53 - 2014-03-17 22:37 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso
2014-10-17 07:53 - 2013-03-18 02:27 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Dropbox
2014-10-17 07:52 - 2014-04-25 10:57 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\TortoiseHg
2014-10-17 07:52 - 2013-11-14 02:20 - 00027646 _____ () C:\WINDOWS\PFRO.log
2014-10-17 07:52 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-17 07:52 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-17 07:52 - 2013-03-16 04:39 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 07:52 - 2013-03-16 01:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-17 07:49 - 2014-03-18 07:41 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{08FC59BA-B3D7-4C6D-BC79-37FF9ACA9C13}
2014-10-16 21:38 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-16 15:44 - 2013-08-22 09:46 - 00459823 _____ () C:\WINDOWS\setupact.log
2014-10-16 15:24 - 2013-11-14 02:29 - 01234520 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-16 15:07 - 2013-03-16 00:52 - 00000000 ____D () C:\Users\Eric\AppData\Local\Packages
2014-10-16 07:47 - 2013-08-22 09:44 - 02475096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 07:46 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-16 07:46 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-16 07:46 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 15:06 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-10-15 11:51 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-15 11:50 - 2013-08-14 19:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 11:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-15 11:46 - 2013-03-16 02:29 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 07:46 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-13 14:24 - 2014-06-27 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-13 14:24 - 2014-06-27 12:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-13 14:24 - 2013-03-17 19:21 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-12 08:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-10 11:33 - 2014-04-23 14:58 - 00003572 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4169390750-4008196466-3721169935-1001
2014-10-09 21:35 - 2013-03-16 04:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-09 13:35 - 2014-03-18 13:57 - 00000000 ____D () C:\Users\Eric\AppData\Local\Deployment
2014-10-03 10:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-10-01 14:34 - 2013-05-07 13:21 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\webex
2014-10-01 11:11 - 2014-06-27 12:29 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-06-27 12:29 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2013-03-17 19:21 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-01 09:28 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-01 09:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-01 00:02 - 2013-04-08 11:14 - 00001655 _____ () C:\Users\Eric\AppData\Roaming\SvcTraceViewer.exe.settings
2014-09-30 10:30 - 2013-03-16 03:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-29 17:45 - 2013-08-22 10:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-29 17:45 - 2013-08-22 10:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 11:56 - 2013-03-26 08:07 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-26 17:33 - 2014-05-13 15:18 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\KBA_Solutions_Inc
2014-09-26 17:33 - 2014-05-13 15:18 - 00000000 ____D () C:\Users\Eric\AppData\Local\KBA_Solutions_Inc
2014-09-26 09:42 - 2013-04-11 10:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-25 08:57 - 2014-06-19 13:05 - 00000000 ____D () C:\Users\Eric\AppData\Local\Downloaded Installations
2014-09-24 12:50 - 2014-09-10 12:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Leader Technologies
2014-09-22 11:57 - 2013-05-07 13:21 - 00000000 ____D () C:\ProgramData\WebEx
2014-09-22 01:42 - 2013-03-16 02:30 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-18 06:48 - 2013-03-18 02:29 - 00001064 _____ () C:\Users\Eric\Desktop\Dropbox.lnk
2014-09-18 06:48 - 2013-03-18 02:28 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 09:55 - 2013-12-04 21:21 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 09:55 - 2013-12-04 21:21 - 00001106 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

Files to move or delete:
====================
C:\Users\Eric\udownload.dat


Some content of TEMP:
====================
C:\Users\Eric\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Eric\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Eric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpymcx37.dll
C:\Users\Eric\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Eric\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Eric\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Eric\AppData\Local\Temp\nvStInst.exe
C:\Users\Eric\AppData\Local\Temp\Quarantine.exe
C:\Users\Eric\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-17 08:57

