Jump to content

Zeus (zbot)


Recommended Posts

sometime in the last two weeks one of our computers contracted the Zeus(zbot) infection. I have scanned every computer with malwarebytes and several other scanners, but have yet to find any signs of infection. We have been(and are currently) blacklisted three times in the last two weeks. How can I get rid of something that I can't see? According to abuseat.org, the last time a computer here connected to the sinkhole was 2:30 A.M. this morning. Any help would be appreciated.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015

Ran by Roger (administrator) on TECHLAPTOP (04-12-2015 10:47:10)

Running from C:\Users\roger\Downloads\zbot removal

Loaded Profiles: Roger (Available Profiles: Rodge & bryan & Roger & DefaultAppPool)

Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe

(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.HPWJA\MSSQL\Binn\sqlservr.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PDFProFiltSrv.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

() C:\Program Files\TrueColor\TrueColorALS.exe

() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe

(Microsoft Corporation) C:\Windows\System32\vmms.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe

(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe

(Akamai Technologies, Inc.) C:\Users\roger\AppData\Local\Akamai\netsession_win.exe

(Octoshape ApS) C:\Users\roger\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

(Akamai Technologies, Inc.) C:\Users\roger\AppData\Local\Akamai\netsession_win.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [TrueColor UI] => 0

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)

HKLM-x32\...\Run: [PDF8 Registry Controller] => C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\RegistryController.exe [179600 2012-11-19] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\pdfpro8hook.exe [1029520 2012-11-19] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [inboxMonitor] => C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\InboxMonitor.exe [151552 2012-11-19] ()

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286784 2015-09-14] (RealNetworks, Inc.)

HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [614464 2015-07-27] ()

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)

HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3213824 2015-12-02] (Malwarebytes)

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Run: [Google Update] => C:\Users\roger\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Run: [MusicManager] => C:\Users\roger\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-08-13] (Google Inc.)

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Run: [F2947816B2ECFA44C1388245240A24D51354182A._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Run: [Akamai NetSession Interface] => C:\Users\roger\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Run: [PCShowServer] => C:\Users\roger\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632752 2015-08-23] (Cisco)

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Run: [Octoshape Streaming Services] => C:\Users\roger\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Run: [GoogleChromeAutoLaunch_CBCF848503FDC6DD1FF9C5BFC2201ED4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\MountPoints2: {46db89f1-431a-11e4-8278-a0a8cd7b1b36} - "F:\LaunchU3.exe" 

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)

ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)

ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)

ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)

ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-07-13]

ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-09-14]

ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

Startup: C:\Users\Rodge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar142.lnk [2014-07-25]

ShortcutTarget: Sidebar142.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.63.93 192.168.63.97

Tcpip\..\Interfaces\{0555F44F-6B32-4638-AF40-C7F78C904FEB}: [DhcpNameServer] 192.168.63.93 192.168.63.97

Tcpip\..\Interfaces\{1F3FE2BC-E65B-41B4-9D99-64C659DA6141}: [DhcpNameServer] 192.168.63.93 192.168.63.97 192.168.63.90

Tcpip\..\Interfaces\{89552440-84FA-471A-BABA-F8DD505C6F11}: [DhcpNameServer] 192.168.43.1

Tcpip\..\Interfaces\{9FE64924-58EF-4E81-AAEA-8217B67AC542}: [DhcpNameServer] 192.168.63.93 192.168.63.97

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\.DEFAULT -> DefaultScope {1478D04A-0D25-4DF9-9F5A-2BD499A6E254} URL = 

SearchScopes: HKU\.DEFAULT -> {1478D04A-0D25-4DF9-9F5A-2BD499A6E254} URL = 

SearchScopes: HKU\S-1-5-21-435509993-2219368938-1573232648-2701 -> DefaultScope {6836EAF1-C8D2-4440-85A1-349B5494AD64} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKU\S-1-5-21-435509993-2219368938-1573232648-2701 -> {6836EAF1-C8D2-4440-85A1-349B5494AD64} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)

BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)

BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)

Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)

IE Session Restore: HKU\S-1-5-21-435509993-2219368938-1573232648-2701 -> is enabled.

DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB

DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxps://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1406653544492

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP7EP2-4/support/ieatgpc1.cab

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\roger\AppData\Roaming\Mozilla\Firefox\Profiles\z3ecqyqs.default

FF DefaultSearchEngine: Google

FF DefaultSearchEngine.US: Google

FF SelectedSearchEngine: Google

FF Homepage: hxxps://eservice.toshiba-solutions.com/Account/LogOn?ReturnUrl=%2fDevice%3ftabIndex%3d1%26sortBy%3dRecentViolations%26ascending%3dFalse%26page%3d0%26updateSortBy%3dCustomer%26updateAscending%3dFalse%26updatePage%3d0%26inactiveSortBy%3dRegisterStatus%26inactiveAscending%3dFalse%26inactivePage%3d0%26refresh%3dtrue%26groupID%3d0%26groupName%3dDevices%26curPageSize%3d50&tabIndex=1&sortBy=RecentViolations&ascending=False&page=0&updateSortBy=Customer&updateAscending=False&updatePage=0&inactiveSortBy=RegisterStatus&inactiveAscending=False&inactivePage=0&refresh=true&groupID=0&groupName=Devices&curPageSize=50

FF Session Restore: -> is enabled.

FF Keyword.URL: 

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()

FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-28] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-09-14] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-09-14] (RealTimes)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\nppdf.dll [2012-07-31] (Zeon Corporation)

FF Plugin HKU\S-1-5-21-435509993-2219368938-1573232648-2701: @citrixonline.com/appdetectorplugin -> C:\Users\roger\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-24] (Citrix Online)

FF Plugin HKU\S-1-5-21-435509993-2219368938-1573232648-2701: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\roger\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)

FF Plugin HKU\S-1-5-21-435509993-2219368938-1573232648-2701: @talk.google.com/GoogleTalkPlugin -> C:\Users\roger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-435509993-2219368938-1573232648-2701: @talk.google.com/O1DPlugin -> C:\Users\roger\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-435509993-2219368938-1573232648-2701: @tools.google.com/Google Update;version=3 -> C:\Users\roger\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin HKU\S-1-5-21-435509993-2219368938-1573232648-2701: @tools.google.com/Google Update;version=9 -> C:\Users\roger\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)

FF Plugin HKU\S-1-5-21-435509993-2219368938-1573232648-2701: NDS.com/PlayerPlugin -> C:\Users\roger\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [No File]

FF Plugin ProgramFiles/Appdata: C:\Users\roger\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-15] (Cisco WebEx LLC)

FF Plugin ProgramFiles/Appdata: C:\Users\roger\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\roger\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\roger\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-10-31] (Octoshape ApS)

FF Extension: PDF Converter - C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\FireFox [2015-08-13] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

 

Chrome: 

=======

CHR NewTab: Default -> "chrome-extension://ggkdejmoejfpdokilakbnofpenckoank/ahq.html","chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"

CHR Profile: C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]

CHR Extension: (Google Drive) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigbpblmkdhhfjmcmcifkncojflojngc [2014-07-28]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2015-11-30]

CHR Extension: (YouTube) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-20]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2014-12-23]

CHR Extension: (Google Search) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-12-03]

CHR Extension: (__MSG_PRODUCT_NAME__) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-04]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig [2015-11-30]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkdejmoejfpdokilakbnofpenckoank [2015-09-09]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]

CHR Extension: (Hotcoolicious) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbaiecpeigjplekifkboiomcdmmbnmnb [2014-07-28]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-07-27]

CHR Extension: (Ubiquiti Device Discovery Tool) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmpigflbjeapnknladcfphgkemopofig [2015-11-25]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2015-11-30]

CHR Extension: (Google Play Music) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-01-21]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego [2015-11-30]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkmfdileelhofjcijamephohjechhna [2014-12-15]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2014-09-21]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\kokekkjinjjhogejegmdpledkflcifdo [2014-07-28]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-04]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm [2014-07-28]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2015-11-30]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-08-26]

CHR Extension: (Chrome Web Store Payments) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-12-04]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcofehgfaeaakklkbahafjoifnaagecj [2014-08-14]

CHR Extension: (Store) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelajmednaeapedcjbgfefjjegbipcdo [2014-07-28]

CHR Extension: (Gmail) - C:\Users\roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

CHR HKU\S-1-5-21-435509993-2219368938-1573232648-2701\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)

R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)

R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)

R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)

S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)

R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)

S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2015-10-26] (Citrix Online, a division of Citrix Systems, Inc.)

R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)

R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [120016 2014-04-04] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)

R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2014-07-25] (Microsoft Corporation)

R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)

R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-10-03] ()

S3 iumsvc; c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL11.HPWJA\MSSQL\Binn\sqlservr.exe [194240 2015-05-05] (Microsoft Corporation)

R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()

R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PDFProFiltSrv.exe [135056 2012-11-19] (Nuance Communications, Inc.)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()

R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-14] (RealNetworks, Inc.)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-06] (Realtek Semiconductor)

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)

S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL11.HPWJA\MSSQL\Binn\SQLAGENT.EXE [613056 2015-05-05] (Microsoft Corporation)

R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)

R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336616 2014-03-06] (Dell SonicWALL, Inc.)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)

R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [93648 2014-10-17] ()

R2 vmms; C:\Windows\system32\vmms.exe [13784064 2015-03-31] (Microsoft Corporation)

S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()

R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)

U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2015-11-19] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)

R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-03] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)

R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)

R1 DNE; C:\Windows\system32\DRIVERS\dnelwf64.sys [133456 2013-10-03] (Citrix Systems, Inc.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-11-19] (Emsisoft GmbH)

R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)

R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68952 2015-05-11] (Microsoft Corporation)

R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [186064 2014-04-04] (Intel Corporation)

R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()

R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()

R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()

R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()

S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2014-11-10] (Microsoft Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)

S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-28] (Microsoft Corporation)

R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2015-03-09] (Intel Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)

S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2014-11-10] (Microsoft Corporation)

S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)

S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2014-11-10] (Microsoft Corporation)

R3 ROCKEYNT; C:\Windows\system32\DRIVERS\Rockey4.sys [25600 2015-04-07] (Feitian Technologies Co., Ltd.)

