Jump to content

Think I am getting hacked, location always being accessed


Recommended Posts

Recently I see that the location of my computer is being accessed everyday. Saw that the rpcld.exe file is being used in the accessing. Don't really understand this. 

 

Read through this topic and might have a similar situation in my hands: https://forums.malwarebytes.org/index.php?/topic/114038-servicesexe-infected/

 

Any help appreciated thank you!

 

Also, my computer has been freezing and lagging a lot lately.

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2014

Ran by broma_000 (administrator) on BRIAN-PC on 08-12-2014 23:34:38

Running from C:\Users\broma_000\Desktop\Downloads

Loaded Profile: broma_000 (Available profiles: broma_000)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe

() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Program Files (x86)\MoboRobo\MoboroboDeviceService.exe

(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

(PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Flux Software LLC) C:\Users\broma_000\AppData\Local\FluxSoftware\Flux\flux.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\ProgramData\Rpcnet\Bin\rpcld.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-22] (Intel Corporation)

HKLM\...\Run: [TouchPalKeyboard] => C:\Program Files\CooTek\TouchPal\keyboard\TPKeyBoard.exe [1144392 2013-11-19] ()

HKLM\...\Run: [TouchPalToolBar] => C:\Program Files\CooTek\TouchPal\toolbar\TouchPalToolBar.exe [802888 2013-11-19] ()

HKLM\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [923256 2014-06-27] ()

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-24] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)

HKLM-x32\...\Run: [MessengerPlusForSkypeService] => C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [132096 2014-08-05] (Yuna Software)

HKLM-x32\...\Run: [YouCam Service6] => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [504792 2014-03-27] (CyberLink Corp.)

HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-17] (Symantec Corporation)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [Facebook Update] => C:\Users\broma_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-30] (Facebook Inc.)

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [cdloader] => C:\Users\broma_000\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-15] (Adobe Systems Incorporated)

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [f.lux] => C:\Users\broma_000\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [A33370FB2F9A25C73A12ED957E6DE30584F34FC5._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [Google Update] => C:\Users\broma_000\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-11] (Google Inc.)

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [10845184 2014-12-07] (Sand Studio)

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-11-25] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\MountPoints2: {83fcf64b-2963-11e4-bed1-6c3be57fb18d} - "E:\HTC_Sync_Manager_PC.exe" 

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\MountPoints2: {83fcfa34-2963-11e4-bed1-6c3be57fb18d} - "E:\HTC_Sync_Manager_PC.exe" 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk

ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation)

Startup: C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\broma_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk

ShortcutTarget: EventGhost.lnk -> C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKU\S-1-5-21-4254226789-487654737-2996639702-1001 -> DefaultScope {67B7C120-F809-4B6F-9BC8-A9A307D95FA5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3294791&CUI=UN10335773121925108&UM=2

SearchScopes: HKU\S-1-5-21-4254226789-487654737-2996639702-1001 -> {67B7C120-F809-4B6F-9BC8-A9A307D95FA5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3294791&CUI=UN10335773121925108&UM=2

SearchScopes: HKU\S-1-5-21-4254226789-487654737-2996639702-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-4254226789-487654737-2996639702-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKU\S-1-5-21-4254226789-487654737-2996639702-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

 

FireFox:

========

FF ProfilePath: C:\Users\broma_000\AppData\Roaming\Mozilla\Firefox\Profiles\m6wjz97t.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKU\S-1-5-21-4254226789-487654737-2996639702-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\broma_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKU\S-1-5-21-4254226789-487654737-2996639702-1001: @tools.google.com/Google Update;version=3 -> C:\Users\broma_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-4254226789-487654737-2996639702-1001: @tools.google.com/Google Update;version=9 -> C:\Users\broma_000\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

FF Extension: Adblock Plus - C:\Users\broma_000\AppData\Roaming\Mozilla\Firefox\Profiles\m6wjz97t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-07]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-12-07]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-06]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3294791&SearchSource=48&CUI=UN77284705240691524&UM=2"

CHR Profile: C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Magic Actions for YouTube™) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2013-10-18]

CHR Extension: (HP Product Detection Plugin) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-06-27]

CHR Extension: (Google Docs) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-15]

CHR Extension: (Google Drive) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-15]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (Turn Off the Lights) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-03-15]

CHR Extension: (YouTube) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-15]

CHR Extension: (Google Cast) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-11]

CHR Extension: (Google Search) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-15]

CHR Extension: (VK Music Downloader) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpokhfcmgpipfplgbkiecbpcmplgniam [2014-11-12]

CHR Extension: (Video Downloader professional) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-10-17]

CHR Extension: (Photo Zoom for Facebook) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2013-03-15]

CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2013-03-15]

CHR Extension: (AdBlock) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-03-15]

CHR Extension: (Google Keep - notes and lists) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-11-23]

CHR Extension: (Bookmarks) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihaibgdemjcpnllmndlpdkfiggadlcgi [2013-03-15]

CHR Extension: (Norton Identity Safe) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-16]

CHR Extension: (FVD Downloader) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-11-12]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-05-01]

CHR Extension: (Norton Security Toolbar) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-03-15]

CHR Extension: (FastestFox for Chrome) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-03-15]

CHR Extension: (FreshStart - Cross Browser Session Manager) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb [2014-09-21]

CHR Extension: (Google Wallet) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Recently Closed Tabs) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc [2013-03-15]

CHR Extension: (Click&Clean App) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2013-04-27]

CHR Extension: (Gmail) - C:\Users\broma_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-15]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-02]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)

S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation)

S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451928 2014-11-25] (Garmin Ltd or its subsidiaries)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-05] (Intel Corporation)

R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)

R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MoboroboDeviceService; C:\Program Files (x86)\MoboRobo\MoboroboDeviceService.exe [72184 2014-07-31] ()

R2 MsgPlusService; C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [132096 2014-08-05] (Yuna Software) [File not signed]

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)

R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]

S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-10-23] (Sony Corporation) [File not signed]

S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation)

R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-11-24] (RaMMicHaeL)

R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-04-14] ()

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-12] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]

S2 WSServiceCrk; C:\Windows\system32\wsservice_crk.dll [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)

S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)

S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141208.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)

R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()

R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [19944 2012-08-16] ()

R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)

R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()

S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [44544 2013-01-14] (ManyCam LLC)

R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-08] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141208.001\ENG64.SYS [129752 2014-10-12] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141208.001\EX64.SYS [2137304 2014-10-12] (Symantec Corporation)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-04-17] (Intel Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-12] (Corel Corporation)

S3 Rockusb; C:\Windows\System32\drivers\rockusb.sys [66704 2014-09-22] (Fuzhou Rockchip Electronics Co,Ltd.)