==================== End Of Log ============================

Link to post
Share on other sites

here is the Additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Eric at 2014-10-17 09:55:21
Running from D:\Data\Download
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (x32 Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Altova XMLSpy 2014 rel. 2 sp1 (x64) Professional Edition (HKLM\...\{D6D70783-CBC2-46B4-877E-AE54B576D670}) (Version: 2014.02.01 - Altova)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
B of I - CLOS - Commercial Loan Origination System - Development (HKCU\...\b074982881b7922a) (Version: 2.2.0.23 - KBA Solutions Inc)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Beyond Compare 3.3.8 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.8.16340 - Scooter Software)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Brother MFL-Pro Suite (HKLM-x32\...\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}) (Version: 1.00 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-7820N (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Critical Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2938807) (HKLM-x32\...\{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}.KB2938807) (Version: 1 - Microsoft Corporation)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
CyberPower PowerPanel Personal Edition 1.4.2 (HKLM-x32\...\{53DEB715-D6FC-4C29-8169-A921D4809E8C}) (Version: 1.4.2 - Cyber Power Systems, Inc.)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Entity Framework 6.1.1 Tools for Visual Studio 2012 (HKLM-x32\...\{6C870711-0672-4CD2-823F-204FD3502CAB}) (Version: 11.2.30610.0 - Microsoft Corporation)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 7.0.1.1796 (HKCU\...\GoToMeeting) (Version: 7.0.1.1796 - CitrixOnline)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
InstallShield 2013 Limited Edition (HKLM-x32\...\{6781C524-2DA2-4182-908C-8B204E0DD47C}) (Version: 20.00.0000 - Flexera Software LLC)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
JavaScript Tooling (x32 Version: 11.0.60315 - Microsoft Corporation) Hidden
JavaScript Tooling (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
Kendo UI for ASP.NET MVC Q2 2013 SP1 (HKLM-x32\...\{EDA31EF4-5A9D-4A63-A06D-8FFC12FE4920}) (Version: 13.2.918.0 - Telerik AD)
Live SDK (HKLM-x32\...\{1ED8BAEB-3997-4184-93A7-A039517FD9F8}) (Version: 5.4.3499.0620 - Microsoft Corporation)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
LogMeIn (HKLM-x32\...\{B27B646E-76EA-4412-91D8-A4DFDA8AD152}) (Version: 4.1.3256 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Advertising SDK for Windows 8.1 - ENU (x32 Version: 8.1.30809.0 - Microsoft Corporation) Hidden
Microsoft Advertising SDK for Windows Phone - ENU (HKLM-x32\...\{5C87A4DB-31C7-465E-9356-71B485B69EC8}) (Version: 6.2.960.0 - Microsoft Corporation)
Microsoft Advertising Service Extension for Visual Studio (x32 Version: 12.0.30809.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET and Web Tools 2012.3 - Visual Studio 2012 (x32 Version: 1.4.41009.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update (x32 Version: 3.0.30710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 - Visual Studio 2010 Tools (x32 Version: 4.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU (x32 Version: 4.1.20219.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 (HKLM-x32\...\{037a3c70-cc6a-4ae2-aa0e-70eb68ea81d5}) (Version: 4.0.20714.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Visual Studio 2010 Finalizer (x32 Version: 4.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Visual Studio 2010 Uninstall Finalizer (x32 Version: 4.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU (x32 Version: 5.0.11001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools (x32 Version: 1.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 - Visual Studio 2010 Tools (x32 Version: 2.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU (x32 Version: 4.1.20219.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU (x32 Version: 4.1.21001.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 (HKLM-x32\...\{cb29be6c-39c4-493e-9da7-d585d5353714}) (Version: 2.0.20715.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20716.0 - Microsoft Corporation) Hidden
Microsoft C++ Azure Mobile SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 11.0.50727.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 11.0.50727.0 - Microsoft Corporation) Hidden
Microsoft Enterprise Library 5.0 (HKLM-x32\...\{B3BF02F1-C630-4EA9-8D11-38CC34ECEE75}) (Version: 5.0.414.0 - Microsoft patterns & practices)