S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)

R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)

R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [26624 2014-03-22] (Synaptics Incorporated)

R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [110064 2014-03-06] (Dell SonicWALL, Inc.)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)

S3 USA19H; C:\Windows\system32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)

S3 USA19HP; C:\Windows\system32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)

S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-11-10] (Microsoft Corporation)

R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)

S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)

S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)

S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]

S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]

S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]

S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]

S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]

S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-12-04 10:21 - 2015-12-04 10:47 - 00000000 ____D C:\FRST

2015-12-04 10:17 - 2015-12-04 10:17 - 00688992 _____ (Swearware) C:\Users\roger\Downloads\87E8.tmp

2015-12-03 15:45 - 2015-12-03 15:45 - 00000149 _____ C:\Users\roger\Desktop\kd quote.txt

2015-12-03 14:43 - 2015-12-03 14:43 - 00000148 _____ C:\Users\roger\Desktop\Split-Brain DNS Deployment Using Windows DNS Server Policies - Microsoft Enterprise Networking Team - Site Home - TechNet Blogs.url

2015-12-03 14:43 - 2015-12-03 14:43 - 00000133 _____ C:\Users\roger\Desktop\How to implement DMARC in your organization - Network World.url

2015-12-03 14:43 - 2015-12-03 14:43 - 00000109 _____ C:\Users\roger\Desktop\Adding DMARC support to Exchange - Exchange Antispam.url

2015-12-03 14:42 - 2015-12-03 14:42 - 00000152 _____ C:\Users\roger\Desktop\EdgeMAX - InterVLAN Walkthrough with ERLite-3 using Sample Enterprise Topology – Ubiquiti Networks Support and Help Center.url

2015-12-03 14:42 - 2015-12-03 14:42 - 00000119 _____ C:\Users\roger\Desktop\Audience Overview - Google Analytics.url

2015-12-03 14:42 - 2015-12-03 14:42 - 00000118 _____ C:\Users\roger\Desktop\Cisco Networking All-in-One For Dummies Cheat Sheet - For Dummies.url

2015-12-02 15:42 - 2015-12-02 15:44 - 00276808 _____ C:\TDSSKiller.3.1.0.7_02.12.2015_15.42.39_log.txt

2015-12-02 11:44 - 2015-12-02 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard

2015-12-02 11:44 - 2015-12-02 11:44 - 00000000 ____D C:\Windows\system32\Drivers\NBRTWizardx64

2015-12-02 11:44 - 2015-12-02 11:44 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard

2015-12-02 11:43 - 2015-12-02 11:43 - 00000000 ____D C:\ProgramData\NortonInstaller

2015-12-02 11:43 - 2015-12-02 11:43 - 00000000 ____D C:\Program Files (x86)\NortonInstaller

2015-12-02 11:42 - 2015-12-02 11:42 - 00001394 _____ C:\Users\roger\Desktop\Norton Installation Files.lnk

2015-12-02 11:42 - 2015-12-02 11:42 - 00000000 ____D C:\Users\Public\Downloads\Norton

2015-12-02 11:20 - 2015-06-29 12:25 - 2065694720 _____ C:\Users\roger\Desktop\SW_DVD9_Windows_Svr_Std_and_DataCtr_2012_R2_64Bit_English_-4_MLF_X19-82891.ISO

2015-12-02 10:43 - 2015-12-02 10:44 - 00000000 ____D C:\ProgramData\F-Secure

2015-12-02 10:43 - 2015-12-02 10:43 - 00000000 ____D C:\Users\roger\AppData\Local\F-Secure

2015-12-02 09:53 - 2015-12-02 09:53 - 00001555 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk

2015-12-02 09:53 - 2015-12-02 09:53 - 00001543 _____ C:\Users\Public\Desktop\Wireshark.lnk

2015-12-02 09:53 - 2015-12-02 09:53 - 00000000 ____D C:\Program Files\Wireshark

2015-12-02 08:52 - 2015-12-02 08:52 - 00134666 _____ C:\Users\roger\Desktop\Doc2.pdf

2015-12-01 15:15 - 2015-12-01 15:15 - 00001283 _____ C:\Users\roger\Desktop\ZBot Trojan Remover.lnk

2015-12-01 15:15 - 2015-12-01 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks

2015-12-01 15:15 - 2015-12-01 15:15 - 00000000 ____D C:\Program Files (x86)\NoVirusThanks

2015-12-01 09:01 - 2015-12-01 09:01 - 00001996 _____ C:\Users\Public\Desktop\DDMS.lnk

2015-11-30 15:51 - 2015-11-30 15:51 - 00000000 ____D C:\Users\roger\AppData\Local\GWX

2015-11-30 15:49 - 2015-10-08 11:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll

2015-11-30 15:49 - 2015-10-08 10:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll

2015-11-30 15:25 - 2015-11-30 15:31 - 00000000 ___HD C:\$Windows.~BT

2015-11-30 15:23 - 2015-11-30 15:23 - 00000000 ___HD C:\$Windows.~WS

2015-11-30 13:02 - 2015-12-02 15:46 - 00000879 _____ C:\Users\roger\Desktop\JRT.txt

2015-11-30 13:00 - 2015-11-30 13:00 - 01599336 _____ (Malwarebytes) C:\Users\roger\Downloads\JRT.exe

2015-11-30 12:53 - 2015-11-30 12:53 - 01736704 _____ C:\Users\roger\Downloads\adwcleaner_5.023.exe

2015-11-30 11:48 - 2015-12-02 15:54 - 00001684 _____ C:\Users\roger\Desktop\Rkill.txt

2015-11-30 11:47 - 2015-11-30 11:47 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\roger\Downloads\iExplore.exe

2015-11-30 11:46 - 2015-11-30 11:47 - 00275496 _____ C:\TDSSKiller.3.1.0.7_30.11.2015_11.46.19_log.txt

2015-11-30 11:29 - 2015-11-30 11:29 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\roger\Downloads\tdsskiller.exe

2015-11-30 11:28 - 2015-11-30 11:28 - 00151524 ____H C:\Windows\SysWOW64\mlfcache.dat

2015-11-30 10:33 - 2015-11-30 10:33 - 00000000 ____D C:\Windows\pss

2015-11-27 14:19 - 2015-09-30 14:28 - 09986504 _____ (Nota Inc. ) C:\Users\roger\Downloads\Gyazo-3.1.6.exe

2015-11-26 12:58 - 2015-11-26 12:58 - 00000088 _____ C:\Users\roger\.ubnt-discovery.properties

2015-11-25 16:32 - 2015-11-26 12:58 - 00016869 _____ C:\Users\roger\Desktop\Doc1.pdf

2015-11-25 16:23 - 2015-11-25 16:29 - 00000000 ____D C:\Users\roger\Downloads\ubnt-discovery-v2.4.1

2015-11-25 16:22 - 2015-11-25 16:22 - 00144375 _____ C:\Users\roger\Downloads\ubnt-discovery-v2.4.1.zip

2015-11-25 14:43 - 2015-11-25 16:11 - 00000600 _____ C:\Users\roger\AppData\Local\PUTTY.RND

2015-11-25 14:21 - 2015-11-25 14:21 - 00013536 _____ C:\ProgramData\SMRResults501.dat

2015-11-25 10:18 - 2015-11-25 10:18 - 00002152 _____ C:\Users\roger\Downloads\nat_hairping_config.tar.gz

2015-11-25 10:04 - 2015-11-25 11:44 - 00000000 ____D C:\Users\roger\Desktop\New folder (3)

2015-11-23 11:52 - 2015-11-23 11:52 - 00013292 _____ C:\Users\roger\Downloads\USERINFO_151123.csv

2015-11-23 10:20 - 2015-11-23 10:20 - 00027740 _____ C:\Users\roger\Downloads\CLONE_DATA_151123.enc

2015-11-23 10:13 - 2015-11-23 10:13 - 04720725 _____ C:\Users\roger\Downloads\USER_ROLE_GROUP_ALLCOUNT_151123.xml

2015-11-23 09:17 - 2015-11-23 09:17 - 00000000 _____ C:\Windows\system32\lic2.xml17964

2015-11-19 16:10 - 2015-11-25 14:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-11-19 15:58 - 2015-11-19 15:58 - 00000242 _____ C:\Users\roger\Desktop\Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner.URL

2015-11-19 12:55 - 2015-11-19 12:55 - 00000757 _____ C:\Users\roger\Desktop\Start Emsisoft Emergency Kit.lnk

2015-11-19 12:54 - 2015-12-02 15:47 - 00000000 ____D C:\EEK

2015-11-19 12:33 - 2015-12-04 10:24 - 00000000 ____D C:\Users\roger\Downloads\zbot removal

2015-11-19 12:22 - 2015-11-19 12:22 - 04376066 _____ C:\Users\roger\Downloads\tdsskiller.zip

2015-11-19 12:22 - 2015-11-19 12:22 - 00000000 ____D C:\Users\roger\Downloads\tdsskiller

2015-11-19 12:17 - 2015-11-25 14:20 - 00012136 _____ C:\Windows\ntbtlog.txt

2015-11-19 12:14 - 2015-11-19 12:14 - 02494944 _____ (Trend Micro Inc.) C:\Users\roger\Downloads\F844.tmp

2015-11-19 12:01 - 2015-11-19 12:01 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys

2015-11-19 11:58 - 2015-11-19 11:58 - 00000000 _____ C:\Windows\system32\vmg98BC.tmp

2015-11-19 11:58 - 2015-11-19 11:58 - 00000000 _____ C:\Windows\system32\vmg98AB.tmp

2015-11-19 11:52 - 2015-11-19 11:54 - 00000000 ____D C:\NPE

2015-11-19 11:47 - 2015-12-02 11:45 - 00000000 ____D C:\ProgramData\Norton

2015-11-19 11:47 - 2015-11-19 12:09 - 00000000 ____D C:\Users\roger\AppData\Local\NPE

2015-11-19 11:47 - 2015-11-19 11:47 - 03088296 _____ (Symantec Corporation) C:\Users\roger\Downloads\NPE.exe

2015-11-19 09:18 - 2015-11-19 09:18 - 00001444 _____ C:\Users\roger\Documents\DAMaintenanceReportServlet7cd25c0d

2015-11-19 09:18 - 2015-11-19 09:18 - 00000530 _____ C:\Users\roger\Documents\DAMaintenanceReportServleta15000a0

2015-11-19 08:37 - 2015-11-19 08:36 - 00003065 _____ C:\Users\roger\Downloads\cpub-RIBON-FullDesktop-CmsRdsh.rdp

2015-11-19 08:08 - 2015-11-19 08:08 - 18354264 _____ C:\Users\roger\Downloads\AC23.tmp

2015-11-18 12:37 - 2015-11-18 12:37 - 00026348 _____ C:\Users\roger\Downloads\CLONE_DATA_151118-1.enc

2015-11-18 12:36 - 2015-11-18 12:36 - 00026348 _____ C:\Users\roger\Downloads\CLONE_DATA_151118.enc

2015-11-18 10:05 - 2015-11-18 10:05 - 02348370 _____ C:\Users\roger\Downloads\USER_ROLE_GROUP_ALLCOUNT_151118.xml

2015-11-18 09:22 - 2015-11-18 09:28 - 00002799 ____T C:\Windows\system32\lic2tmp.xml28322

2015-11-17 15:38 - 2015-11-17 15:38 - 20307348 _____ C:\Users\roger\Documents\Beginning HTML5 and CSS3.pdf

2015-11-17 14:32 - 2015-11-17 14:32 - 00000000 ____D C:\Users\roger\Desktop\New folder (2)

2015-11-13 17:17 - 2015-11-13 17:17 - 00000000 ____D C:\ProgramData\GZ

2015-11-13 14:04 - 2015-11-13 14:04 - 00004036 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask

2015-11-13 14:04 - 2015-11-13 14:04 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask

2015-11-13 14:04 - 2015-11-13 14:04 - 00003226 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest

2015-11-13 14:04 - 2015-11-13 14:04 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows

2015-11-13 14:04 - 2015-11-13 14:04 - 00000000 ____D C:\Program Files\Dell Support Center

2015-11-13 13:51 - 2015-11-13 13:51 - 00038528 _____ C:\Users\roger\Desktop\rtr config.txt

2015-11-13 13:25 - 2015-11-13 13:25 - 00807424 _____ C:\Users\roger\Downloads\RDCMan.msi

2015-11-13 09:45 - 2015-11-13 09:45 - 00025747 _____ C:\Users\roger\Downloads\CLONE_DATA_151113-1.enc