S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-09-06] (Realtek Semiconductor Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)

R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-24] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [36736 2013-02-08] (The OpenVPN Project) [File not signed]

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-12-05] ()

R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-02-06] (Basil Projects)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-12-07] ()

S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]

U0 Partizan; system32\drivers\Partizan.sys [X]

S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]

S3 XHCIPort; \SystemRoot\System32\drivers\XHCIPort.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-08 23:34 - 2014-12-08 23:34 - 00000000 ____D () C:\FRST

2014-12-07 21:26 - 2014-12-07 21:26 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp

2014-12-07 20:14 - 2014-12-07 20:21 - 00000000 ____D () C:\Users\broma_000\AppData\Local\Signage Manager Express

2014-12-07 20:12 - 2014-12-07 20:12 - 00003151 _____ () C:\Users\broma_000\Desktop\Signage Manager Express.lnk

2014-12-07 20:12 - 2014-12-07 20:12 - 00003111 _____ () C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Signage Manager Express.lnk

2014-12-07 20:12 - 2014-12-07 20:12 - 00000000 ____D () C:\Program Files (x86)\Signage Manager Express

2014-12-07 19:47 - 2014-12-07 19:47 - 00000000 ____D () C:\Users\broma_000\Documents\Gefen

2014-12-07 19:46 - 2014-12-07 19:46 - 00000000 ____D () C:\Users\broma_000\AppData\Local\Gefen

2014-12-07 19:44 - 2014-12-07 19:44 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\TaiG

2014-12-07 19:40 - 2014-12-07 19:40 - 00002107 _____ () C:\Users\Public\Desktop\Gefen Digital Signage Director.lnk

2014-12-07 19:40 - 2014-12-07 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gefen

2014-12-07 19:39 - 2014-12-07 19:39 - 00000000 ____D () C:\Program Files (x86)\Gefen

2014-12-07 19:00 - 2014-12-07 19:37 - 00008056 _____ () C:\WINDOWS\SysWOW64\AppLog.log

2014-12-05 20:02 - 2014-12-05 17:24 - 01457349 _____ () C:\Users\broma_000\Desktop\HP Rebate 2.jpeg.jpeg

2014-12-05 20:02 - 2014-12-05 17:22 - 01469232 _____ () C:\Users\broma_000\Desktop\HP Rebate 1.jpeg

2014-12-05 00:11 - 2014-12-05 00:11 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2014-12-05 00:11 - 2014-12-05 00:11 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-12-04 19:10 - 2014-12-04 19:10 - 00003556 _____ () C:\WINDOWS\System32\Tasks\GarminUpdaterTask

2014-12-04 19:10 - 2014-12-04 19:10 - 00001906 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2014-12-04 19:10 - 2014-12-04 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2014-12-04 18:38 - 2014-12-04 18:38 - 00000000 ____D () C:\Users\broma_000\Documents\Garmin

2014-12-04 18:37 - 2014-12-04 18:37 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\Garmin

2014-12-04 18:37 - 2014-12-04 18:37 - 00000000 ____D () C:\Users\broma_000\AppData\Local\Garmin

2014-12-04 18:37 - 2014-12-04 18:37 - 00000000 ____D () C:\Program Files\DIFX

2014-12-04 18:36 - 2014-12-04 19:10 - 00000000 ____D () C:\ProgramData\Garmin

2014-12-04 18:36 - 2014-12-04 19:10 - 00000000 ____D () C:\Program Files (x86)\Garmin

2014-12-04 02:06 - 2014-12-07 21:27 - 00000000 ____D () C:\Users\broma_000\Documents\AirDroid

2014-12-04 02:06 - 2014-12-07 21:27 - 00000000 ____D () C:\Program Files (x86)\AirDroid

2014-12-04 02:06 - 2014-12-04 02:06 - 00001899 _____ () C:\Users\Public\Desktop\AirDroid.lnk

2014-12-04 02:06 - 2014-12-04 02:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid

2014-12-02 23:24 - 2014-12-02 23:24 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\ThinkSky

2014-12-02 23:23 - 2014-12-07 23:45 - 00000344 _____ () C:\WINDOWS\Tasks\iToolsDaemon.job

2014-12-02 23:23 - 2014-12-02 23:42 - 00000000 ____D () C:\Program Files (x86)\ThinkSky

2014-12-02 23:23 - 2014-12-02 23:23 - 00003290 _____ () C:\WINDOWS\System32\Tasks\iToolsDaemon

2014-12-02 23:21 - 2014-12-02 23:43 - 00000000 ____D () C:\Users\broma_000\Documents\iTools

2014-12-02 19:21 - 2014-12-02 19:21 - 00000000 ____D () C:\Users\Public\Documents\Adobe

2014-12-02 19:21 - 2014-12-02 19:21 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2014-12-02 19:13 - 2014-12-02 18:11 - 01249655 _____ () C:\Users\broma_000\Desktop\chair receipt 2.jpeg

2014-12-02 19:07 - 2014-12-02 19:07 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\Norton Utilities 16

2014-11-27 16:21 - 2014-12-07 21:26 - 00000314 _____ () C:\WINDOWS\Tasks\NUAutoUpdate.job

2014-11-27 16:21 - 2014-12-07 19:37 - 00000306 _____ () C:\WINDOWS\Tasks\NUSchedule.job

2014-11-27 16:21 - 2014-11-27 16:21 - 00002870 _____ () C:\WINDOWS\System32\Tasks\NUSchedule

2014-11-27 16:21 - 2014-11-27 16:21 - 00002530 _____ () C:\WINDOWS\System32\Tasks\NUAutoUpdate

2014-11-27 16:21 - 2014-11-27 16:21 - 00000000 ____D () C:\Users\broma_000\Documents\Norton Utilities 16

2014-11-27 16:18 - 2014-11-27 16:18 - 00001237 _____ () C:\Users\Public\Desktop\Norton Utilities 16.lnk

2014-11-27 16:18 - 2014-11-27 16:18 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\Product_NU16

2014-11-27 16:18 - 2014-11-27 16:18 - 00000000 ____D () C:\ProgramData\Symantec

2014-11-27 16:18 - 2014-11-27 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 16

2014-11-27 16:18 - 2014-11-27 16:18 - 00000000 ____D () C:\Program Files (x86)\Symantec

2014-11-27 16:18 - 2014-01-17 05:13 - 00042624 _____ () C:\WINDOWS\system32\CleanMFT64.exe