Microsoft Exchange Web Services Managed API 2.0 (x32 Version: 15.0.516.14 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for Silverlight 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for Windows Phone 7 (x32 Version: 2.0.20901.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for Windows Phone OS 7.1 (x32 Version: 2.0.30816.0 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Identity Extensions (Version: 2.0.1459.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft LightSwitch for Visual Studio 2012 Core (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2012 v3.0 Core (x32 Version: 11.0.61011 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU (x32 Version: 11.0.61011 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 Core (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 v4.0 Tools (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch for Visual Studio 2013 v4.0 ToolsRes - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft LightSwitch v4.0 SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio 2012 (x32 Version: 2.6.40627.9000 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio 2012 Express for Windows Phone (x32 Version: 2.6.40627.9000 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio 2013 (x32 Version: 2.7.40911.287 - Microsoft Corporation) Hidden
Microsoft NuGet for Visual Studio 2010 (HKLM-x32\...\{22B4F250-F40C-4E59-9800-E4AE88C35CFC}) (Version: 2.0.30625.9003 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) - ENU Language Pack (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{8751EDC8-6C7C-40E2-93D0-791EAE498A5D}) (Version: 7.250.4551.0 - Microsoft Corporation)
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 12.0.21005.01 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (x32 Version: 12.0.21005.01 - Microsoft Corporation) Hidden
Microsoft Report Viewer Add-On for Visual Studio 2012 (x32 Version: 11.1.2802.16 - Microsoft Corporation) Hidden
Microsoft Report Viewer Add-On for Visual Studio 2013 (x32 Version: 11.1.3366.16 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft SharePoint 2013 Developer Tools for Visual Studio (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft SharePoint 2013 Developer Tools for Visual Studio ENU Language Pack (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.52.4033.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{5B161932-9D42-4D5E-858D-29BF4C670944}) (Version: 10.2.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM\...\{7FE9A69F-6D91-4E2E-86B5-E2EB27AE6041}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.40706.0) (HKLM-x32\...\{503C7018-7CF9-4261-AB16-B3CFA69181FF}) (Version: 11.1.40706.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools 2012 (HKLM-x32\...\{fd383c06-fd58-4812-8130-d28ac96df75a}) (Version: 11.1.40706.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.40403.0) (HKLM-x32\...\{B5597702-F4FE-4BD4-9349-C3C90A06FBCD}) (Version: 11.1.40403.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2013 Object Model (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ ARM Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ x64 Native Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ x64 Native Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ x64-arm Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ x64-arm Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ x64-x86 Cross Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ x64-x86 Cross Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Compilers - ENU Resources (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Compilers (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Compilers For Windows Phone - ENU Resources (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Compilers For Windows Phone (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Core Libraries For Windows Phone (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Extended Libraries (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86-x64 Compilers (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Designtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 32bit Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Compilers - ENU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Extended Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Add-in for Windows Phone - ENU Language Pack (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Add-in for Windows Phone (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Devenv (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Devenv Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Performance Collection Tools - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Performance Collection Tools (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Preparation (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 SharePoint Developer Tools (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (x32 Version: 4.0.8876.1 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Add-in for Windows Phone - ENU Language Pack (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Add-in for Windows Phone (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Devenv (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Devenv Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 IntelliTrace Core amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 IntelliTrace Core x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 IntelliTrace Front End x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Performance Collection Tools - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Performance Collection Tools (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Preparation (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Profiling Tools (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 VsGraphics Helper Dependencies (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Windows Phone - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Windows Phone (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Premium 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Premium 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2012 - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2012 (HKLM-x32\...\{c93c1c16-fd12-4b07-8926-2a4af46b6597}) (Version: 11.0.50727.26 - Microsoft Corporation)
Microsoft Visual Studio Professional 2012 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Professional 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2013 Storyboarding (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2013 Storyboarding Language Pack (x64) - ENU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 - ENU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{cd09eea6-d0b3-4246-bb80-e047ceadf61f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Developer Tools 2013 - Visual Studio 2013 (x32 Version: 2.0.40926.0 - Microsoft Corporation) Hidden
Microsoft Web Platform Installer 4.5 (HKLM\...\{458707CD-9D7A-477F-B925-02242A29673B}) (Version: 4.0.1863 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Newegg Download Manager (HKLM-x32\...\Newegg Download Manager) (Version: 1.1.0 - Newegg)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
QuickBooks (x32 Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.9835 - Seagate)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
SQL Server 2008 R2 SP1 Analysis Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Client Tools (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Integration Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Management Studio (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Telerik Control Panel (HKLM-x32\...\{DCC9C872-6A50-4EC7-86DF-32371FFAD3AA}) (Version: 14.2.826.0 - Telerik AD)
Telerik Extensions for ASP.NET MVC Q2 2013 (HKLM-x32\...\{D2B9BF2F-B502-4E76-BB56-78EA821ADB48}) (Version: 13.2.611.0 - Telerik Corp.)
Telerik RadControls for ASP.NET AJAX Q3 2013 (HKLM-x32\...\{6C24F065-D631-42C8-BCD7-30E290F20947}) (Version: 13.3.1015.0 - Telerik AD)
Telerik RadControls for Windows 8 HTML Q2 2013 (HKLM-x32\...\{0F841D96-24C2-4A14-B31C-36E8E0572889}) (Version: 13.2.611.0 - Telerik AD)
Telerik RadControls for Windows 8 XAML Q2 2013 (HKLM-x32\...\{6A4EA114-E822-4842-BB8F-58938E35893F}) (Version: 13.2.611.0 - Telerik AD)
Telerik RadControls for WPF Q2 2013 SP1 (HKLM-x32\...\{B194FF94-B7FD-4D1F-B6E6-1A998321E57A}) (Version: 13.2.724.0 - Telerik AD)
Telerik Reporting Q1 2014 (HKLM-x32\...\{19DB9530-EDA6-41AD-BF11-208BB25D8632}) (Version: 8.0.14.225 - Telerik Corp.)
Telerik UI for Silverlight Q1 2014 (HKLM-x32\...\{2148DB8F-C4EA-4D9A-933A-B9D9D2C4EBB8}) (Version: 14.1.224.0 - Telerik AD)
Telerik UI for Windows 8.1 HTML Q1 2014 (HKLM-x32\...\{3C75040C-28C4-4075-8090-EA1C4E39F744}) (Version: 14.1.221.0 - Telerik AD)
Telerik UI for Windows 8.1 XAML Q2 2014 (HKLM-x32\...\{DBF74B2E-1F4E-4596-AA22-D9B189486695}) (Version: 14.2.617.0 - Telerik AD)
Telerik UI for Windows Phone 8 Q2 2014 (HKLM-x32\...\{D46096E8-AF02-4786-9835-CB66D67B893E}) (Version: 14.2.617.0 - Telerik AD)
Telerik UI for WPF Q1 2014 (HKLM-x32\...\{6C524777-E0AF-4734-9C9A-7F5E98855148}) (Version: 14.1.224.0 - Telerik AD)
Telerik UI for WPF Q2 2014 SP1 (HKLM-x32\...\{363BAF1D-AD8F-4F93-90CE-466021D45B57}) (Version: 14.2.729.0 - Telerik AD)
Telerik UI for WPF Q3 2013 SP2 (HKLM-x32\...\{81681708-A669-42E3-8096-56F6B2FFCECA}) (Version: 13.3.1316.0 - Telerik AD)