2015-11-13 09:43 - 2015-11-13 09:43 - 00025808 _____ C:\Users\roger\Downloads\CLONE_DATA_151113.enc

2015-11-13 09:38 - 2015-11-13 09:38 - 01997672 _____ C:\Users\roger\Downloads\USER_ROLE_GROUP_ALLCOUNT_151113.xml

2015-11-12 17:17 - 2015-10-20 16:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-11-12 17:17 - 2015-10-20 09:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-11-12 17:17 - 2015-10-20 09:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-11-12 17:17 - 2015-10-20 09:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-11-12 17:17 - 2015-10-20 09:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2015-11-12 17:17 - 2015-10-20 09:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-11-12 17:17 - 2015-10-20 09:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-11-12 17:17 - 2015-10-20 09:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-11-12 17:17 - 2015-10-20 09:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-11-12 17:17 - 2015-10-20 09:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-11-12 17:17 - 2015-10-20 09:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-11-12 17:17 - 2015-10-20 09:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-11-12 17:00 - 2015-11-12 17:00 - 00000000 ____D C:\Users\roger\Desktop\New folder

2015-11-12 15:45 - 2015-11-12 15:45 - 00000000 ____D C:\Users\roger\AppData\Roaming\Colasoft Packet Player

2015-11-12 15:45 - 2015-11-12 15:45 - 00000000 ____D C:\Users\roger\AppData\Roaming\Colasoft MAC Scanner

2015-11-12 15:23 - 2015-11-12 15:23 - 00002634 _____ C:\Windows\System32\Tasks\bytefenceupdate

2015-11-12 15:23 - 2015-11-12 15:23 - 00000296 _____ C:\Windows\Tasks\bytefenceupdate.job

2015-11-12 13:11 - 2015-11-12 13:11 - 00029789 _____ C:\Users\roger\Downloads\settingfile.ucf

2015-11-12 13:11 - 2015-11-12 13:11 - 00002935 _____ C:\Users\roger\Downloads\authfile.ucf

2015-11-12 13:06 - 2015-11-12 13:06 - 00000000 ____D C:\Users\roger\Downloads\New folder

2015-11-12 13:05 - 2015-11-12 13:11 - 00005673 _____ C:\Users\roger\Downloads\shortcutsfile.ucf

2015-11-12 09:40 - 2015-10-13 10:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll

2015-11-12 09:40 - 2015-10-13 10:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll

2015-11-12 09:40 - 2015-10-13 10:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-11-12 09:40 - 2015-10-13 10:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-11-12 09:40 - 2015-10-13 10:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll

2015-11-12 09:40 - 2015-10-13 10:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll

2015-11-12 09:40 - 2015-10-11 01:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-11-12 09:40 - 2015-10-11 01:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-11-12 09:40 - 2015-10-10 13:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-11-12 09:40 - 2015-10-10 13:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-11-12 09:40 - 2015-10-10 13:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2015-11-12 09:40 - 2015-10-10 12:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-11-12 09:40 - 2015-10-10 12:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-11-12 09:40 - 2015-10-10 12:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2015-11-12 09:40 - 2015-10-10 11:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-11-12 09:39 - 2015-10-13 12:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2015-11-12 09:39 - 2015-10-13 12:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-11-12 09:38 - 2015-11-05 08:10 - 01398104 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe

2015-11-12 09:38 - 2015-11-05 08:10 - 01367384 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe

2015-11-12 09:37 - 2015-10-15 11:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-11-12 09:37 - 2015-10-15 10:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-11-12 09:35 - 2015-10-14 18:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-11-12 09:35 - 2015-10-14 18:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-11-12 09:35 - 2015-10-14 18:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-11-12 09:35 - 2015-10-14 18:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-11-12 09:35 - 2015-10-14 18:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2015-11-12 09:33 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-11-12 09:33 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-11-12 09:33 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-11-12 09:33 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-11-12 09:33 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-11-12 09:33 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-11-12 09:33 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-11-12 09:33 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-11-12 09:33 - 2015-10-30 17:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-11-12 09:33 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-11-12 09:33 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-11-12 09:33 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-11-12 09:33 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-11-12 09:33 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-11-12 09:33 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-11-12 09:33 - 2015-10-30 17:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2015-11-12 09:33 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-11-12 09:33 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-11-12 09:33 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-11-12 09:33 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-11-12 09:33 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-11-12 09:33 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-11-12 09:33 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-11-12 09:33 - 2015-10-17 09:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-11-12 09:28 - 2015-10-08 11:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2015-11-11 13:45 - 2015-11-11 13:46 - 00000000 ____D C:\Users\roger\Downloads\mailserver

2015-11-11 10:29 - 2015-11-11 10:29 - 02671709 _____ C:\Users\roger\Downloads\USER_ROLE_GROUP_ALLCOUNT_151111.xml

2015-11-10 14:56 - 2015-11-10 14:56 - 00149669 _____ C:\Users\roger\Downloads\CA15.tmp

2015-11-09 16:00 - 2015-11-09 16:00 - 11048529 _____ C:\Users\roger\Downloads\GSiteCrawler-123-full.exe

2015-11-09 15:33 - 2015-11-09 15:33 - 01274880 _____ C:\Users\roger\Downloads\sitemap_win-beta1-20091231.msi

2015-11-07 19:02 - 2015-11-07 19:02 - 00002384 _____ C:\Users\roger\Desktop\trdc.rdp

2015-11-07 12:30 - 2015-11-07 12:30 - 00000280 _____ C:\Users\roger\Downloads\cumberla.asx

2015-11-07 12:28 - 2015-11-07 12:28 - 00000101 _____ C:\Users\roger\Downloads\playlist.pls

2015-11-07 12:24 - 2015-11-07 12:24 - 00000280 _____ C:\Users\roger\Downloads\playlist.asx

2015-11-07 12:24 - 2015-11-07 12:24 - 00000027 _____ C:\Users\roger\Downloads\playlist.ram

2015-11-06 17:06 - 2015-11-06 17:06 - 00046556 _____ C:\Users\roger\Downloads\7ECF.tmp

2015-11-05 10:26 - 2015-11-05 10:26 - 00012321 _____ C:\Users\roger\Documents\NX_faculty.csv

2015-11-05 10:04 - 2015-11-05 10:04 - 00000310 _____ C:\Users\roger\Downloads\ADDR_151105.csv

2015-11-04 11:11 - 2015-11-04 11:11 - 05637361 _____ (Swearware) C:\Users\roger\Downloads\ComboFix.exe

2015-11-04 10:56 - 2015-11-04 10:56 - 00388608 _____ (Trend Micro Inc.) C:\Users\roger\Downloads\HijackThis.exe

2015-11-04 08:15 - 2015-11-04 08:15 - 00051529 _____ C:\Users\roger\Downloads\28C3.tmp

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-12-04 10:47 - 2013-08-22 08:36 - 00000000 ____D C:\Windows

2015-12-04 10:26 - 2015-08-20 12:28 - 00000588 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-435509993-2219368938-1573232648-2701.job

2015-12-04 10:20 - 2014-12-18 14:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-12-04 10:17 - 2014-07-29 10:33 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-435509993-2219368938-1573232648-2701UA.job

2015-12-04 10:16 - 2015-06-22 13:28 - 00000000 ____D C:\Users\roger\Documents\Outlook Files

2015-12-04 10:00 - 2014-07-25 09:13 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-12-04 09:43 - 2015-08-20 12:28 - 00000684 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-435509993-2219368938-1573232648-2701.job

2015-12-04 09:31 - 2014-07-25 12:54 - 00000264 _____ C:\Windows\system32\config\netlogon.ftl

2015-12-04 09:23 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness

2015-12-04 09:22 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps

2015-12-04 09:03 - 2014-07-28 09:44 - 00000000 ____D C:\Users\roger\AppData\Roaming\DDMS

2015-12-04 07:58 - 2014-07-25 15:06 - 00000000 ____D C:\Users\roger\AppData\Local\Packages

2015-12-04 07:38 - 2014-07-13 15:50 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery

2015-12-04 07:36 - 2014-07-25 15:36 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1572F812-1261-43EB-B208-2346288C68F9}

2015-12-04 07:34 - 2014-07-29 07:38 - 00000000 ___RD C:\Users\roger\Google Drive

2015-12-04 07:34 - 2014-07-25 09:13 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-12-04 07:34 - 2014-03-18 04:53 - 01083330 _____ C:\Windows\system32\PerfStringBackup.INI

2015-12-04 07:34 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf

2015-12-04 07:33 - 2014-07-25 15:19 - 00000000 __RDO C:\Users\roger\OneDrive

2015-12-04 07:33 - 2014-07-25 15:06 - 00000000 __SHD C:\Users\roger\IntelGraphicsProfiles

2015-12-03 15:48 - 2014-11-10 14:19 - 27590656 _____ C:\Windows\system32\vmguest.iso

2015-12-03 15:48 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\inetsrv

2015-12-03 15:46 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-12-03 15:45 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI

2015-12-03 13:17 - 2014-07-29 10:33 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-435509993-2219368938-1573232648-2701Core.job

2015-12-03 08:26 - 2014-07-25 15:12 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-435509993-2219368938-1573232648-2701

2015-12-02 16:56 - 2014-07-28 07:16 - 00002332 ____H C:\Users\roger\Documents\Default.rdp

2015-12-02 16:46 - 2014-09-30 10:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-12-02 15:58 - 2014-09-30 10:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-12-02 15:40 - 2013-08-22 09:44 - 00380584 _____ C:\Windows\system32\FNTCACHE.DAT

2015-12-02 09:21 - 2015-10-09 12:39 - 00000000 ____D C:\Users\roger\Downloads\router

2015-12-02 08:18 - 2014-11-07 08:16 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

2015-12-02 08:18 - 2014-08-30 09:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2015-12-01 11:59 - 2014-08-01 07:24 - 00000000 ____D C:\Users\roger\Downloads\Toshiba Backups

2015-12-01 09:01 - 2014-07-28 09:42 - 00002007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Set DDMS Server.lnk

2015-12-01 09:01 - 2014-07-28 09:42 - 00002002 _____ C:\ProgramData\Microsoft\Windows\Start Menu\DDMS.lnk

2015-12-01 09:01 - 2014-07-28 09:42 - 00002001 _____ C:\Users\Public\Desktop\Set DDMS Server.lnk

2015-12-01 09:01 - 2014-07-28 09:42 - 00001995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\DDMS ELFView.lnk

2015-11-30 15:56 - 2014-08-05 10:13 - 00000000 ____D C:\Users\roger\AppData\Local\CrashDumps

2015-11-30 15:55 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp

2015-11-30 15:31 - 2015-08-04 15:01 - 00001908 _____ C:\Windows\diagwrn.xml

2015-11-30 15:31 - 2015-08-04 15:01 - 00001908 _____ C:\Windows\diagerr.xml

2015-11-30 15:31 - 2014-07-13 15:47 - 00000000 ____D C:\Windows\Panther

2015-11-30 12:08 - 2015-07-06 08:27 - 00000000 ____D C:\Users\bryan

2015-11-30 12:08 - 2014-08-25 12:57 - 00000000 ____D C:\Users\DefaultAppPool

2015-11-30 12:08 - 2014-07-24 14:16 - 00000000 ____D C:\Users\Rodge

2015-11-30 10:29 - 2014-07-25 12:55 - 00018035 __RSH C:\ProgramData\ntuser.pol

2015-11-30 07:07 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF

2015-11-30 07:01 - 2014-07-29 07:22 - 00002060 _____ C:\Users\Public\Desktop\Google Slides.lnk