2014-11-27 16:18 - 2014-01-17 04:35 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4.dll

2014-11-27 16:18 - 2014-01-17 04:35 - 01101824 _____ (Woodbury Associates Limited) C:\WINDOWS\SysWOW64\UniBox210.ocx

2014-11-27 16:18 - 2014-01-17 04:35 - 01081616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX

2014-11-27 16:18 - 2014-01-17 04:35 - 00880640 _____ (Woodbury Associates Limited) C:\WINDOWS\SysWOW64\UniBox10.ocx

2014-11-27 16:18 - 2014-01-17 04:35 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX

2014-11-27 16:18 - 2014-01-17 04:35 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll

2014-11-27 16:18 - 2014-01-17 04:35 - 00212992 _____ (Woodbury Associates Limited) C:\WINDOWS\SysWOW64\UniBoxVB12.ocx

2014-11-27 16:18 - 2014-01-17 04:35 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4r.dll

2014-11-27 16:18 - 2014-01-17 04:35 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml4a.dll

2014-11-23 04:03 - 2014-11-23 04:03 - 00000609 _____ () C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.lnk

2014-11-23 03:56 - 2014-11-23 03:57 - 00000000 ____D () C:\Users\broma_000\Desktop\APK

2014-11-23 03:45 - 2014-11-23 03:45 - 00000000 ____D () C:\Users\broma_000\Desktop\Skazka

2014-11-23 03:34 - 2014-11-23 03:49 - 00000000 ____D () C:\Users\broma_000\Desktop\HTC

2014-11-23 03:34 - 2014-11-23 03:34 - 00000982 _____ () C:\Users\broma_000\Desktop\rekordbox 3.1.0.lnk

2014-11-21 19:15 - 2014-11-21 19:15 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast

2014-11-21 19:05 - 2014-11-21 19:05 - 00000000 ____D () C:\ProgramData\IsolatedStorage

2014-11-21 19:04 - 2014-11-21 19:04 - 00002062 _____ () C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk

2014-11-21 19:04 - 2014-11-21 19:04 - 00002032 _____ () C:\Users\broma_000\Desktop\FileHippo App Manager.lnk

2014-11-21 15:47 - 2014-11-21 15:47 - 00000000 __SHD () C:\Users\broma_000\AppData\Local\EmieBrowserModeList

2014-11-19 16:35 - 2014-11-19 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2014-11-19 16:35 - 2014-11-19 16:35 - 00000000 ____D () C:\Program Files\Speccy

2014-11-19 16:33 - 2014-11-19 16:33 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z

2014-11-19 16:33 - 2014-11-19 16:33 - 00000000 ____D () C:\Program Files (x86)\GPU-Z

2014-11-19 16:32 - 2014-11-19 16:32 - 00000887 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk

2014-11-19 16:32 - 2014-11-19 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

2014-11-19 16:32 - 2014-11-19 16:32 - 00000000 ____D () C:\Program Files\CPUID

2014-11-18 21:21 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2014-11-18 21:21 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2014-11-18 21:21 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll

2014-11-18 21:21 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll

2014-11-13 02:02 - 2014-11-13 02:02 - 00000000 ____D () C:\Users\broma_000\Documents\My Received Files

2014-11-12 15:55 - 2014-11-12 15:55 - 00000967 _____ () C:\Users\Public\Desktop\EZCastPro.lnk

2014-11-12 15:55 - 2014-11-12 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZCastPro

2014-11-12 15:55 - 2014-11-12 15:55 - 00000000 ____D () C:\Program Files (x86)\EZCastPro

2014-11-11 22:52 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-11-11 22:52 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-11-11 22:52 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2014-11-11 22:52 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2014-11-11 22:52 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll

2014-11-11 22:52 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-11-11 22:52 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2014-11-11 22:52 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2014-11-11 22:52 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-11-11 22:52 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-11-11 22:52 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-11-11 22:52 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-11-11 22:52 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2014-11-11 22:52 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2014-11-11 22:52 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-11-11 22:52 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-11-11 22:52 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2014-11-11 22:52 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2014-11-11 22:52 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe

2014-11-11 22:52 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2014-11-11 22:52 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2014-11-11 22:52 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2014-11-11 22:52 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys

2014-11-11 22:52 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2014-11-11 22:52 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll

2014-11-11 22:52 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll

2014-11-11 22:52 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2014-11-11 22:52 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll

2014-11-11 22:52 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll

2014-11-11 22:52 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll

2014-11-11 22:52 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2014-11-11 22:52 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll

2014-11-11 22:52 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll

2014-11-11 22:52 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll

2014-11-11 22:52 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2014-11-11 22:52 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-11-11 22:52 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-11-11 22:52 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2014-11-11 22:52 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-11-11 22:52 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll

2014-11-11 22:52 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll

2014-11-11 22:52 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2014-11-11 22:52 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll

2014-11-11 22:52 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2014-11-11 22:52 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2014-11-11 22:52 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2014-11-11 22:52 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2014-11-11 22:52 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2014-11-11 22:52 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2014-11-11 22:52 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll

2014-11-11 22:52 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll

2014-11-11 22:51 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-11-11 22:51 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-11-11 22:51 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-11-11 22:51 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-11-11 22:51 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-11-11 22:51 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-11-11 22:51 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-11-11 22:51 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-11-11 22:50 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe

2014-11-11 22:50 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe

2014-11-11 22:50 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe

2014-11-11 22:50 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll

2014-11-11 22:50 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe

2014-11-11 22:50 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-11-11 22:50 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll

2014-11-11 22:50 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-11-11 22:50 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-11-11 22:50 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-11-11 22:50 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2014-11-11 22:50 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-11-11 22:50 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-11-11 22:50 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-11-11 22:50 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll

2014-11-11 22:50 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2014-11-11 22:50 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll

2014-11-11 22:50 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2014-11-11 22:50 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-11-11 22:50 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-11-11 22:50 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-11-11 22:50 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll

2014-11-11 22:50 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-11-11 22:50 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-11-11 22:50 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll

2014-11-11 22:50 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx

2014-11-11 22:50 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll

2014-11-11 22:50 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-11-11 22:50 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-11-11 22:50 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll

2014-11-11 22:50 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2014-11-11 22:50 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-11-11 22:50 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll

2014-11-11 22:50 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2014-11-11 22:50 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2014-11-11 22:50 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-11-11 22:50 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-11-11 22:50 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-11-11 22:50 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-11-11 22:50 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-11-11 22:50 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll

2014-11-11 22:50 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-11-11 22:50 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe

2014-11-11 22:50 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe

2014-11-11 22:50 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe

2014-11-11 22:50 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll

2014-11-11 22:50 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe

2014-11-11 22:50 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-11-11 22:50 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll

2014-11-11 22:50 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-11-11 22:50 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2014-11-11 22:50 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-11-11 22:50 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-11-11 22:50 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-11-11 22:50 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-11-11 22:50 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2014-11-11 22:50 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-11-11 22:50 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll

2014-11-11 22:50 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll

2014-11-11 22:50 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll

2014-11-11 22:50 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2014-11-11 22:50 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-11-11 22:50 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-11-11 22:50 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll

2014-11-11 22:50 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-11-11 22:50 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-11-11 22:50 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll

2014-11-11 22:50 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll

2014-11-11 22:50 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx

2014-11-11 22:50 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-11-11 22:50 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll

2014-11-11 22:50 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-11-11 22:50 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2014-11-11 22:50 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-11-11 22:50 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll

2014-11-11 22:50 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2014-11-11 22:50 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2014-11-11 22:50 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-11-11 22:50 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-11-11 22:50 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-11-11 22:50 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2014-11-11 22:50 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll

2014-11-11 22:50 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-11-11 22:50 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-11-11 22:50 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll

2014-11-11 22:50 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll

2014-11-11 22:50 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2014-11-11 22:50 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2014-11-11 22:50 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2014-11-11 22:50 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2014-11-11 22:50 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2014-11-11 22:50 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2014-11-11 22:50 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2014-11-11 22:50 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2014-11-11 22:50 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-11-11 22:50 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2014-11-11 22:50 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2014-11-11 22:50 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2014-11-11 22:50 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2014-11-11 17:00 - 2014-12-08 23:12 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001UA.job

2014-11-11 17:00 - 2014-12-07 19:12 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001Core.job

2014-11-11 17:00 - 2014-11-21 19:15 - 00001272 _____ () C:\Users\broma_000\Desktop\Chromecast.lnk

2014-11-11 17:00 - 2014-11-16 19:07 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001UA

2014-11-11 17:00 - 2014-11-16 19:07 - 00003516 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001Core

2014-11-08 22:53 - 2014-11-08 22:53 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\com.adobe.AdobeMuseCC.2014.2

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-08 23:25 - 2014-06-04 00:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-12-08 23:12 - 2013-12-13 21:38 - 01389067 _____ () C:\WINDOWS\WindowsUpdate.log

2014-12-08 23:08 - 2013-07-07 18:55 - 08112128 ___SH () C:\Users\broma_000\Desktop\Thumbs.db

2014-12-08 23:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-12-08 22:59 - 2014-07-06 22:40 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-12-08 22:56 - 2013-03-15 13:33 - 00000000 ____D () C:\Users\broma_000\AppData\Local\Adobe

2014-12-08 22:52 - 2013-03-15 13:33 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B000433B-7E62-4CEB-8985-C26030689D7E}

2014-12-08 22:46 - 2014-04-09 13:21 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.exe

2014-12-08 00:40 - 2013-03-15 13:39 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-08 00:13 - 2013-03-15 14:18 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\uTorrent

2014-12-07 22:20 - 2013-03-15 16:32 - 00000962 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001UA.job

2014-12-07 22:20 - 2013-03-15 16:32 - 00000940 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001Core.job

2014-12-07 22:17 - 2013-03-19 15:49 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\Skype

2014-12-07 21:43 - 2013-03-15 13:38 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4254226789-487654737-2996639702-1001

2014-12-07 21:34 - 2013-09-29 23:04 - 00962568 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-12-07 21:26 - 2014-04-09 13:22 - 00017408 _____ () C:\WINDOWS\SysWOW64\rpcnetp.dll

2014-12-07 21:26 - 2014-03-22 16:23 - 00069792 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll

2014-12-07 21:26 - 2014-03-02 21:00 - 00000000 ___RD () C:\Users\broma_000\SkyDrive

2014-12-07 21:26 - 2013-07-16 21:23 - 00000000 ____D () C:\ProgramData\VMware

2014-12-07 21:26 - 2013-03-15 13:39 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-07 21:26 - 2013-01-30 13:23 - 00000000 ____D () C:\ProgramData\Temp

2014-12-07 21:26 - 2013-01-30 13:15 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys

2014-12-07 21:25 - 2014-09-25 11:40 - 00018152 _____ () C:\WINDOWS\PFRO.log

2014-12-07 21:25 - 2014-04-09 13:21 - 00029336 _____ () C:\WINDOWS\system32\wpbbin.exe

2014-12-07 21:25 - 2014-04-09 13:21 - 00017408 _____ () C:\WINDOWS\SysWOW64\rpcnetp.exe

2014-12-07 21:25 - 2013-11-12 17:59 - 00000000 ____D () C:\Users\broma_000

2014-12-07 21:25 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-12-07 21:25 - 2013-08-22 08:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI

2014-12-07 21:23 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-12-07 21:23 - 2013-03-16 19:13 - 00000000 ____D () C:\Users\broma_000\AppData\Local\CrashDumps

2014-12-07 19:38 - 2013-02-27 16:59 - 62028800 _____ (Microsoft Corporation) C:\Users\broma_000\Desktop\gefen-dsd-2.2.6.18369.exe

2014-12-06 14:48 - 2013-03-15 15:58 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log

2014-12-06 14:48 - 2013-03-15 15:58 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-12-06 14:41 - 2013-03-26 17:57 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-12-06 14:41 - 2013-03-26 17:57 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-06 14:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-12-05 20:02 - 2014-09-25 13:12 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-12-05 20:02 - 2013-03-19 15:49 - 00000000 ____D () C:\ProgramData\Skype

2014-12-05 00:05 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2014-12-04 19:11 - 2013-01-30 13:21 - 00000000 ____D () C:\ProgramData\Package Cache

2014-12-04 18:30 - 2014-09-25 13:35 - 00011344 _____ () C:\WINDOWS\setupact.log

2014-12-04 15:42 - 2013-03-16 12:23 - 00003188 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForbroma_000

2014-12-04 15:42 - 2013-03-16 12:23 - 00000366 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForbroma_000.job

2014-12-02 19:45 - 2014-10-03 16:01 - 00001723 _____ () C:\Users\broma_000\Desktop\Andy.lnk