TortoiseHg 2.11.2 (x64) (HKLM\...\{B0997CD8-C656-47E8-B406-65F09A1A3AA4}) (Version: 2.11.2 - Steve Borho and others)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinBizFedFormset (x32 Version: 013.000.1393 - Intuit Inc.) Hidden
TurboTax 2013 WinBizReleaseEngine (x32 Version: 013.000.0474 - Intuit Inc.) Hidden
TurboTax 2013 WinBizTaxSupport (x32 Version: 013.000.1026 - Intuit Inc.) Hidden
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wmniper (x32 Version: 013.000.1440 - Intuit Inc.) Hidden
TurboTax 2013 wmnsbpm (x32 Version: 013.000.0332 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax Business 2013 (HKLM-x32\...\TurboTax Business 2013) (Version: 2013.0 - Intuit, Inc)
Unity (HKLM-x32\...\Unity) (Version: 4.5.3f3 - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for Microsoft Visual Studio 2012 (KB2781514) (HKLM-x32\...\{56ef8912-352f-4fab-9c73-6f1c92a7127f}) (Version: 11.0.51219 - Microsoft Corporation)
Visual F# 3.1 SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual F# 3.1 VS (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 Prerequisites - ENU Language Pack (Version: 11.0.50727 - Microsoft Corporation) Hidden
Visual Studio 2012 Prerequisites (Version: 11.0.50727 - Microsoft Corporation) Hidden
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
Visual Studio 2013 Prerequisites - ENU Language Pack (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio 2013 Prerequisites (Version: 12.0.21005 - Microsoft Corporation) Hidden
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.9202.20789 - Microsoft Corporation) Hidden
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.9600.16408 - Microsoft Corporation) Hidden
Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20789 (HKLM-x32\...\{49c53021-7c66-4b0b-b842-9b878d2f0e0f}) (Version: 1.0.9200.20789 - Microsoft Corporation)
Vs2012 Verification SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
WatchGuard Mobile VPN with SSL client 11.3.5 (HKLM-x32\...\Mobile VPN with SSL client_is1) (Version: - WatchGuard)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows 8 Development Essentials (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Windows App Certification Kit Native Components (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Azure Active Directory Module for Windows PowerShell (HKLM\...\{43CC9C53-A217-4850-B5B2-8C347920E500}) (Version: 1.0.0 - Microsoft Corporation)
Windows Azure Mobile Services SDK (x32 Version: 1.0.10815.0 - Microsoft Corporation) Hidden
Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0 (x32 Version: 1.0.60906.1602 - Microsoft Corporation) Hidden
Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0 (x32 Version: 1.0.10829.1601 - Microsoft Corporation) Hidden
Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1 (x32 Version: 2.1.10909.1601 - Microsoft) Hidden
Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012 (x32 Version: 1.8.60301.1601 - Microsoft) Hidden
Windows Phone 8.0 Emulation Host (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Windows Phone 8.0 Emulation Images (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Windows Phone 8.0 Managed SDK Profiler (ARM) (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Windows Phone 8.0 Managed SDK Profiler (X86) (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Windows Phone Emulator 8.0 Configurator (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Windows Phone Emulator 8.0 Configurator (x32 Version: 11.0.60830 - Microsoft Corporation) Hidden
Windows Phone Emulator x64 - ENU (Version: 10.1.40219 - Microsoft Corporation) Hidden
Windows Phone SDK 7.1 Assemblies (x32 Version: 10.1.40219 - Microsoft Corporation) Hidden
Windows Phone SDK 8.0 - ENU (HKLM-x32\...\{2348da3b-1257-4a83-a554-b094a08d06d9}) (Version: 11.0.50727.38 - Microsoft Corporation)
Windows Phone SDK 8.0 Assemblies (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Windows Phone SDK 8.0 Extensions for XNA Game Studio 4.0 (x32 Version: 4.0.40906.0 - Microsoft Corporation) Hidden
Windows Phone Tools Finalizer (Version: 11.0.50727 - Microsoft Corporation) Hidden
Windows Phone Tools Finalizer (Version: 11.0.60610 - Microsoft Corporation) Hidden
Windows Runtime Intellisense Content - en-us (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Runtime Intellisense Content - en-us (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit Tools for Windows Store Apps (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (Version: 11.0.51106 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Eric\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Eric\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4169390750-4008196466-3721169935-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