2015-11-30 07:01 - 2014-07-29 07:22 - 00002058 _____ C:\Users\Public\Desktop\Google Sheets.lnk

2015-11-30 07:01 - 2014-07-29 07:22 - 00002048 _____ C:\Users\Public\Desktop\Google Docs.lnk

2015-11-30 07:01 - 2014-07-29 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-11-27 13:07 - 2015-08-20 12:28 - 00003692 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-435509993-2219368938-1573232648-2701

2015-11-27 13:07 - 2015-08-20 12:28 - 00003596 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-435509993-2219368938-1573232648-2701

2015-11-27 13:02 - 2015-10-31 12:02 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2015-11-26 12:58 - 2014-07-25 15:06 - 00000000 ____D C:\Users\roger

2015-11-25 16:23 - 2014-10-29 15:16 - 00000000 ____D C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

2015-11-25 14:21 - 2015-04-08 12:54 - 00000000 ____D C:\Program Files\Shareaza

2015-11-25 14:21 - 2014-11-17 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-11-25 08:24 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2015-11-25 08:19 - 2014-07-25 13:21 - 00000000 ____D C:\Program Files\Microsoft Office 15

2015-11-24 13:59 - 2014-10-24 08:28 - 00000000 ____D C:\Users\roger\AppData\Local\Citrix

2015-11-20 07:35 - 2015-08-03 10:01 - 00000000 ____D C:\Users\roger\Downloads\adobe_flash_player

2015-11-19 18:01 - 2014-09-08 08:21 - 00000000 ____D C:\ProgramData\Oracle

2015-11-19 17:45 - 2015-04-29 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-11-19 17:45 - 2014-09-08 08:20 - 00000000 ____D C:\Program Files (x86)\Java

2015-11-19 17:44 - 2015-08-31 06:54 - 00000000 ____D C:\Users\roger\.oracle_jre_usage

2015-11-19 17:44 - 2015-04-29 14:08 - 00000000 ____D C:\Program Files\Java

2015-11-19 17:43 - 2015-04-29 14:09 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-11-19 16:08 - 2015-06-09 15:13 - 00000000 ____D C:\Users\roger\Documents\windows 10

2015-11-19 14:11 - 2015-07-21 21:06 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-11-19 14:11 - 2014-09-30 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-11-19 10:49 - 2014-09-25 10:20 - 00000000 ____D C:\Users\roger\Documents\Toshiba

2015-11-19 08:37 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\FxsTmp

2015-11-17 08:32 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache

2015-11-16 09:11 - 2015-04-07 09:31 - 00000000 ___SD C:\Windows\system32\GWX

2015-11-16 09:02 - 2015-04-07 09:31 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-11-13 14:04 - 2014-07-13 15:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

2015-11-13 13:25 - 2014-07-31 08:12 - 00002919 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Desktop Connection Manager.lnk

2015-11-13 13:25 - 2014-07-31 08:12 - 00000000 ____D C:\Program Files (x86)\Remote Desktop Connection Manager

2015-11-13 13:07 - 2014-07-28 07:27 - 00000000 ____D C:\Windows\system32\MRT

2015-11-13 12:17 - 2014-07-28 07:27 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-11-12 15:45 - 2015-09-21 14:14 - 00000000 ____D C:\ProgramData\Colasoft Capsa 8 Free

2015-11-12 15:45 - 2015-08-03 10:03 - 00000000 ____D C:\Users\roger\AppData\Local\{4E3A7866-6A92-14DE-070A-31362362CDAE}

2015-11-12 09:45 - 2014-08-01 09:10 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-11-12 09:38 - 2014-07-25 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-11-12 08:03 - 2014-07-25 09:14 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-11-11 14:20 - 2014-12-18 14:45 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-11-10 14:52 - 2014-11-13 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

2015-11-07 12:31 - 2014-07-25 12:45 - 00000000 ___RD C:\Users\Public\Recorded TV

2015-11-07 12:25 - 2014-08-13 10:58 - 00000000 ____D C:\Users\roger\AppData\Roaming\Real

2015-11-04 08:57 - 2014-09-24 14:03 - 00000000 ____D C:\Users\roger\AppData\Local\Apple Computer

 

==================== Files in the root of some directories =======

 

2015-01-21 13:57 - 2015-08-10 14:30 - 0000812 _____ () C:\Users\roger\AppData\Roaming\burnaware.ini

2015-01-21 14:05 - 2015-01-21 14:05 - 0000031 _____ () C:\Users\roger\AppData\Local\burnaware.ini

2015-11-25 14:43 - 2015-11-25 16:11 - 0000600 _____ () C:\Users\roger\AppData\Local\PUTTY.RND

2014-07-13 15:18 - 2014-07-13 15:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2015-04-15 12:55 - 2015-04-15 12:56 - 0000266 _____ () C:\ProgramData\LEDM_AdaptorInstall.log

2015-11-25 14:21 - 2015-11-25 14:21 - 0013536 _____ () C:\ProgramData\SMRResults501.dat

2014-07-13 15:44 - 2014-07-13 15:45 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log

2014-07-13 15:41 - 2014-07-13 15:42 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log

2014-07-13 15:42 - 2014-07-13 15:43 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log

2014-07-13 15:43 - 2014-07-13 15:44 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log

2014-07-13 15:41 - 2014-07-13 15:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

 

Files to move or delete:

====================

C:\ProgramData\SMRResults501.dat

 

 

Some files in TEMP:

====================

C:\Users\Rodge\AppData\Local\Temp\SetupHomeBusinessRetail.x86.en-US_HomeBusinessRetail_W6GKY-PN7M6-GD2YG-FMX7W-CPK6P_act_1_.exe

C:\Users\roger\AppData\Local\Temp\FoxitUpdater.exe

C:\Users\roger\AppData\Local\Temp\jre-8u65-windows-au.exe

C:\Users\roger\AppData\Local\Temp\jre-8u66-windows-au.exe

C:\Users\roger\AppData\Local\Temp\lowproc.exe

C:\Users\roger\AppData\Local\Temp\rnsetup0.exe

C:\Users\roger\AppData\Local\Temp\sqlite3.dll

C:\Users\roger\AppData\Local\Temp\stubhelper.dll

C:\Users\roger\AppData\Local\Temp\xmlUpdater.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-12-04 10:05

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015

Ran by Roger (2015-12-04 10:24:09)

Running from C:\Users\roger\Downloads\zbot removal

Windows 8.1 Pro with Media Center (X64) (2014-07-24 19:16:57)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3431338471-2953790821-533025956-500 - Administrator - Disabled)

Guest (S-1-5-21-3431338471-2953790821-533025956-501 - Limited - Disabled)

Rodge (S-1-5-21-3431338471-2953790821-533025956-1001 - Administrator - Enabled) => C:\Users\Rodge

toshiba (S-1-5-21-3431338471-2953790821-533025956-1006 - Administrator - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

8GadgetPack (HKLM-x32\...\{32A7C3B0-E5C3-4913-B1F2-49FE860FAA5E}) (Version: 11.0.0 - Helmut Buhler)

AdminManager(OKI Setup Utility) (HKLM-x32\...\ODC AdminManager) (Version: 1.19.0(1.00) - Okidata)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)

Advanced IP Scanner 2.3 (HKLM-x32\...\{A02F51A7-1982-4B69-8BD3-7D2B86179752}) (Version: 2.3.2161 - Famatech)

Akamai NetSession Interface (HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Akamai) (Version:  - Akamai Technologies, Inc)

Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.1 - Angry IP Scanner)

Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Application Insights Tools for Visual Studio Express 2013 for Web (x32 Version: 2.1 - Microsoft Corporation) Hidden

Ares 2.2.8 (HKLM-x32\...\Ares) (Version: 2.2.8-Build#3052 - Seekar Ltd)

ASUS Wireless Router WL-520GU Utilities (HKLM-x32\...\{B835DEF8-26A7-4E9B-B9F8-8D56F385DEAA}) (Version: 4.0.8.0 - ASUS)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

AzureTools.Notifications.VwdExpress (x32 Version: 2.4.20730.1601 - Microsoft Corporation) Hidden

Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden

Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden

Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden

Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden

Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden

Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden

BurnAware Free 7.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)

CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)

ChromecastApp (HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)

Cisco WebEx Meetings (HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

Customer Support (HKLM-x32\...\{B33D89E4-FB43-6749-447E-2E469AC9EB5B}) (Version: 0.0.0.1 - Lexmark International, Inc.)

CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

DDMS Server/Client (HKLM-x32\...\{832E7E0F-87EA-41A3-872B-6006BF6FE891}) (Version: 10.15.0 - ECi)

Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)

Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)

Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden

Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)

Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)

Dell Service Tag Lookup Tool (HKLM-x32\...\Dell Service Tag Lookup Tool) (Version:  - )

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)

Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)

Dell System Detect (HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.51 - Synaptics Incorporated)

Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)

DIRECTV Player (HKLM-x32\...\{04f0c8c0-e0c8-4292-8676-db9174655d7a}) (Version: 12.1 - DIRECTV)

DIRECTV2PC Playback Advisor (HKLM-x32\...\InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}) (Version: 1.0 - CyberLink Corp.)

DIRECTV2PC Playback Advisor (x32 Version: 1.0 - CyberLink Corp.) Hidden

e-BRIDGE Color Profile Tool (HKLM-x32\...\{6197D404-243A-4835-881F-F1EBC4568E7C}) (Version: 2.0.128a - TOSHIBA TEC CORPORATION)

e-BRIDGE Job Build eX (HKLM-x32\...\{C6931710-74CF-4F37-91A3-D0BC035ACEE0}) (Version: 7.71.66 - TOSHIBA TEC CORPORATION and TOSHIBA (AUSTRALIA) PTY LIMITED)

ECi DDMS EBS Client (HKLM-x32\...\{C1FB479E-A179-4270-ABF0-19353B8D3D5A}) (Version: 10.15.0 - ECi)

ECi DDMS XNet Client (HKLM-x32\...\{3944C2AC-EB28-446F-88DC-C57230484D6F}) (Version: 1.3.2 - ECi DDMS)

eCopy PDF Pro Office 6 (HKLM\...\{BCA859E7-731C-47B9-A289-2AEE7B403FC3}) (Version: 6.10.6270 - Nuance Communications, Inc.)

eCopy PDF Pro Office 6 (HKLM-x32\...\{BCA859E7-731C-47B9-A289-2AEE7B403FC3}) (Version: 6.10.6270 - Nuance Communications, Inc.)

Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)

Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)

FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )

FREE Word and Excel password recovery Wizard version 2.1.15 (HKLM-x32\...\{BEE8AFD4-907F-4BD5-B2E9-6606291415E8}_is1) (Version: 2.1.15 - FREE Password Recovery Software)

FrostWire 6.0.6 (HKLM-x32\...\FrostWire 6) (Version: 6.0.6.1 - FrostWire LLC)

GDR 5343 for SQL Server 2012 (KB3045321) (64-bit) (HKLM\...\KB3045321) (Version: 11.2.5343.0 - Microsoft Corporation)

Global VPN Client (HKLM\...\{E828FDAA-B4E0-46B6-B647-7C03CCF48C83}) (Version: 4.9.4 - Dell SonicWALL)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)

Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)

GoToMeeting 7.6.0.4007 (HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\GoToMeeting) (Version: 7.6.0.4007 - CitrixOnline)

Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)

Html Editor (HKLM-x32\...\{6C6420A4-F6B1-4095-B06A-9931A7C725FC}) (Version: 1.0.0 - MSDN)

iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)

IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )

IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )

IIS URL Rewrite Module 2 (HKLM\...\{EB675D0A-2C95-405B-BEE8-B42A65D23E11}) (Version: 7.2.2 - Microsoft Corporation)

Infinite HD™ App (HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)

Intel® Smart Connect Technology (HKLM\...\{23737445-A5AB-4238-92E2-9EE665523D3D}) (Version: 4.2.41.2549 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)

Internet Explorer Administration Kit 11 (HKLM-x32\...\{72AB5169-C4B7-41DD-A3EF-503BD5311D09}) (Version: 11.0.0 - Microsoft Corporation)

Internet Information Services (IIS) 7+ Manager (HKLM\...\{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}) (Version: 7.1.0.0 - Microsoft Corporation)

ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)

iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)

Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)

Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

Lexmark BSD Series Uninstaller (HKLM\...\Lexmark Universal v2) (Version:  - Lexmark International, Inc.)

Lexmark Universal v2 XL Print Driver (HKLM\...\{55993B7D-9B18-41DF-BD22-588515147BCF}) (Version: 2.8.0.0 - Lexmark International, Inc.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

MFP Mobile Diagnosis Tool 2 (HKLM-x32\...\{E63AF4D2-BC9E-4A2F-8D4F-EB75A015C033}) (Version: 1.4.0 - Toshiba Tec)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)

Microsoft ASP.NET and Web Frameworks 2012.2 (HKLM-x32\...\{71a40c60-27c2-443a-b7c7-6e4f3aad1d5a}) (Version: 2.1.20219.0 - Microsoft Corporation)

Microsoft ASP.NET and Web Tools 2013.1 - Visual Studio Express 2012 for Web (HKLM-x32\...\{CEB3E62B-D8BC-4DC2-838B-C7B547D2C4F6}) (Version: 1.5.50306.0 - Microsoft Corporation)

Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)

Microsoft Assessment and Planning Toolkit (HKLM-x32\...\{be60e658-d8bf-4328-b016-b11305d2b5a5}) (Version: 9.2.292.0 - Microsoft Corporation)

Microsoft Azure Authoring Tools - v2.4 (HKLM\...\{50D4178A-C2E6-4F95-9C54-8A31DFA68F32}) (Version: 2.4.6489.2 - Microsoft Corporation)

Microsoft Azure Command Line Tools (HKLM-x32\...\{B4173CDB-E882-4BA3-8286-C32F36628D9E}) (Version: 0.8.7 - Microsoft Corporation)

Microsoft Azure Compute Emulator - v2.4 (HKLM\...\Microsoft Azure Compute Emulator - v2.4) (Version: 2.4.6489.2 - Microsoft Corporation)

Microsoft Azure Libraries for .NET – v2.4 (HKLM\...\{D6B04ED9-386E-4157-AF50-64A43700FADC}) (Version: 2.4.0724.110 - Microsoft Corporation)

Microsoft Azure PowerShell - August 2014 (HKLM-x32\...\{42C77360-1E6F-4329-ACBF-8BDBAAF57059}) (Version: 0.8.6 - Microsoft Corporation)

Microsoft Azure Storage Tools - v2.4.1 (HKLM-x32\...\{25049FD2-0D5A-473F-8F84-76E75952C934}) (Version: 2.4.1.0 - Microsoft Corporation)

Microsoft Azure Tools for Microsoft Visual Studio 2012 - v2.4 (HKLM-x32\...\{7f522d2c-fa6d-40e7-bcb8-f769ce3053e2}) (Version: 2.4.20730.1601 - Microsoft Corporation)

Microsoft Azure Tools for Microsoft Visual Studio 2013 - v2.4 (HKLM-x32\...\{59c9b964-1162-4063-886e-8410aa0fcbc8}) (Version: 2.4.20730.1601 - Microsoft Corporation)

Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)

Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)

Microsoft Merge Modules for DDMS (HKLM-x32\...\{4FEDA3C1-5ADE-4E42-A643-FBAE26F3BF1A}) (Version: 1.1.2 - ECi DDMS)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)

Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)

Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft Software Inventory Analyzer (HKLM-x32\...\{1090D33C-8885-4E7D-893C-5A83092F6E8A}) (Version: 5.1.0.0 - Microsoft Corporation)

Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)

Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{4640B737-046C-4EFA-A3C8-7555290F26F9}) (Version: 11.2.5343.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client  (HKLM\...\{3965C9F9-9B9A-4391-AC4B-8388210D3AA0}) (Version: 11.2.5058.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Setup (English) (HKLM\...\{DCB0EF4F-E2C2-420B-B8C9-B317A8ECE73A}) (Version: 11.2.5343.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BE33EB92-2D4C-4DA1-9D39-AA27FEFCF9F9}) (Version: 11.2.5343.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E721A8AA-2632-4798-B439-6D4C8A689BB8}) (Version: 11.2.5058.0 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (11.1.20905.0) (HKLM-x32\...\{23A3E3F8-91B4-4C5A-9E69-6747CF6D426B}) (Version: 11.1.20905.0 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20905.0) (HKLM-x32\...\{D2964C0D-477B-4914-B791-1D80E61E85E6}) (Version: 11.1.20905.0 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio Express 2012 for Web - ENU (HKLM-x32\...\{f56bac4b-ef69-49d9-b010-1d7de651418d}) (Version: 11.0.50727.26 - Microsoft Corporation)

Microsoft Visual Studio Express 2013 for Web - ENU with Update 3 (HKLM-x32\...\{04ce287c-7db8-4e6c-b204-44bbcd3a8abc}) (Version: 12.0.30723.0 - Microsoft Corporation)

Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.2.5058.0 - Microsoft Corporation)

Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)

Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)

Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)

Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)

Music Manager (HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\MusicManager) (Version:  - Google, Inc.)

My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)

My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden

MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)

MySQL Server 5.1 (HKLM\...\{01FB752A-92D8-429A-8540-5A7838233443}) (Version: 5.1.72 - Oracle Corporation)

NAPS2 2.6.3 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version:  - Ben Olden-Cooligan)

Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.5 - Notepad++ Team)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden

Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)

PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)

Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)

ProSafe Plus Utility (HKLM-x32\...\InstallShield_{26457641-59C0-4F51-9832-461E10E5AC0C}) (Version: 2.3.2 - NetGear)

ProSafe Plus Utility (x32 Version: 2.3.2 - NetGear) Hidden

Python Tools Redirection Template (x32 Version: 1.0 - Microsoft Corporation) Hidden

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.)

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

Radmin Viewer 3.5 (HKLM-x32\...\{199127DC-7BDB-41AB-825B-4229A86F8F0D}) (Version: 3.50.0000 - Famatech)

RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) Hidden

RealDownloader (x32 Version: 18.0.2.60 - RealNetworks) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)

RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Remote Desktop Connection Manager (HKLM-x32\...\{173A2B7F-535A-4403-A454-B41531EF0D7F}) (Version: 2.2.0423 - Microsoft Corporation)

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Scansoft PDF Professional (x32 Version:  - ) Hidden

Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version:  - Microsoft)

Service Pack 2 for SQL Server 2012 (KB2958429) (64-bit) (HKLM\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)

SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)

Shareaza 2.7.8.0 (HKLM\...\Shareaza_is1) (Version: 2.7.8.0 - Shareaza Development Team)

Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)

SQL Server 2012 Common Files (Version: 11.2.5058.0 - Microsoft Corporation) Hidden

SQL Server 2012 Database Engine Services (Version: 11.2.5058.0 - Microsoft Corporation) Hidden

SQL Server 2012 Database Engine Shared (Version: 11.2.5058.0 - Microsoft Corporation) Hidden

SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.2.5058.0 - Microsoft Corporation)

Sql Server Customer Experience Improvement Program (Version: 11.2.5058.0 - Microsoft Corporation) Hidden

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)

TOSHIBA e-STUDIO AddressBook Viewer (HKLM\...\{49DC2A16-194E-4225-878A-1EC4860672EF}) (Version: 1.26.000 - TOSHIBA TEC CORPORATION)

TOSHIBA e-STUDIO AddressBook Viewer (HKLM\...\{E610D587-97DF-4B04-9F19-267CB08CE6E9}) (Version: 1.44.000 - TOSHIBA TEC CORPORATION)

TOSHIBA e-STUDIO BackUp-Restore (HKLM-x32\...\{1A4056BF-2655-48BC-A0DF-2FDAE8700F3E}) (Version: 1.21.000 - TOSHIBA TEC CORPORATION)

TOSHIBA e-STUDIO File Downloader (HKLM-x32\...\{46DA675C-DE8E-47B6-85A5-1E8048F3E985}) (Version: 1.26.000 - TOSHIBA TEC CORPORATION)

TOSHIBA e-STUDIO File Downloader (HKLM-x32\...\{9717B605-30EC-46D8-A9DB-8BECF68B2136}) (Version: 1.44.000 - TOSHIBA TEC CORPORATION)

TOSHIBA e-STUDIO Remote Scan driver (HKLM-x32\...\{8D80A172-154E-4CA1-8B87-4F2DC6139A6B}) (Version: 1.44.000 - TOSHIBA TEC CORPORATION)

TOSHIBA e-STUDIO TWAIN Driver (HKLM-x32\...\{C2D5F24B-7248-49AD-BC9E-8698100338FC}) (Version: 1.45.000 - TOSHIBA TEC CORPORATION)

TOSHIBA Field Service Manager (HKLM-x32\...\InstallShield_{77BAF162-CBB4-4511-871D-0352BEEDF20C}) (Version: 3.9.0 - )

TOSHIBA Office Scan Add-In (HKLM-x32\...\{ED3C3BF7-A1F1-419B-AD0F-787D2C726357}) (Version: 1.00.0000 - TOSHIBA TEC CORPORATION)

TOSHIBA PDC Tool 2 (HKLM-x32\...\{7205AB6B-5D98-4F1C-8520-577C6EBFE74B}) (Version: 1.00.0000 - TOSHIBA TEC CORPORATION)

True Color (HKLM-x32\...\{d3c1120e-12a0-45ac-ad51-e255f518ce24}) (Version: 5.0.0.6 - Entertainment Experience)

True Color (Version: 5.0.0.6 - Entertainment Experience LLC) Hidden

TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden

TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden

Uninstall Finalizer (x32 Version: 2.4.20730.1601 - Microsoft Corporation) Hidden

Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden

Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden

Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation)

VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden

Western Digital USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - Western Digital Corporation)

Western Digital USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - Western Digital Corporation) Hidden

Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)

Windows Azure Storage Emulator - v3.3 (HKLM-x32\...\Windows Azure Storage Emulator - v3.3) (Version: 3.3.6848.17 - Microsoft Corporation)

Windows Cache Extension 1.3 for PHP 5.4 (HKLM-x32\...\{91EEFB5C-0643-4694-B92F-B9E8E483E527}) (Version: 1.3.4.0 - Microsoft Corporation)

Windows Driver Package - Lexmark International Printer  (05/03/2013 2.8.0.0) (HKLM\...\FC0D9D867813ABE415A95F23A0AB4D255A2D9E1D) (Version: 05/03/2013 2.8.0.0 - Lexmark International)

Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)

Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)

WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

Wireshark 1.12.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.8 - The Wireshark developer community, hxxp://www.wireshark.org)

XML Notepad (HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\d52ada53ade2e1c1) (Version: 2.7.0.0 - Chris Lovett)

ZBot Trojan Remover v1.9.2 (HKLM-x32\...\ZBot Trojan Remover_is1) (Version: 1.9.2.0 - NoVirusThanks Company Srl)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\localserver32 -> C:\Program Files\Shareaza\MediaImageServices.exe (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{0EEA2A0F-AD1F-4555-9827-0DD9335611A4}\localserver32 -> C:\Program Files\Shareaza\WindowsThumbnail.exe (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}\InprocServer32 -> C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\roger\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{0F74BA53-C842-4CB5-B388-DD5663F62479}\InprocServer32 -> C:\Program Files\Shareaza\Preview.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\roger\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\InprocServer32 -> C:\Program Files\Shareaza\ImageViewer.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\InprocServer32 -> C:\Program Files\Shareaza\ZIPBuilder.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\localserver32 -> C:\Program Files\Shareaza\MediaPlayer.exe (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\localserver32 -> C:\Program Files\Shareaza\MediaLibraryBuilder.exe (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\roger\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\InprocServer32 -> C:\Program Files\Shareaza\RatDVDReader.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\InprocServer32 -> C:\Program Files\Shareaza\GFLLibraryBuilder.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{76F13243-9F62-4241-AC07-3B359BBE4EC6}\InprocServer32 -> C:\Program Files\Shareaza\ShortURL.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\roger\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\roger\AppData\Local\Citrix\GoToMeeting\3880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\roger\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\InprocServer32 -> C:\Program Files\Shareaza\SkinScanSKS.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\InprocServer32 -> C:\Program Files\Shareaza\7ZipBuilder.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\roger\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\roger\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\roger\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\roger\AppData\Local\DIRECTV Player\win64\npPlayerPlugin.dll => No File

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\roger\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\InprocServer32 -> C:\Program Files\Shareaza\DocumentReader.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\InprocServer32 -> C:\Program Files\Shareaza\RARBuilder.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\InprocServer32 -> C:\Program Files\Shareaza\SWFPlugin.dll (Shareaza Development Team)

CustomCLSID: HKU\S-1-5-21-435509993-2219368938-1573232648-2701_Classes\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\InprocServer32 -> C:\Program Files\Shareaza\GFLImageServices.dll (Shareaza Development Team)

 

==================== Restore Points =========================

 

28-11-2015 14:29:21 Dell Update: eDellRoot Removal

28-11-2015 14:29:57 Dell Update: DSD Cert Removal

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {09DF10F0-6BF0-49E0-A31F-79AB3C5B5478} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)

Task: {0D16374A-09F4-46A1-ABD5-A1F2B782478C} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()

Task: {1B1D75A1-CC09-4419-AE95-808CDB35D02A} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-07-27] ()

Task: {226032D5-2459-4BDC-B11C-ADBB6C428189} - System32\Tasks\G2MUploadTask-S-1-5-21-435509993-2219368938-1573232648-2701 => C:\Users\roger\AppData\Local\Citrix\GoToMeeting\4007\g2mupload.exe [2015-11-27] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {23AF278E-9DF2-497A-991A-95FF45FA0E50} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)

Task: {256538D8-28B2-4C9A-B901-854A25F2E3F1} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}

Task: {27ED30BC-ED58-48BC-894C-46CA7C125983} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

Task: {2DB68E4D-9B96-4407-A784-DF1D3432D35E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)

Task: {342277DD-7AA5-4727-8BF6-6ECE6AA82240} - System32\Tasks\{87D7C2D4-AA57-498F-AC39-76966E43DEAA} => pcalua.exe -a "C:\Users\roger\Downloads\toshiba\firmware\6530c series\InstallClient1.exe" -d "C:\Users\roger\Downloads\toshiba\firmware\6530c series"

Task: {37C27A1F-A33C-40F7-A09B-5C3104A5A044} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-435509993-2219368938-1573232648-2701 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)

Task: {38FA0B41-B91E-4D29-B31C-A29ED979BCC9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)

Task: {3AD34ABB-32AE-4704-9DB6-FB5896AE8CA8} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()

Task: {40FD299E-CAE4-4B06-8238-9F1744481389} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)

Task: {4450F434-F53D-407A-9498-E5365DBD555D} - System32\Tasks\G2MUpdateTask-S-1-5-21-435509993-2219368938-1573232648-2701 => C:\Users\roger\AppData\Local\Citrix\GoToMeeting\4007\g2mupdate.exe [2015-11-27] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {45456FC5-EB77-4EBF-A066-2783A3C2D5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {47833DA1-0F05-4880-B54C-8D21E8610796} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)

Task: {4E853C68-C8DB-40A9-B079-7E6286CBCC50} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3431338471-2953790821-533025956-1001 => C:\Users\roger\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

Task: {5BC5BF4F-EFB8-4E15-B94F-B45FE61CF51C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {5F1C060F-456D-47C5-88DE-1218FE562287} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

Task: {5FE461A5-74FE-47F5-AAB0-BFB4641D4DE6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)

Task: {614B9121-792F-4ED2-A6B0-6838C9F34A60} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

Task: {6A96D8C9-7345-4268-959B-54BDFA178906} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {6B3B59CB-E1E4-4FD5-9F55-FB1CAF795952} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)

Task: {6D092AF0-7030-40B0-A526-0E89824A0FC2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)

Task: {6EE7B291-70AB-45B6-96B9-3297BEBF87FD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)

Task: {75C1367A-9F14-4D6D-8AC9-17E51C1C27DA} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)

Task: {81D8A6EF-BE64-40DC-81C4-E39AEDE4A2A3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)

Task: {8210DEC9-C7AF-494F-A283-810C7047D041} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}

Task: {86AA5144-1AEA-4D59-A3CF-0E9196276909} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-435509993-2219368938-1573232648-2701UA => C:\Users\roger\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {88814063-B3A6-45EA-AA41-7EADDBC087E7} - System32\Tasks\PocketCloudUpdater => C:\Program

Task: {8A83F4BE-D9CD-4024-A56B-094A332C4027} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {BB97B4FD-B18A-4EA1-87FA-7E2C3D3BE645} - System32\Tasks\{8F3F8075-0ED7-4F8F-811A-741FFF7AC390} => pcalua.exe -a C:\Users\roger\Downloads\dell\R154270.EXE -d C:\Users\roger\Downloads\dell

Task: {BBC905FA-3643-4CEA-96DF-2DDEA8DB8E2B} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)

Task: {C3D67EB4-1B6B-4708-BF81-E0F879F86015} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)

Task: {D2CE18BA-E00F-40F5-9743-03695A7541CE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-435509993-2219368938-1573232648-2701 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)

Task: {D8B37A67-5403-4B17-A8A9-D6FE26410A88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)

Task: {DC34EA3C-2146-40F3-A7AE-43F2C8C8E83A} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)

Task: {E18B15DD-5766-46D6-B4C8-A8977F162786} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-22] (Synaptics Incorporated)
Link to post
Share on other sites

Task: {EBCD2143-3C1F-46D6-96A2-50B36661C1E2} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)

Task: {EF7AFC12-9EFD-4422-92EC-C9D85EC16F5C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)

Task: {F007AFAC-7761-4675-98E5-5744A4DD778F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-435509993-2219368938-1573232648-2701Core => C:\Users\roger\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {F08A5C98-1F23-48DE-A211-3EA21584A46C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\bytefenceupdate.job => C:\Users\roger\AppData\Local\{4E3A7~1\UNINST~1.EXE

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-435509993-2219368938-1573232648-2701.job => C:\Users\roger\AppData\Local\Citrix\GoToMeeting\4007\g2mupdate.exe

Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-435509993-2219368938-1573232648-2701.job => C:\Users\roger\AppData\Local\Citrix\GoToMeeting\4007\g2mupload.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-435509993-2219368938-1573232648-2701Core.job => C:\Users\roger\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-435509993-2219368938-1573232648-2701UA.job => C:\Users\roger\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

Shortcut: C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6\FrostWire 6.0.6-SafeMode.lnk -> C:\Program Files (x86)\FrostWire\frostwire.bat () <==== ATTENTION

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-09-21 13:38 - 2013-03-19 11:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll

2015-09-21 13:38 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll

2015-01-30 15:28 - 2015-08-18 06:52 - 00020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll

2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-07-25 13:21 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2013-10-03 20:30 - 2013-10-03 20:30 - 00198120 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe

2013-10-03 20:30 - 2013-10-03 20:30 - 00054760 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll

2013-10-03 20:30 - 2013-10-03 20:30 - 00034792 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll

2015-07-27 20:28 - 2015-07-27 20:28 - 00032880 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

2014-10-17 12:16 - 2014-10-17 12:16 - 00093648 _____ () C:\Program Files\TrueColor\TrueColorALS.exe

2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

2013-08-22 13:40 - 2013-08-22 13:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll

2013-08-22 13:40 - 2013-08-22 13:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll

2014-01-10 16:53 - 2014-01-10 16:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll

2014-01-10 16:53 - 2014-01-10 16:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll

2014-01-10 16:53 - 2014-01-10 16:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll

2014-01-10 17:24 - 2014-01-10 17:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll

2014-01-10 17:24 - 2014-01-10 17:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll

2014-04-29 10:10 - 2014-04-29 10:10 - 00466944 _____ () C:\Windows\system32\DPPPlugin.dll

2015-10-28 15:21 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll

2015-07-27 18:40 - 2015-07-27 18:40 - 00614464 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe

2015-07-27 20:28 - 2015-07-27 20:28 - 00037512 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll

2015-07-27 20:28 - 2015-07-27 20:28 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll

2015-07-27 20:28 - 2015-07-27 20:28 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll

2014-07-13 15:33 - 2013-09-03 19:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-07-27 18:40 - 2015-07-27 18:40 - 00066624 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll

2015-12-04 07:33 - 2015-12-04 07:33 - 00098816 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32api.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00110080 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\pywintypes27.dll

2015-12-04 07:33 - 2015-12-04 07:33 - 00364544 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\pythoncom27.dll

2015-12-04 07:33 - 2015-12-04 07:33 - 00046080 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\_socket.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 01208320 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\_ssl.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00320512 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32com.shell.shell.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00776704 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\_hashlib.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 01176576 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\wx._core_.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00806400 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\wx._gdi_.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00816128 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\wx._windows_.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 01067008 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\wx._controls_.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00733184 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\wx._misc_.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00682496 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\pysqlite2._sqlite.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00088064 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\_ctypes.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00119808 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32file.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00108544 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32security.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00007168 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\hashobjs_ext.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00017920 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\thumbnails_ext.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00079360 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\usb_ext.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00167936 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32gui.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00018432 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32event.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00128512 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\_elementtree.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00127488 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\pyexpat.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00013824 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\common.time34.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00036864 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\_psutil_windows.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00038912 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32inet.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00525640 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\windows._lib_cacheinvalidation.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00011264 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32crypt.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00077312 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\wx._html2.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00027136 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\_multiprocessing.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00020480 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\_yappi.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00035840 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32process.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00686080 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\unicodedata.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00123392 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\wx._wizard.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00024064 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32pipe.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00010240 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\select.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00025600 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32pdh.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00017408 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32profile.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00022528 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\win32ts.pyd