2014-12-02 14:38 - 2014-06-04 00:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-02 14:38 - 2014-06-04 00:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-02 14:38 - 2013-04-10 16:35 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-27 16:28 - 2014-10-03 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pagico

2014-11-27 16:20 - 2014-10-03 16:01 - 00000000 ____D () C:\Users\broma_000\Andy

2014-11-27 14:13 - 2014-04-06 15:27 - 00000000 ____D () C:\Users\broma_000\Desktop\Miami

2014-11-26 16:42 - 2013-03-15 13:40 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-11-26 15:25 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-11-25 15:59 - 2014-07-06 22:40 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2014-11-24 19:20 - 2013-03-15 13:32 - 00000000 ____D () C:\Users\broma_000\AppData\Local\Packages

2014-11-23 14:43 - 2013-06-20 18:03 - 00001053 _____ () C:\Users\broma_000\Desktop\magicJack.lnk

2014-11-23 14:43 - 2013-06-20 18:03 - 00001039 _____ () C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk

2014-11-23 14:43 - 2013-06-20 17:59 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\mjusbsp

2014-11-23 04:01 - 2013-03-30 16:43 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\avidemux

2014-11-23 03:59 - 2013-10-07 19:32 - 00000000 ____D () C:\Users\broma_000\Desktop\Video Editing

2014-11-23 03:56 - 2014-09-29 23:28 - 00000000 ____D () C:\Users\broma_000\Desktop\CBS Solutions

2014-11-23 03:35 - 2014-11-06 02:21 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\PioneerLog

2014-11-23 03:35 - 2014-09-13 22:19 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer

2014-11-23 03:35 - 2014-09-13 22:18 - 00000000 ____D () C:\Program Files (x86)\Pioneer

2014-11-21 19:15 - 2013-03-15 13:39 - 00000000 ____D () C:\Users\broma_000\AppData\Local\Google

2014-11-21 19:04 - 2013-03-15 16:33 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com

2014-11-21 06:14 - 2014-06-04 00:39 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-11-21 06:14 - 2014-06-04 00:39 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-11-21 06:14 - 2013-03-15 16:36 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-11-20 15:51 - 2013-08-22 10:38 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-11-20 15:51 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-19 19:30 - 2014-09-29 15:17 - 00000000 ____D () C:\Program Files (x86)\EventGhost

2014-11-18 21:55 - 2014-07-01 23:44 - 00000000 ____D () C:\Users\broma_000\AppData\Local\pangu

2014-11-16 19:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-11-13 17:02 - 2013-03-15 15:59 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-13 17:01 - 2013-03-15 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-11-12 15:35 - 2013-03-15 13:39 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-12 15:35 - 2013-03-15 13:39 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-12 15:01 - 2013-08-22 09:44 - 05082192 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-11-12 05:22 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-12 05:22 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-12 05:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-11-12 05:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-11-11 22:56 - 2013-07-13 18:56 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-11-11 22:51 - 2013-03-15 16:43 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-11-11 17:49 - 2014-02-12 03:04 - 00000000 ____D () C:\ProgramData\Messenger Plus! for Skype

2014-11-08 22:53 - 2013-03-15 13:33 - 00000000 ____D () C:\Users\broma_000\AppData\Roaming\Adobe

 

Files to move or delete:

====================

C:\ProgramData\ISTask.dll

 

 

Some content of TEMP:

====================

C:\Users\broma_000\AppData\Local\Temp\dllnt_dump.dll

C:\Users\broma_000\AppData\Local\Temp\unins000.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-07 21:43

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2014

Ran by broma_000 at 2014-12-08 23:35:39

Running from C:\Users\broma_000\Desktop\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.1.0 - Adobe Systems Incorporated)

Adobe Muse CC 2014 (HKLM\...\{AF6524CF-0CED-4B0B-91BF-5757F381E52B}) (Version: 2014.2.1.10 - Adobe Systems, Incorporated)

Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden

Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.1.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)

AirDroid 3.0.0 (HKLM-x32\...\AirDroid) (Version: 3.0.0 - Sand Studio)

ANDY OS (HKLM\...\ANDY OS) (Version: 1.1 - andyroid.net)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)

Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )

AVIGenerator 1.8.0.0 (HKLM-x32\...\AVIGenerator) (Version: 1.8.0.0 - )

AviSynth+ 0.1 (r1576) (HKLM-x32\...\{AC78780F-BACA-4805-8D4F-AE1B52B7E7D3}_is1) (Version: 2.6.0.5 - The Public)

Bandizip (HKLM\...\Bandizip) (Version: 5.03 - Bandisoft.com)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

calibre 64bit (HKLM\...\{2E55EED1-49D4-4A07-B2B9-3EC5BB371F12}) (Version: 0.9.22 - Kovid Goyal)

CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)

ChromecastApp (HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)

ClassicPro© v2.01 (HKLM-x32\...\ClassicPro) (Version: 2.01 - Skin Consortium)

CPUID CPU-Z 1.71 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2728.0 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)

Dropbox (HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)

Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Elevated Installer (x32 Version: 3.2.25.0 - Garmin Ltd or its subsidiaries) Hidden

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

EventGhost 0.4.1.r1669 (HKLM-x32\...\EventGhost_is1) (Version: 0.4.1.r1669 - EventGhost Project)

EZCastPro (HKLM-x32\...\{EAC16524-B32D-4264-BE6A-E37B51AA3978}) (Version: 1.1.0.149 - Actions-Micro)

f.lux (HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Flux) (Version:  - )

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)

Garmin Express (HKLM-x32\...\{c66df0a6-704a-49c8-a5c0-8e73db389013}) (Version: 3.2.25.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 3.2.25.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 3.2.25.0 - Garmin Ltd or its subsidiaries) Hidden

Gefen Digital Signage Director (HKLM-x32\...\{52689723-688A-4981-9AE6-34D53282F1C8}) (Version: 2.2.6.18369 - Gefen)

Genymotion version 2.2.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.2.2 - Genymobile)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)

HP Connected Music (Meridian - player) (HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)

HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{77CC64F2-74CE-47D7-A4B0-5AEBA688FC69}) (Version: 3.0.5 - Hewlett-Packard Company)

HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)

HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)

HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)

HyperTerminal Private Edition v7.0 (HKLM-x32\...\HTPE3) (Version:  - )

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)

iFunBox 2014 (v3.4.697.652), iFunbox DevTeam (HKLM-x32\...\iFunBox 2014_is1) (Version: v3.4.697.652 - )

inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation)

Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® Smart Connect Technology 3.0 x64 (HKLM\...\{DE788AD4-F7CE-4995-ADF8-56174A7B613C}) (Version: 3.0.41.1571 - Intel)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{8e41467d-297e-496d-8b0f-e771b6c87c06}) (Version: 16.11.0 - Intel Corporation)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

KCP-0.5.8.2 (HKLM-x32\...\Kawaii Codec Pack_is1) (Version: 0.5.8.2 - Haruhichan.com)

KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

magicJack (HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Messenger Plus! for Skype (HKLM-x32\...\Messenger Plus! for Skype) (Version: 3.0.0.195 - Yuna Software)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Mobile Forces (HKLM-x32\...\MobileForces) (Version:  - )

MoboRobo 2.1.8.215 (HKLM-x32\...\{02B934E4-C574-4605-842B-01CD16295185}_is1) (Version: 2.1.8.215 - MoboRobo Inc.)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

NetViewer 2.1.339.0 (HKLM-x32\...\NetViewer) (Version: 2.1.339.0 - )

Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)

Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)

NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)

Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\Octoshape add-in for Adobe Flash Player) (Version:  - )

ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9052 - ooVoo LLC.)

Optimum (HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\2954870142.optimumapp.iptv.optimum.net) (Version:  - optimumapp.iptv.optimum.net)

Optimum App for Laptop 2.10 (HKLM\...\{6082AB31-92B1-4832-AC89-3B2E6D8C14FE}) (Version: 2.10 - Cablevision)

Oracle VM VirtualBox 4.3.16 (HKLM\...\{D7FAEA32-7CE3-4D9F-9139-F7B87BCC50AF}) (Version: 4.3.16 - Oracle Corporation)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Reader for PC (HKLM-x32\...\{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}) (Version: 2.0.01.11080 - Sony Corporation)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.29038 - Realtek Semiconductor Corp.)

Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)

rekordbox 3.1.0 (HKLM-x32\...\Pioneer rekordbox 3.1.0) (Version: 3.1.0.2818 - Pioneer)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

Signage Manager Express (HKLM-x32\...\{FCD465E9-42AF-4830-B23B-E40954428618}) (Version: 3.0.5 -  )

Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

sMedio 360 TrueSync (HKLM-x32\...\{3638D219-4AA5-4700-AC4B-272EF2F2DF1B}) (Version: 1.0.0.132 - sMedio Corporation)

Soldier of Fortune II - Double Helix (HKLM-x32\...\Soldier of Fortune II - Double Helix) (Version: 1.0 - Activision, Inc.)

Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)

StartIsBack+ (HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartIsBack) (Version: 1.6.2 - startisback.com)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.15.0 - Synaptics Incorporated)

System Ninja version 3.0.2 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.2 - SingularLabs)

System Requirements Lab CYRI (HKLM-x32\...\{6C8C4577-8E15-4C63-96ED-D40F2072FF74}) (Version: 6.0.19.0 - Husdawg, LLC)

System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)

Tag&Rename 3.8 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.8 - Softpointer Inc)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)

TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)

TouchPal Smartinput Win8 (HKLM\...\TouchPal Smartinput Win8_is1) (Version: 1.3.0 - CooTek)

Unchecky v0.3.4 (HKLM-x32\...\Unchecky) (Version: 0.3.4 - RaMMicHaeL)

Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)

VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.2 - VMware, Inc)

VMware Workstation (Version: 10.0.2 - VMware, Inc.) Hidden

Winamp Pro version 5.666 (Final) HNx Edition (HKLM-x32\...\{68E037D9-B9DE-44BE-A1C5-E2D1933E801B}_is1) (Version: 5.666 (Final) HNx Edition - Nullsoft (defunct))

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Средства проверки правописания Microsoft Office 2013 — русский (HKLM\...\{90150000-001F-0419-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\broma_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\broma_000\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{61625667-893E-4707-B925-A82B528C00B9}\InprocServer32 -> C:\Users\broma_000\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\broma_000\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\broma_000\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\broma_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\broma_000\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\broma_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-4254226789-487654737-2996639702-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\broma_000\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

26-11-2014 20:23:47 Windows Update

04-12-2014 21:19:25 Scheduled Checkpoint

08-12-2014 00:38:59 Installed Gefen Digital Signage Director

08-12-2014 00:41:32 Installed Apple Software Update

08-12-2014 00:42:12 Installed Bonjour

08-12-2014 01:12:34 Installed Signage Manager Express

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2012-07-26 00:26 - 2014-12-07 21:26 - 00002096 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

0.0.0.0 media.opencandy.com

0.0.0.0 cdn.opencandy.com

0.0.0.0 tracking.opencandy.com

0.0.0.0 api.opencandy.com

0.0.0.0 installer.betterinstaller.com

0.0.0.0 installer.filebulldog.com

0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

0.0.0.0 inno.bisrv.com

0.0.0.0 nsis.bisrv.com

0.0.0.0 cdn.file2desktop.com

0.0.0.0 cdn.goateastcach.us

0.0.0.0 cdn.guttastatdk.us

0.0.0.0 cdn.inskinmedia.com

0.0.0.0 cdn.insta.oibundles2.com

0.0.0.0 cdn.insta.playbryte.com

0.0.0.0 cdn.llogetfastcach.us

0.0.0.0 cdn.montiera.com

0.0.0.0 cdn.msdwnld.com

0.0.0.0 cdn.mypcbackup.com

0.0.0.0 cdn.ppdownload.com

0.0.0.0 cdn.riceateastcach.us

0.0.0.0 cdn.shyapotato.us

0.0.0.0 cdn.solimba.com

0.0.0.0 cdn.tuto4pc.com

0.0.0.0 cdn.appround.biz

0.0.0.0 cdn.bigspeedpro.com

0.0.0.0 cdn.bispd.com

 

There are 4 more lines.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0103A4FE-3BE8-4AD0-BAB7-FBF9B417542C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001UA => C:\Users\broma_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)

Task: {01A64BDA-3800-40DB-AFF2-9F51743E0CD0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {03EA00A5-E0AB-46A1-892B-33378B44C4BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {04FF524F-C915-4E7E-B5D3-B8FF8946EA02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {32973414-6FDE-4572-8684-A1F59BAF4D44} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001Core => C:\Users\broma_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-30] (Facebook Inc.)

Task: {35527F4E-4326-4191-A5D9-469771FA3BB0} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION

Task: {408FB6CF-3B03-4B2F-B7F2-EEF24AEFAD0C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {40A379C8-ED7B-43AB-BF27-817E83B4C140} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {440E74CC-06BA-4451-A20D-99211F70D1E2} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe [2014-12-05] (Symantec)

Task: {44FF5DC0-353E-4125-937C-484EDD3B0C3E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001UA => C:\Users\broma_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-30] (Facebook Inc.)

