Hi again Brian,
Below the FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by SG0892112 (administrator) on HN3UY89211201 on 09-04-2015 19:43:58
Running from C:\Users\sg0892112\Desktop
Loaded Profiles: SG0892112 (Available profiles: SG0892112 & Coffee)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Check Point Software Tech Ltd) C:\Windows\SysWOW64\Prot_srv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
() C:\Program Files (x86)\Aviva Solutions\AFD\monsrv.exe
(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\CaptureService.exe
(aviva solutions) C:\Program Files (x86)\Aviva Solutions\AFD\AvivaMonitorServer.exe
(HP) C:\Windows\SysWOW64\HPTools\DesktopConfigUpdate\DesktopConfigUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Nortel Networks) C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
(Check Point Software Tech Ltd) C:\Windows\SysWOW64\pstartSr.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Common Files\Open Text\Spawner\bin\spawner.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\dp.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\SAP Document Pipeline 9.7.1\bin\cfbx.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\docrm.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\doctods.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\doctods.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\doctods.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\WCapWListener.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
() C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe
(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\WCapW32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe
(Check Point Software Tech Ltd) C:\Program Files (x86)\Pointsec\Pointsec for PC\P95tray.exe
(Verint Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\AimTray.exe
(HPES) C:\Windows\HPTools\UserNotify\UserNotifyFlg.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SAP AG) C:\Program Files (x86)\SAP\SapSetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(SAP, Walldorf) C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [601088 2015-02-23] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [Adobe ARM] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [318520 2011-05-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [NVC] => C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe [1717584 2010-03-01] (Nortel Networks)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164624 2012-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Check Point Endpoint Tray Application] => C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe [70144 2010-06-02] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Pointsec Tray] => C:\Program Files (x86)\Pointsec\Pointsec for PC\P95Tray.exe [858792 2011-03-08] (Check Point Software Tech Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [CfgDownload] => C:\Program Files (x86)\IXOS\bin\CfgDownload.exe [212992 2009-10-31] (Open Text Corporation)
HKLM-x32\...\Run: [ScanCfgDownload] => C:\Program Files (x86)\Open Text\Scan\bin\ScanCfgDownload.exe [217088 2010-04-14] (Open Text Corporation)
HKLM-x32\...\Run: [Witness AIM] => C:\Program Files (x86)\Witness Systems\Screen Capture Module\AimTray.exe [765952 2010-04-06] (Verint Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => [X]
HKLM-x32\...\Run: [UserNotify] => C:\Windows\HPTools\UserNotify\UserNotifyFlg.exe [50176 2013-08-07] (HPES)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Witness Systems\Screen Capture Module\wcapwlistener.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\MountPoints2: {b8def118-73cf-11e4-b062-c4d9879ed931} - D:\LaunchU3.exe -a
HKU\S-1-5-21-117609710-2025429265-725345543-71058\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\pscr_nt.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\sg0892112\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlander.S01E09.Micro.Hd.720p.Vose.lnk
ShortcutTarget: Outlander.S01E09.Micro.Hd.720p.Vose.lnk -> C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-117609710-2025429265-725345543-71058\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: SalePlus -> {71662ad8-bc87-491f-9f54-21b720af6f88} -> C:\Program Files (x86)\SalePlus\zBGJus1lurUqRz.x64.dll [2015-04-05] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\bin\IPS\IPSBHO.DLL [2014-08-08] (Symantec Corporation)
BHO-x32: SalePlus -> {71662ad8-bc87-491f-9f54-21b720af6f88} -> C:\Program Files (x86)\SalePlus\zBGJus1lurUqRz.dll [2015-04-05] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-07-29] (Sun Microsystems, Inc.)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9D216AC2-0970-4261-A7BF-FB1FE59CFBA1}: [NameServer] 10.12.64.101,10.16.61.14
FireFox:
========