2015-12-04 07:33 - 2015-12-04 07:33 - 00078848 _____ () C:\Users\roger\AppData\Local\Temp\_MEI64322\wx._animate.pyd

2014-07-13 15:42 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2015-02-26 11:07 - 2015-02-09 10:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll

2014-07-13 15:51 - 2012-11-26 01:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll

2015-02-26 11:07 - 2014-02-18 13:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

2010-05-25 10:39 - 2010-05-25 10:39 - 00203592 _____ () C:\Program Files (x86)\Remote Desktop Connection Manager\AxMSTSCLib.dll

2015-07-27 18:35 - 2015-07-27 18:35 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll

2014-11-22 14:12 - 2014-11-22 14:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

2012-11-19 01:46 - 2012-11-19 01:46 - 00480656 _____ () C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PDFCOffice2007Addin.dll

2015-11-12 08:03 - 2015-11-06 23:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll

2015-11-12 08:03 - 2015-11-06 23:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll

2015-11-12 08:03 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\roger\Desktop\TeamViewerQS_en.exe:BDU

AlternateDataStreams: C:\Users\roger\Downloads\87E8.tmp:BDU

AlternateDataStreams: C:\Users\roger\Downloads\ComboFix.exe:BDU

AlternateDataStreams: C:\Users\roger\Downloads\D3D7.tmp:BDU

AlternateDataStreams: C:\Users\roger\Downloads\D610_A06.EXE:BDU

AlternateDataStreams: C:\Users\roger\Downloads\dcomtest.exe:BDU

AlternateDataStreams: C:\Users\roger\Downloads\DIRECTV_Player_12.1 (1).exe:BDU

AlternateDataStreams: C:\Users\roger\Downloads\DIRECTV_Player_12.1.exe:BDU

AlternateDataStreams: C:\Users\roger\Downloads\DriverTool.exe:BDU

AlternateDataStreams: C:\Users\roger\Downloads\F844.tmp:BDU

AlternateDataStreams: C:\Users\roger\Downloads\HijackThis.exe:BDU

AlternateDataStreams: C:\Users\roger\Downloads\JavaSetup8u60.exe:BDU

AlternateDataStreams: C:\Users\roger\Downloads\NPE.exe:BDU

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\dell.com -> dell.com

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\dforce2.com -> dforce2.com

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\hp.com -> hp.com

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\landisoffice.com -> landisoffice.com

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\lexmark.com -> lexmark.com

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\microsoft.com -> microsoft.com

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\sun.com -> sun.com

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\toshiba-solutions.com -> toshiba-solutions.com

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\toshiba.com -> toshiba.com

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\toshibaexchange.com -> toshibaexchange.com

IE trusted site: HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\windowsupdate.com -> windowsupdate.com

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\Control Panel\Desktop\\Wallpaper -> C:\Users\roger\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.63.93 - 192.168.63.97

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "ISCTSystray.lnk"

HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"

HKLM\...\StartupApproved\Run: => "IAStorIcon"

HKLM\...\StartupApproved\Run: => "QuickSet"

HKLM\...\StartupApproved\Run: => "tvncontrol"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "TkBellExe"

HKLM\...\StartupApproved\Run32: => "RealDownloader"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKLM\...\StartupApproved\Run32: => "InboxMonitor"

HKLM\...\StartupApproved\Run32: => "PDFProHook"

HKLM\...\StartupApproved\Run32: => "PDF8 Registry Controller"

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\StartupApproved\Run: => "Google Update"

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\StartupApproved\Run: => "MusicManager"

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\StartupApproved\Run: => "DellSystemDetect"

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\StartupApproved\Run: => "PCShowServer"

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_CBCF848503FDC6DD1FF9C5BFC2201ED4"

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\StartupApproved\Run: => "F2947816B2ECFA44C1388245240A24D51354182A._service_run"

HKU\S-1-5-21-435509993-2219368938-1573232648-2701\...\StartupApproved\Run: => "Skype"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{EB6B67B4-A0A9-454C-9B43-396349EED1BC}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe

FirewallRules: [{110B8DFA-B650-41EA-904B-291C0C82CF87}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe

FirewallRules: [{EAEC2FE8-41E9-45B6-9B74-07A1FD3FBDEC}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe

FirewallRules: [{E37447D0-0AAA-4864-901D-BD3DFA44C0B1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{FA39EB7A-BF11-4D61-9C14-11A2B15AE2D7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe

FirewallRules: [{7BAA9474-C9A9-4B8B-A9B7-31EA0CB0A026}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{3D7F313C-9BDE-4208-A32A-0AA12293E1FD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{DC2969E8-F2C8-442E-9FB0-2F4CC5352CA2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{D93E15AC-05C1-4496-B33D-1706A5A7780B}] => (Allow) C:\Users\Rodge\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe

FirewallRules: [{9A8805B8-1BAF-4E10-A88B-FA5CDEF7CFC1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{10519613-D4BA-49C8-B07E-C83D34D71C4F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{DEA8AFDE-868E-4E8F-9323-AB7248C4128A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe

FirewallRules: [{B8B0909F-6113-47FE-A214-6B277E0F25B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe

FirewallRules: [{351D093B-CBDE-4424-8F73-BCC0C6E9E31E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{0117DE6D-D5C1-49C9-87CC-29B111ADE241}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [TCP Query User{68931A46-CDFE-4AB9-BAD4-BC5991E7100A}C:\users\roger\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\roger\appdata\local\directv player\ndspcshowserver.exe

FirewallRules: [uDP Query User{291E5935-66C9-49AE-93A7-BC56DBF0C5CC}C:\users\roger\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\roger\appdata\local\directv player\ndspcshowserver.exe

FirewallRules: [{A704196B-A66C-4838-BB96-9B81A83FA05A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

FirewallRules: [{7FB33017-A18F-4D1D-9634-20E4A4700747}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

FirewallRules: [{26C68C06-34CC-46B0-8015-64FE44B241C9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

FirewallRules: [{EAB54391-9CA6-4DAB-9A1C-3F07B4CF3A25}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

FirewallRules: [TCP Query User{021081DB-4F2D-4BA6-9F96-4177FEC5B3E6}C:\program files (x86)\toshiba\toshiba e-studio client\toshiba e-studio backup-restore\esefbkrt.exe] => (Allow) C:\program files (x86)\toshiba\toshiba e-studio client\toshiba e-studio backup-restore\esefbkrt.exe

FirewallRules: [uDP Query User{B7042827-F69D-4E06-986E-8CE8719B47AB}C:\program files (x86)\toshiba\toshiba e-studio client\toshiba e-studio backup-restore\esefbkrt.exe] => (Allow) C:\program files (x86)\toshiba\toshiba e-studio client\toshiba e-studio backup-restore\esefbkrt.exe

FirewallRules: [TCP Query User{73B6BBE1-3BE0-4B44-A290-FD6F89B96B62}D:\e-studio\setup.exe] => (Allow) D:\e-studio\setup.exe

FirewallRules: [uDP Query User{5C6A9083-FAA7-4396-A6FD-86EF3D40AB52}D:\e-studio\setup.exe] => (Allow) D:\e-studio\setup.exe

FirewallRules: [TCP Query User{97CC23CE-A97E-4E74-886E-AF8CED5B0143}C:\users\roger\downloads\toshiba\drivers\6530c for 6520c\es6530c-clientcd-v330\e-studio\setup.exe] => (Allow) C:\users\roger\downloads\toshiba\drivers\6530c for 6520c\es6530c-clientcd-v330\e-studio\setup.exe

FirewallRules: [uDP Query User{300C1275-5E25-4490-A68A-C823D924E6AF}C:\users\roger\downloads\toshiba\drivers\6530c for 6520c\es6530c-clientcd-v330\e-studio\setup.exe] => (Allow) C:\users\roger\downloads\toshiba\drivers\6530c for 6520c\es6530c-clientcd-v330\e-studio\setup.exe

FirewallRules: [TCP Query User{B39C240C-D824-420E-A7A7-D9BBF74A5AE8}C:\users\roger\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\roger\appdata\local\akamai\netsession_win.exe

FirewallRules: [uDP Query User{39CF86D6-9AA8-4FFE-B136-12F360467BE0}C:\users\roger\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\roger\appdata\local\akamai\netsession_win.exe

FirewallRules: [TCP Query User{13C5C061-BE71-4EEA-A7A5-C37D6FD00F56}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe

FirewallRules: [uDP Query User{628F58C3-242E-4819-9CEB-AA01DB20FDA9}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe

FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe

FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe

FirewallRules: [{906B7204-A522-4437-90BB-A9697CCA2379}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{E55CB23C-8CAA-4680-A737-05FFFE9175C9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{A2B4BECD-4BC5-4149-A313-089C5725E22D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{BCE18B21-B449-4551-8823-454570766559}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{FFE9B2CE-5CAA-4011-944E-3961596BB7C2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{63530672-0239-43A5-91BD-3BDF9C063495}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{F15B62BA-76A1-45AA-99E5-CAB3F0AE2AA9}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe

FirewallRules: [{DAE7B4F4-3F20-4E54-9E75-218D81EDD366}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe

FirewallRules: [{008F4367-7C7F-441B-AD77-545D6A78BCBC}] => (Allow) C:\Users\roger\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe

FirewallRules: [{DB890483-9F8F-4878-B516-886EAAFDA9A7}] => (Allow) C:\Users\roger\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe

FirewallRules: [TCP Query User{DC2094D2-746E-432C-BB51-F2AB4AA13880}C:\program files (x86)\frostwire 6\frostwire.exe] => (Allow) C:\program files (x86)\frostwire 6\frostwire.exe

FirewallRules: [uDP Query User{72440DC6-4EA6-4B63-A79C-4EE726C6DC49}C:\program files (x86)\frostwire 6\frostwire.exe] => (Allow) C:\program files (x86)\frostwire 6\frostwire.exe

FirewallRules: [TCP Query User{D85CDF12-80A8-4812-84CE-F14E141001F8}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe

FirewallRules: [uDP Query User{53DCCB22-C9E0-4373-8806-8428FEC25172}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe

FirewallRules: [{96F2E683-CD77-4C74-9279-188D3127F8CA}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe

FirewallRules: [{79ED9FCD-9FF8-428A-A905-6B518051E2C4}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe

FirewallRules: [{CEF73172-4696-42C8-8D31-5A1B3D20C25B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{2D407935-8B60-47F6-A65C-457287BA9525}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{5675CE87-FB91-4C78-87E7-3DA438E970B5}C:\program files (x86)\netgear\prosafe plus utility\nsdpmanager.exe] => (Allow) C:\program files (x86)\netgear\prosafe plus utility\nsdpmanager.exe

FirewallRules: [uDP Query User{8A15F19E-1262-4F75-8151-FD14E92CF763}C:\program files (x86)\netgear\prosafe plus utility\nsdpmanager.exe] => (Allow) C:\program files (x86)\netgear\prosafe plus utility\nsdpmanager.exe

FirewallRules: [TCP Query User{BD0909E6-152D-4B69-9F52-2470C89A93EE}C:\program files (x86)\netgear\prosafe plus utility\netgearserver.exe] => (Allow) C:\program files (x86)\netgear\prosafe plus utility\netgearserver.exe