Task: {4D65EFF7-D58D-4857-973E-9D9364A239F0} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2014-12-05] (Symantec)

Task: {4DA65853-944D-483A-B661-105B7104CCF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {53F56902-D6FD-4329-B5B7-D323F611FF87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.)

Task: {5D9FCEBD-0B4D-49EC-970F-D7E20AC8C8FF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {6B9CFE6D-C870-459B-9322-290188F55C65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)

Task: {70F11594-F64A-421D-94A9-542B528225B8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)

Task: {714BD6B7-3A2D-42C0-8B78-61996EE36FC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-15] (Google Inc.)

Task: {80FB86FF-2359-4140-B1F2-824521EFF55E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

Task: {81E4A8E5-1A1F-4075-A485-207F84E80B93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001Core => C:\Users\broma_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)

Task: {83833869-69C3-4E1A-84AF-66262B2E5623} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {8BE58C6D-F8D9-48E9-A8ED-0294B5B932C6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

Task: {8E1042FE-4EA2-4B0E-87FC-671095ADBD77} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)

Task: {9346367F-6B48-4624-B20C-31648959120C} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

Task: {965EB2D8-0A34-465C-931D-D5AA763AF724} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe

Task: {9FF26A12-F4CE-43C9-B1DE-6B3A8C774EEC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-11] (Microsoft Corporation)

Task: {ACFE947C-EB0C-49DE-AEF6-4FAA86488016} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-broman400t@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)

Task: {AFC0C434-971D-4AAF-A940-5E96F80CA5C2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-14] (Synaptics Incorporated)

Task: {B3FBE08F-949A-4F1E-BE96-AF859245333C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)

Task: {CF4D487E-C8F9-4AF7-B451-F9C2E45F75BA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-11-25] ()

Task: {D06CDF9B-02EB-4C2F-AA9D-47A33268A33C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {E9D2EA7A-AED0-4912-B738-20A145779267} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe

Task: {EB3C3927-B3D8-499D-B49F-E6B6152FA27C} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()

Task: {FD5B96D8-3724-4D24-A8D3-9638AD2A871E} - System32\Tasks\HPCeeScheduleForbroma_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {FFAD8FEF-AA34-4A61-B3E6-BF074E1960F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001Core.job => C:\Users\broma_000\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001UA.job => C:\Users\broma_000\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001Core.job => C:\Users\broma_000\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4254226789-487654737-2996639702-1001UA.job => C:\Users\broma_000\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForbroma_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\WINDOWS\Tasks\iToolsDaemon.job => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe

Task: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe

Task: C:\WINDOWS\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-08-16 23:36 - 2012-08-16 23:36 - 00149032 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

2012-08-16 23:36 - 2012-08-16 23:36 - 00058920 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll

2014-09-22 20:30 - 2014-07-31 15:51 - 00072184 _____ () C:\Program Files (x86)\MoboRobo\MoboroboDeviceService.exe

2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2014-04-14 15:04 - 2014-04-14 15:04 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

2014-09-26 13:41 - 2014-09-26 13:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-09-22 20:30 - 2014-07-31 15:54 - 00941632 _____ () C:\Program Files (x86)\MoboRobo\DriverInstall.dll

2014-04-14 15:41 - 2014-04-14 15:41 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll

2014-10-14 23:28 - 2014-10-14 23:28 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-01-30 13:15 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

2014-11-26 16:42 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll

2014-11-26 16:42 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll

2014-11-26 16:42 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll

2014-11-26 16:42 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\ProgramData\Temp:792D4CF1

AlternateDataStreams: C:\Users\broma_000\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\broma_000\SkyDrive.old:ms-properties

AlternateDataStreams: C:\Users\broma_000\Desktop\HP Rebate 1.jpeg:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\broma_000\Desktop\HP Rebate 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

AlternateDataStreams: C:\Users\broma_000\Desktop\HP Rebate 2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b

AlternateDataStreams: C:\Users\broma_000\Desktop\HP Rebate 2.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run: => "XboxStat"

HKLM\...\StartupApproved\Run: => "TouchPalKeyboard"

HKLM\...\StartupApproved\Run: => "TouchPalToolBar"

HKLM\...\StartupApproved\Run: => "Andy"

HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "Reader Application Helper"

HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

HKLM\...\StartupApproved\Run32: => "YouCam Service"

HKLM\...\StartupApproved\Run32: => "DivXUpdate"

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "MessengerPlusForSkypeService"

HKLM\...\StartupApproved\Run32: => "YouCam Service6"

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\StartupFolder: => "Facebook Messenger.lnk"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\StartupFolder: => "EventGhost.lnk"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\Run: => "Facebook Update"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\Run: => "cdloader"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\Run: => "ooVoo.exe"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\Run: => "CAHeadless"

HKU\S-1-5-21-4254226789-487654737-2996639702-1001\...\StartupApproved\Run: => "msnmsgr"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-4254226789-487654737-2996639702-500 - Administrator - Disabled)

broma_000 (S-1-5-21-4254226789-487654737-2996639702-1001 - Administrator - Enabled) => C:\Users\broma_000

Guest (S-1-5-21-4254226789-487654737-2996639702-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-4254226789-487654737-2996639702-1006 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Name: VirtualBox Host-Only Ethernet Adapter

Description: VirtualBox Host-Only Ethernet Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Oracle Corporation

Service: VBoxNetAdp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: VMware Virtual Ethernet Adapter for VMnet1

Description: VMware Virtual Ethernet Adapter for VMnet1

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: VMware, Inc.