FF ProfilePath: C:\Users\sg0892112\AppData\Roaming\Mozilla\Firefox\Profiles\xs8r7o9u.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll [2014-07-30] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: SaleePluS - C:\Users\sg0892112\AppData\Roaming\Mozilla\Firefox\Profiles\xs8r7o9u.default\Extensions\
[email protected] [2015-04-05]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27]
CHR Extension: (Google Docs) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27]
CHR Extension: (Google Drive) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27]
CHR Extension: (YouTube) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27]
CHR Extension: (Google Search) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27]
CHR Extension: (Google Sheets) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Gmail) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27]
CHR Extension: (SaleePluS) - C:\ProgramData\mfogbeekhpiiapegkggfihobolhclndf\ []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AvivaMonitor; C:\Program Files (x86)\Aviva Solutions\AFD\monsrv.exe [161080 2010-08-09] ()
S3 Av_Service; C:\Program Files (x86)\Aviva Solutions\AFD\av_service.exe [87352 2010-08-09] ()
R2 CaptureService; C:\Program Files (x86)\Witness Systems\Screen Capture Module\CaptureService.exe [401408 2010-04-06] (Witness Systems, Inc.) [File not signed]
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)
R2 DskCfgUpdt; C:\Windows\SysWOW64\HPTools\DesktopConfigUpdate\DesktopConfigUpdateService.exe [600576 2010-12-13] (HP) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [317496 2011-05-13] (Hewlett-Packard Company)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 NvcSvcMgr; C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)
R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [165568 2012-06-19] (SAP AG)
R2 Pointsec; C:\Windows\SysWOW64\Prot_srv.exe [658088 2011-03-08] (Check Point Software Tech Ltd)
R2 Pointsec_start; C:\Windows\SysWOW64\pstartSr.exe [232104 2011-03-08] (Check Point Software Tech Ltd)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609792 2015-02-23] (Copyright 2013 SAMSUNG) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe [144496 2014-08-08] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe [2379128 2014-08-08] (Symantec Corporation)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\snac64.exe [335216 2014-08-08] (Symantec Corporation)
R2 spawner; C:\Program Files (x86)\Common Files\Open Text\Spawner\bin\spawner.exe [201968 2008-06-12] (IXOS SOFTWARE AG - an Open Text company)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\BASHDefs\20150309.013\BHDrvx64.sys [1622744 2015-02-10] (Symantec Corporation)
R1 ccSettings_{67210CE5-A4BA-4C22-B639-1C79F566632D}; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\ccSetx64.sys [169048 2014-08-08] (Symantec Corporation)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\IPSDefs\20150408.011\IDSvia64.sys [637656 2015-02-10] (Symantec Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-05-16] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150408.035\ENG64.SYS [129752 2015-02-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150408.035\EX64.SYS [2137304 2015-02-10] (Symantec Corporation)
R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)
R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
R0 prot_2k; C:\Windows\System32\Drivers\prot_2k.sys [285992 2014-07-29] (Check Point Software Tech Ltd)
R0 prot_2k; C:\Windows\SysWow64\Drivers\prot_2k.sys [221736 2011-03-08] (Check Point Software Tech Ltd)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSP64.SYS [867032 2014-08-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSPX64.SYS [36952 2014-08-08] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMDS64.SYS [493656 2014-08-08] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMEFA64.SYS [1148120 2014-08-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\Ironx64.SYS [225496 2014-08-08] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMNETS.SYS [437976 2014-08-08] (Symantec Corporation)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-08-08] (Spotflux, Inc.)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-07-25] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-07-25] (Microsoft Corporation) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-09 19:42 - 2015-04-09 19:42 - 00045012 _____ () C:\Users\sg0892112\Downloads\Addition.txt
2015-04-09 19:41 - 2015-04-09 19:44 - 00024431 _____ () C:\Users\sg0892112\Desktop\FRST.txt
2015-04-09 19:41 - 2015-04-09 19:43 - 00000000 ____D () C:\FRST
2015-04-09 19:41 - 2015-04-09 19:41 - 02095616 _____ (Farbar) C:\Users\sg0892112\Desktop\FRST64.exe
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA408D.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA404E.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA402E.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA400E.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA3FED.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACD28.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACD08.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACCE8.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACCC8.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACC69.tmp