17-10-2014 02:39:10 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {076BC3AB-672E-4A08-A22A-83462EE352E5} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1D1D8AEF-A80C-4AF7-85FD-30CC75546C9E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {20E3208C-BB00-45C5-9403-F76F8343EFD6} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4169390750-4008196466-3721169935-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {276D049E-9F8C-4821-B2FB-60DAA8C5AB23} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {28CE09E6-336E-44B3-B9D6-8D1082911913} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16] (Google Inc.)
Task: {2B88926C-AECA-469F-8A82-0FA7E448EACA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {41C85953-30C4-4C63-85CE-375EFAEB94DD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-15] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4F7CF605-5918-4A0D-BD0A-1F1862007041} - System32\Tasks\Telerik Control Panel Notifier ERICS-PC_Eric => TelerikControlPanelNotifier.exe
Task: {6865B1BB-71FB-4183-98A6-48A3EC6E12F7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7CA3233B-9CB2-4E07-B0CB-00BAD20D0002} - System32\Tasks\G2MUpdateTask-S-1-5-21-4169390750-4008196466-3721169935-1001 => C:\Users\Eric\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe [2014-10-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {8209F292-4888-4244-AF8A-AC15F37BA11F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9632088C-AF19-4E81-935D-118203B4AA31} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A79AE616-A906-44A3-85DB-C505A20AC884} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {AC732964-01EE-4045-9D2F-AC004B8D113A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {AF8A5693-7589-46CD-A1C5-5149FE33A9A0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ERICS-PC-Eric Erics-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-26] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D26015C1-4099-4132-9CEE-E67B87B8F087} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E01AAFFF-2798-4A3C-BA64-F4C716820B5F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EC40A6F5-5284-4772-BEC8-1CF844D8E30F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-16] (Google Inc.)
Task: {F4BEBEE3-7CFD-44C2-89E9-504DF7B46C3A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FD7A12ED-5F27-4C23-B34E-4594E55B4BEA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4169390750-4008196466-3721169935-1001.job => C:\Users\Eric\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-17 22:13 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-28 10:06 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-07-01 03:21 - 2013-07-01 03:21 - 01127736 _____ () D:\Program Files\ShrewSoft\VPN Client\iked.exe
2013-06-30 18:16 - 2013-06-30 18:16 - 00628224 _____ () D:\Program Files\ShrewSoft\VPN Client\libike.dll
2013-06-30 18:16 - 2013-06-30 18:16 - 00039936 _____ () D:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2013-06-30 18:15 - 2013-06-30 18:15 - 00018432 _____ () D:\Program Files\ShrewSoft\VPN Client\libith.dll
2013-06-30 18:17 - 2013-06-30 18:17 - 00029184 _____ () D:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2013-06-30 18:17 - 2013-06-30 18:17 - 00017920 _____ () D:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2013-06-30 18:17 - 2013-06-30 18:17 - 00035840 _____ () D:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2013-06-30 18:16 - 2013-06-30 18:16 - 00013312 _____ () D:\Program Files\ShrewSoft\VPN Client\liblog.dll
2013-06-30 18:16 - 2013-06-30 18:16 - 00116736 _____ () D:\Program Files\ShrewSoft\VPN Client\libip.dll
2013-06-30 18:15 - 2013-06-30 18:15 - 00022016 _____ () D:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-07-01 03:21 - 2013-07-01 03:21 - 00810808 _____ () D:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2014-03-25 11:22 - 2005-04-22 13:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2013-05-02 08:34 - 2011-12-15 22:03 - 00101376 _____ () C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
2014-08-29 05:15 - 2014-09-26 07:43 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-01 22:36 - 2014-04-01 22:36 - 00100616 _____ () C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
2012-10-27 09:28 - 2012-10-27 09:28 - 00128512 _____ () C:\Program Files\TortoiseHg\win32api.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00137728 _____ () C:\Program Files\TortoiseHg\pywintypes27.dll
2012-10-27 09:28 - 2012-10-27 09:28 - 00223232 _____ () C:\Program Files\TortoiseHg\win32gui.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00027648 _____ () C:\Program Files\TortoiseHg\win32pipe.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00023040 _____ () C:\Program Files\TortoiseHg\win32event.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00149504 _____ () C:\Program Files\TortoiseHg\win32file.pyd
2012-10-27 09:28 - 2012-10-27 09:28 - 00136192 _____ () C:\Program Files\TortoiseHg\win32security.pyd
2013-11-10 20:24 - 2013-11-10 20:24 - 00111616 _____ () C:\Program Files\TortoiseHg\_ctypes.pyd
2014-04-01 22:34 - 2014-04-01 22:34 - 00010752 _____ () C:\Program Files\TortoiseHg\mercurial.osutil.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00044032 _____ () C:\Program Files\TortoiseHg\win32process.pyd
2012-10-27 09:29 - 2012-10-27 09:29 - 00503808 _____ () C:\Program Files\TortoiseHg\pythoncom27.dll
2012-10-27 09:31 - 2012-10-27 09:31 - 00438784 _____ () C:\Program Files\TortoiseHg\win32com.shell.shell.pyd
2013-05-15 09:00 - 2014-03-07 15:39 - 03168576 _____ () C:\Users\Eric\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-07-01 03:21 - 2013-07-01 03:21 - 00369992 _____ () D:\Program Files\ShrewSoft\VPN Client\ipsecc.exe
2014-09-10 07:17 - 2014-09-10 07:17 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-01-01 19:01 - 2013-01-01 19:01 - 00228264 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbPc.DLL
2014-06-19 14:44 - 2014-09-26 07:43 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2013-03-18 04:06 - 2009-02-27 18:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-26 12:54 - 2014-06-26 12:54 - 00623432 _____ () D:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2014-10-17 07:53 - 2014-10-17 07:53 - 00043008 _____ () c:\users\eric\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpymcx37.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Eric\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-19 14:34 - 2014-09-26 07:37 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-08-29 05:12 - 2014-09-26 07:41 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKCU\...\StartupApproved\Run: => "CompanionLink"
HKCU\...\StartupApproved\Run: => "msnmsgr"