Service: VMnetAdapter

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/08/2014 11:00:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mmc.exe, version: 6.3.9600.16384, time stamp: 0x5215ef8f

Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e

Exception code: 0x00000000

Fault offset: 0x000000000000606c

Faulting process id: 0xc70

Faulting application start time: 0xmmc.exe0

Faulting application path: mmc.exe1

Faulting module path: mmc.exe2

Report Id: mmc.exe3

Faulting package full name: mmc.exe4

Faulting package-relative application ID: mmc.exe5

 

Error: (12/08/2014 10:46:43 PM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: netDetect::AOACNetDetect::NetDetectSupported   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x8004625b\n

 

Error: (12/08/2014 00:41:25 AM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: netDetect::AOACNetDetect::NetDetectSupported   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x8004625b\n

 

Error: (12/08/2014 00:31:31 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 22a8

 

Start Time: 01d012a72ac647fd

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report Id: 71f8985b-7e9b-11e4-beeb-6c3be57fb18d

 

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (12/08/2014 00:31:17 AM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: netDetect::AOACNetDetect::NetDetectSupported   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80045205\n

 

Error: (12/08/2014 00:24:01 AM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: netDetect::AOACNetDetect::NetDetectSupported   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x8004625b\n

 

Error: (12/07/2014 09:56:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume \\?\Volume{4ef75fc9-67b0-4504-bd8e-a3e4f2cef5b6}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

Error: (12/07/2014 09:56:44 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: The volume WINRE was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

 

Error: (12/07/2014 09:47:05 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

 

Error: (12/07/2014 09:44:28 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

 

 

System errors:

=============

Error: (12/07/2014 09:27:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/07/2014 09:26:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Store service crack service failed to start due to the following error: 

%%1083

 

Error: (12/07/2014 09:25:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Garmin Core Update Service service failed to start due to the following error: 

%%1053

 

Error: (12/07/2014 09:25:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

 

Error: (12/05/2014 01:34:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

 

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error Code: 21

 

Error: (12/05/2014 00:12:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Remote Procedure Call (RPC) LD service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/05/2014 00:11:57 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Windows\System32\drivers\TrueSight.sys

 

Error: (12/05/2014 00:05:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/05/2014 00:05:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/05/2014 00:05:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Store service crack service failed to start due to the following error: 

%%1083

 

 

Microsoft Office Sessions:

=========================

Error: (12/08/2014 11:00:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mmc.exe6.3.9600.163845215ef8fKERNELBASE.dll6.3.9600.1727853eebf2e00000000000000000000606cc7001d013637515e7a7C:\WINDOWS\system32\mmc.exeC:\WINDOWS\system32\KERNELBASE.dllf7ad330f-7f57-11e4-beeb-6c3be57fb18d

 

Error: (12/08/2014 10:46:43 PM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: netDetect::AOACNetDetect::NetDetectSupported   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x8004625b\n

 

Error: (12/08/2014 00:41:25 AM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: netDetect::AOACNetDetect::NetDetectSupported   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x8004625b\n

 

Error: (12/08/2014 00:31:31 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: LiveComm.exe17.5.9600.2068922a801d012a72ac647fd4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe71f8985b-7e9b-11e4-beeb-6c3be57fb18dmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

 

Error: (12/08/2014 00:31:17 AM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: netDetect::AOACNetDetect::NetDetectSupported   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80045205\n

 

Error: (12/08/2014 00:24:01 AM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: netDetect::AOACNetDetect::NetDetectSupported   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x8004625b\n

 

Error: (12/07/2014 09:56:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: \\?\Volume{4ef75fc9-67b0-4504-bd8e-a3e4f2cef5b6}\The parameter is incorrect. (0x80070057)

 

Error: (12/07/2014 09:56:44 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: WINREThe parameter is incorrect. (0x80070057)

 

Error: (12/07/2014 09:47:05 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe

 

Error: (12/07/2014 09:44:28 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-09-22 21:31:35.205

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-03-18 22:10:47.886

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe that did not meet the Store signing level requirements.

 

  Date: 2013-03-18 22:10:47.746

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe that did not meet the Store signing level requirements.

 

  Date: 2013-03-18 22:10:47.605

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe that did not meet the Store signing level requirements.

 

  Date: 2013-03-18 22:10:47.464

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe that did not meet the Store signing level requirements.

 

  Date: 2013-03-18 22:10:47.324

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe that did not meet the Store signing level requirements.

 

  Date: 2013-03-18 22:10:47.199

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe that did not meet the Store signing level requirements.

 

  Date: 2013-03-18 22:10:47.074

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe that did not meet the Store signing level requirements.

 

  Date: 2013-03-18 22:10:46.917

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe that did not meet the Store signing level requirements.

 

  Date: 2013-03-18 22:10:46.761

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Malwarebytes' Anti-Malware\mbampt.exe that did not meet the Store signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-3517U CPU @ 1.90GHz

Percentage of memory in use: 47%

Total physical RAM: 8088.28 MB

Available physical RAM: 4286.23 MB

Total Pagefile: 16280.28 MB

Available Pagefile: 11806.22 MB

Total Virtual: 131072 MB

Available Virtual: 131071.79 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:443.45 GB) (Free:43.45 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:21.19 GB) (Free:2.57 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 15180F5C)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (Size: 8 GB) (Disk ID: FEECBF9A)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.
 
 
 
 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.
 
 
 
 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

fixlist.txt

Link to post
Share on other sites

Here's all the files:

 

Also yesterday, my location was accessed again as seen in the image. I went to my ProgramData folder, took ownership of the folder because it could not be deleted normally and deleted it. It was called rpcnet. 

 

Also, I ran the application RougeKiller and it dected MBAM to have a Zeus trojan and chrome to have a rootkit as seen in the image. 

Fixlog.txt

Malwarebytes Scan Log.txt

AdwCleanerR0.txt

AdwCleanerR1.txt

AdwCleanerS0.txt

post-179241-0-38264900-1418327215_thumb.

post-179241-0-43569500-1418327290_thumb.

Link to post
Share on other sites

Please go to: VirusTotal

  •  Click the Choose File button.
  •  Please copy/paste the following text into the 'File name:' box:
     
    C:\ProgramData\Rpcnet\Bin\rpcld.exe
  •  Click Open then click the Scan it! button just below.
  •  This will scan the file. Please be patient.
  •  If you get a message saying File already analyzed: click Reanalyse
  •  Once scanned, copy and paste the URL from your browser address bar in your next reply.
Link to post
Share on other sites

 

Please go to: VirusTotal

  •  Click the Choose File button.
  •  Please copy/paste the following text into the 'File name:' box:

     

    C:\ProgramData\Rpcnet\Bin\rpcld.exe
  •  Click Open then click the Scan it! button just below.
  •  This will scan the file. Please be patient.
  •  If you get a message saying File already analyzed: click Reanalyse
  •  Once scanned, copy and paste the URL from your browser address bar in your next reply.

 

I already deleted the file from my computer and it's folder last night. After this my computer has been lagging and freezing more often. I believe that some registry entries are still left from this file but don't know how to entirely check.

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Here are the requested files.

 

Also I had an interesting situation today morning around 2:50 AM. My laptop randomly woke up from sleep. I waited a few seconds and opened my laptop lid. The screen was black and upon clicking a random button (keyboard light up button) the computer immediately went back to sleep. The screen never lit up through the whole process.

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.