FirewallRules: [uDP Query User{2650B9BC-D0A9-4419-8C1A-43421ABCFF48}C:\program files (x86)\netgear\prosafe plus utility\netgearserver.exe] => (Allow) C:\program files (x86)\netgear\prosafe plus utility\netgearserver.exe

FirewallRules: [TCP Query User{62DC953C-9631-4C1D-9015-DCA91F30322D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [uDP Query User{12D97BA7-8E94-4614-ABD6-23B5428FAA2A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [{FAA0AD63-5BEA-4E10-99D3-948D8C5D6DED}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\LMZZZ_32__bc.dll

FirewallRules: [{D5DDE9DC-7B7F-4BBA-9AFA-D9A44A013F39}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\LMZZZ_32__bc.dll

FirewallRules: [{269D8235-99D2-43D7-B69D-A2148707768F}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\LMzzz_32serv.dll

FirewallRules: [{9641160E-2EC6-4B79-ADC3-FD3A73F0DCA1}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\LMzzz_32serv.dll

FirewallRules: [{C8744E67-3736-432F-824A-2B4F779B19A1}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\lextwprotocol.dll

FirewallRules: [{59D721E2-CF8C-400D-8FE8-3BA07D774BC3}] => (Allow) C:\Program Files (x86)\Lexmark\NetworkTwain\lextwprotocol.dll

FirewallRules: [{3A3C403B-E211-456F-BD06-E6781C42469A}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds

FirewallRules: [{4AABDA0E-9C11-4538-99FA-2C04D3B1A57B}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds

FirewallRules: [{61135611-AC8A-4C42-A71B-C7D93A8441F6}] => (Allow) D:\Install\x64\InstallGui.exe

FirewallRules: [{02E3BA35-66DF-4D98-B619-1DB8BEAFBDB7}] => (Allow) D:\Install\x64\InstallGui.exe

FirewallRules: [{D4D2D1BE-A2BD-43F3-967F-C75AECCCC4F0}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe

FirewallRules: [{8DD39388-AA50-46D4-8295-4475189122DA}] => (Allow) C:\Program Files\Shareaza\Shareaza.exe

FirewallRules: [TCP Query User{C48A485A-8118-4C8E-A029-902B323C98C6}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe

FirewallRules: [uDP Query User{EC035EC4-C4B6-4E6E-9D55-26E32803FB5C}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe

FirewallRules: [{C26ADD5B-D380-4171-8B0E-753CB31BD0F0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{5BB42850-04A9-4D93-94D8-E1DDC3BF1B67}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{DCF95DA5-2953-4353-88CB-156D3DC3765E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{E139F9CF-BDF4-4E7A-9CF8-DBF09B51164F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{5BE07DBD-1654-4AE0-9AF4-C2CF112344EB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{58ECA590-70E2-4700-B74A-B52F0A56C9BD}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PdfRouter.exe

FirewallRules: [{B1CE98D9-8EAE-4905-B8C7-649698A7D631}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PdfRouter.exe

FirewallRules: [{18AE89B0-296A-42F5-83AC-5107FCCB2B16}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PdfPro8Hook.exe

FirewallRules: [{1C516F40-247E-454C-9A29-4626D1878772}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PdfPro8Hook.exe

FirewallRules: [{87BCD980-F0D1-405E-8FE1-06505992DF2A}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\GPDFDirect.exe

FirewallRules: [{3209309D-A2A1-4181-9C90-754C2813AAE5}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\GPDFDirect.exe

FirewallRules: [{5ABDD756-9A04-4C4D-A88F-D2B4DFD9333D}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\GaaihoDoc.exe

FirewallRules: [{3443219B-AD62-40E5-A7C9-B1E8531980C3}] => (Allow) C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\GaaihoDoc.exe

FirewallRules: [{76DC7951-FC1D-4335-A5AF-B84E3CD25DE2}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe

FirewallRules: [{D52C457A-DF9B-469A-99D8-533D758EC0A0}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe

FirewallRules: [{49FCB437-BDFF-4418-B83F-5CD65194CC1E}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe

FirewallRules: [{E7678B75-11BB-4AE6-8506-CFCDA92DCDFE}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe

FirewallRules: [{4101B49E-35D0-4AF9-A185-43057F087DF2}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe

FirewallRules: [{844A7D05-BBB8-4DB2-A9CF-DC44C8CD1DCB}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe

FirewallRules: [TCP Query User{B44700F4-D65E-425F-A9CE-AA587CD7735F}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe] => (Block) C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe

FirewallRules: [uDP Query User{FED6057F-3F06-438A-A138-54A959975F2C}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe] => (Block) C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe

FirewallRules: [TCP Query User{0EA55D86-BC25-4BDB-A5D0-BB00E30C0A8C}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe

FirewallRules: [uDP Query User{582449CB-4048-4BC6-A8E2-DB0E886EE3C1}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe

FirewallRules: [{3AE5EC92-69E6-477B-BA6C-0F31052A92CE}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [{3FDD4C6F-FD68-4340-B48A-B100A38D9EE5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A41AD4BF-6E0E-450B-A28E-ACB83AA24D81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E28F555B-7E9F-4427-94AC-B726C6E2EFB9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{88669624-6106-41F2-8697-56CE666AA27C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{9E768F26-F987-4A1B-A1FB-115274151783}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{99679279-61FF-46F6-954B-197BB584BD93}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{97D27078-2F90-4A47-A133-FFA9F1C4B13B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{D6FDDED3-3D5F-4D03-8A81-C3356E8D33E0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [TCP Query User{CAFB26B0-FBC9-41AA-AA15-49F100012417}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe

FirewallRules: [uDP Query User{552DDE98-2E51-47CF-BF0A-E3B5A2850E10}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe

FirewallRules: [{909C7B61-4BB5-471C-B680-2D97C6475513}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{10F5D409-8317-42D5-ABD6-6E4EAF4ADB6A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{C592461A-1EE7-4F4B-83B1-1561E6650006}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{AEE6826F-EFA2-4242-82D0-29EDF4D768F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

==================== Faulty Device Manager Devices =============

 

Name: SonicWALL Virtual NIC

Description: SonicWALL Virtual NIC

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: SonicWALL

Service: SWVNIC

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Dell Touchpad

Description: Dell Touchpad

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Synaptics

Service: i8042prt

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/03/2015 03:47:38 PM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

 

Error: (12/03/2015 03:47:38 PM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

 

Error: (12/03/2015 08:10:27 AM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

 

Error: (12/03/2015 08:10:27 AM) (Source: ISCTAgent) (EventID: 1000) (User: )

Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80040302\n

 

Error: (12/03/2015 08:10:13 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

 

Error: (12/02/2015 03:57:11 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/02/2015 03:44:36 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point (Process = C:\Users\roger\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

 

Error: (12/02/2015 03:34:47 PM) (Source: TrueColorALS) (EventID: 4) (User: )

Description: TrueColorALSALSWorkerThread(): ALS thread Error on WaitForSingleObject(). Error 6

 

Error: (12/02/2015 03:19:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

 

System Error:

Access is denied.

.

 

Error: (12/02/2015 11:24:36 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 3738

 

Start Time: 01d12d1d313d6e70

 

Termination Time: 4294967295

 

Application Path: C:\Windows\syswow64\wwahost.exe

 

Report Id: 25c76482-9911-11e5-82f2-a0a8cd7b1b36

 

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

 

Faulting package-relative application ID: App

 

 

System errors:

=============

Error: (12/04/2015 10:05:05 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)

Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM

 

Error: (12/04/2015 09:12:25 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1058) (User: NT AUTHORITY)

Description: The processing of Group Policy failed. Windows attempted to read the file \\landisoffice.local\SysVol\landisoffice.local\Policies\{7F1CEB2B-BBE1-423E-BA15-B5D386796A61}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

a) Name Resolution/Network Connectivity to the current domain controller. 

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

c) The Distributed File System (DFS) client has been disabled.

 

Error: (12/04/2015 07:55:30 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)

Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM

 

Error: (12/04/2015 07:37:24 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1058) (User: NT AUTHORITY)

Description: The processing of Group Policy failed. Windows attempted to read the file \\landisoffice.local\SysVol\landisoffice.local\Policies\{7F1CEB2B-BBE1-423E-BA15-B5D386796A61}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

a) Name Resolution/Network Connectivity to the current domain controller. 

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

c) The Distributed File System (DFS) client has been disabled.

 

Error: (12/04/2015 07:34:37 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1058) (User: NT AUTHORITY)

Description: The processing of Group Policy failed. Windows attempted to read the file \\landisoffice.local\SysVol\landisoffice.local\Policies\{7F1CEB2B-BBE1-423E-BA15-B5D386796A61}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

a) Name Resolution/Network Connectivity to the current domain controller. 

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

c) The Distributed File System (DFS) client has been disabled.

 

Error: (12/03/2015 03:47:31 PM) (Source: ipnathlp) (EventID: 1233) (User: )

Description: 

 

Error: (12/03/2015 03:47:31 PM) (Source: ipnathlp) (EventID: 1233) (User: )

Description: 

 

Error: (12/03/2015 03:47:22 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1058) (User: NT AUTHORITY)

Description: The processing of Group Policy failed. Windows attempted to read the file \\landisoffice.local\SysVol\landisoffice.local\Policies\{7F1CEB2B-BBE1-423E-BA15-B5D386796A61}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

a) Name Resolution/Network Connectivity to the current domain controller. 

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

c) The Distributed File System (DFS) client has been disabled.

 

Error: (12/03/2015 02:46:19 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1058) (User: NT AUTHORITY)

Description: The processing of Group Policy failed. Windows attempted to read the file \\landisoffice.local\SysVol\landisoffice.local\Policies\{7F1CEB2B-BBE1-423E-BA15-B5D386796A61}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

a) Name Resolution/Network Connectivity to the current domain controller. 

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

c) The Distributed File System (DFS) client has been disabled.

 

Error: (12/03/2015 01:07:18 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1058) (User: NT AUTHORITY)

Description: The processing of Group Policy failed. Windows attempted to read the file \\landisoffice.local\SysVol\landisoffice.local\Policies\{7F1CEB2B-BBE1-423E-BA15-B5D386796A61}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 

a) Name Resolution/Network Connectivity to the current domain controller. 

b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). 

c) The Distributed File System (DFS) client has been disabled.

 

 

CodeIntegrity:

===================================

  Date: 2015-09-21 13:31:22.884

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-21 13:31:22.698

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-21 13:31:22.426

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-21 13:31:22.208

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-21 13:31:21.944

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-21 12:03:14.644

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-21 12:03:14.314

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-21 12:03:14.000

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-21 12:03:13.670

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-09-21 12:03:13.389

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-4210U CPU @ 1.70GHz

Percentage of memory in use: 41%

Total physical RAM: 12186.57 MB

Available physical RAM: 7094.98 MB

Total Virtual: 14042.57 MB

Available Virtual: 7062.83 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:601.89 GB) (Free:279.68 GB) NTFS

Drive e: (RECOVERY) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32 ==>[system with boot components (obtained from drive)]

Drive i: (Data) (Fixed) (Total:320.11 GB) (Free:298.44 GB) NTFS

Drive t: (DATAPART1) (Network) (Total:1843.2 GB) (Free:841.65 GB) NTFS

Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.42 GB) NTFS

Drive x: (PBR Image) (Fixed) (Total:8.13 GB) (Free:0.72 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 127ADEE7)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • 6 months later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.