========================= Accounts: ==========================

Administrator (S-1-5-21-4169390750-4008196466-3721169935-500 - Administrator - Disabled)
Eric (S-1-5-21-4169390750-4008196466-3721169935-1001 - Administrator - Enabled) => C:\Users\Eric
Guest (S-1-5-21-4169390750-4008196466-3721169935-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter #2
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Shrew Soft Virtual Adapter #3
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2014 08:58:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/17/2014 08:57:35 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (10/17/2014 08:02:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/16/2014 09:39:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/16/2014 09:08:14 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: SQL Server 2008 R2 SP2 Management Studio -- Error 1706. An installation package for the product SQL Server 2008 R2 SP2 Management Studio cannot be found. Try the installation again using a valid copy of the installation package 'sql_ssms.msi'.


System errors:
=============
Error: (10/17/2014 09:01:13 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (10/17/2014 08:12:55 AM) (Source: DCOM) (EventID: 10028) (User: ERICS-PC)
Description: DEV-KBA02 560C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe

Error: (10/17/2014 08:12:49 AM) (Source: DCOM) (EventID: 10028) (User: ERICS-PC)
Description: DEV-KBA02 560C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe

Error: (10/17/2014 07:52:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (10/16/2014 08:37:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/16/2014 08:36:45 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/16/2014 08:36:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/16/2014 08:35:45 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/16/2014 08:35:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/16/2014 08:34:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (10/17/2014 08:58:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/17/2014 08:57:35 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (10/17/2014 08:02:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Eric\AppData\Local\Temp\IDC2.tmp\ESETSmartInstaller.exe

Error: (10/16/2014 09:39:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (10/16/2014 09:08:14 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: SQL Server 2008 R2 SP2 Management Studio -- Error 1706. An installation package for the product SQL Server 2008 R2 SP2 Management Studio cannot be found. Try the installation again using a valid copy of the installation package 'sql_ssms.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
Date: 2014-10-16 11:50:31.926
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-16 11:50:31.801
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-15 07:05:48.102
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-15 07:05:47.977
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-15 07:05:47.868
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-15 07:05:44.883
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-15 07:05:44.774
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-15 07:05:44.665
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-15 07:05:44.571
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-10-15 07:05:44.446
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 16269.54 MB
Available physical RAM: 11138.38 MB
Total Pagefile: 32653.54 MB
Available Pagefile: 26284.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:5.62 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:736.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 98058C67)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 98058C1F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

 

 

Next,

 

panda-av.jpg Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Install the scanner by right-click on panda-av.jpg icon and select RunAsAdmin.jpg Run as Administrator.
  • It should start itself automaticaly after the installation.
  • In the main console click Accept and Scan.
  • This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
  • At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
  • Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
  • A notepad window named PCloudCleaner.log will open. Save it to your desktop.


Please include the contents of that file in your next reply.
Don't forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.
 

Link to post
Share on other sites

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Oct 18 08:48:24 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

------------------------------------

Finished reporting.


 

Link to post
Share on other sites

Unknown. FILE: C:\PROGRAM FILES (X86)\COMMON FILES\INTUIT\QUICKBOOKS\QBCFMONITORSERVICE.EXE to be deleted.

Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\QBCFMonitorService. Key to be deleted.

Unknown. FILE: C:\PROGRAM FILES (X86)\WATCHGUARD\WATCHGUARD MOBILE VPN WITH SSL\WGSSLVPNSRC.EXE to be deleted.

Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\wgsslvpnsrc. Key to be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.

Link to post
Share on other sites

this is from the panda scan

 

haven't seen it, but did see another site come up once with the same ip.

 

I also only enabled adobe flash on certain web sites and notice that every web page I went to, would say it needed to run it, when through and uninstalled it and the activex control, which had an error uninstalling, I then downloaded an uninstaller from adobe and ran that.  Now, I don't get the message every web page.  But I haven't tried installing again yet.

Link to post
Share on other sites

  • Root Admin

Okay ignore the panda scan. Go ahead and reinstall Flash.

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

I realized that even though you uninstall it, IE 11 comes with it and you truly can't uninstall it, so it was still there, and it seems odd that just about every page I go to gives me a message saying the page wants to load flash, don't know if that's exactly true, or MS just does that for everything.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.