2015-04-08 16:21 - 2015-04-08 16:21 - 00007604 _____ () C:\Users\sg0892112\Downloads\LBF Wholesale Non Wholesale %3A 5923670 %3A 13450429.xlsx
2015-04-08 16:09 - 2015-04-08 16:23 - 00010400 _____ () C:\Users\sg0892112\Downloads\LBF WSL Report.xlsx
2015-04-08 10:06 - 2015-04-08 10:06 - 00006894 _____ () C:\Users\sg0892112\Downloads\France CID bookings.xlsx
2015-04-07 15:57 - 2015-04-07 16:02 - 00026813 _____ () C:\Users\sg0892112\Desktop\Margaret.xlsx
2015-04-07 10:58 - 2015-04-07 11:19 - 00016263 _____ () C:\Users\sg0892112\Desktop\LBF.XLSX
2015-04-06 13:16 - 2015-04-06 16:20 - 00119257 _____ () C:\Users\sg0892112\Desktop\export.XLSX
2015-04-06 12:28 - 2015-04-06 12:28 - 00000000 _____ () C:\SOA75AD.tmp
2015-04-06 10:48 - 2015-04-06 10:48 - 00005117 _____ () C:\Users\sg0892112\Downloads\Business Aviator CWT both SC Codes and carrier R0 %26 O3.xlsx
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE5B5.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE595.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE574.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE554.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE534.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE4A6.tmp
2015-04-05 23:27 - 2015-04-05 23:27 - 00460288 _____ () C:\Users\sg0892112\Downloads\AVS Video Converter 8.5 Activation Code And Crack Full Version Free Downlaod.exe
2015-04-05 20:14 - 2015-04-05 20:14 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-04-05 20:13 - 2015-04-05 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-04-05 20:13 - 2015-04-05 20:13 - 00001242 _____ () C:\Users\sg0892112\Desktop\AVS Video Converter.lnk
2015-04-05 19:22 - 2015-04-07 10:31 - 00000932 _____ () C:\Users\sg0892112\Desktop\mozillatabs.txt
2015-04-05 19:17 - 2015-04-05 19:29 - 63042752 _____ (Online Media Technologies Ltd. ) C:\Users\sg0892112\Downloads\AVSVideoConverter.exe
2015-04-05 19:11 - 2015-04-05 20:18 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\AVS4YOU
2015-04-05 19:11 - 2015-04-05 19:11 - 00000000 ____D () C:\ProgramData\AVS4YOU
2015-04-05 19:10 - 2015-04-05 20:14 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-04-05 19:10 - 2011-06-23 13:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-04-05 19:10 - 2011-06-23 13:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-04-05 18:47 - 2015-04-05 18:51 - 154363320 _____ (Online Media Technologies Ltd. ) C:\Users\sg0892112\Downloads\AVSVideoEditor.exe
2015-04-05 18:00 - 2015-04-05 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2015-04-05 18:00 - 2015-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Xvid
2015-04-05 18:00 - 2011-06-24 16:44 - 00243200 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-04-05 18:00 - 2011-06-24 16:28 - 00650752 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-04-05 18:00 - 2011-06-24 15:58 - 00153088 _____ () C:\Windows\SysWOW64\xvid.ax
2015-04-05 17:56 - 2015-04-05 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivXLand
2015-04-05 17:56 - 2015-04-05 17:56 - 00000000 ____D () C:\Program Files (x86)\DivXLand
2015-04-05 17:56 - 2005-02-04 20:19 - 00057344 _____ (PV) C:\Windows\SysWOW64\dslider.ocx
2015-04-05 17:55 - 2015-04-05 17:55 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\AVI ReComp
2015-04-05 16:16 - 2015-04-05 16:22 - 00000000 ____D () C:\Program Files (x86)\Gabest
2015-04-05 16:16 - 2015-04-05 16:22 - 00000000 ____D () C:\Program Files (x86)\AVI ReComp
2015-04-05 15:44 - 2015-04-05 15:44 - 00003584 _____ () C:\Users\sg0892112\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-05 11:41 - 2015-04-09 12:12 - 00000000 ____D () C:\Program Files (x86)\bugwatcher
2015-04-05 11:41 - 2015-04-05 11:41 - 00000000 ____D () C:\Program Files (x86)\SalePlus
2015-04-05 11:40 - 2015-04-05 11:40 - 00000000 ____D () C:\ProgramData\17201988207728874483
2015-04-05 11:40 - 2015-04-05 11:40 - 00000000 ____D () C:\Program Files (x86)\SaleePluS
2015-04-05 11:39 - 2015-04-05 11:48 - 00000000 ____D () C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}
2015-04-05 11:39 - 2015-04-05 11:39 - 00001743 _____ () C:\Users\sg0892112\Desktop\Outlander.S01E09.Micro.Hd.720p.Vose.lnk
2015-04-05 11:39 - 2015-04-05 11:39 - 00000000 ____D () C:\ProgramData\mfogbeekhpiiapegkggfihobolhclndf
2015-04-03 17:28 - 2015-04-06 11:15 - 00252967 _____ () C:\Users\sg0892112\Desktop\export_2.XLSX
2015-03-31 20:28 - 2015-03-31 20:29 - 02120715 _____ (divxland.org ) C:\Users\sg0892112\Downloads\DivXLand_MediaSub_210.exe
2015-03-31 19:26 - 2015-03-31 21:39 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\Movavi
2015-03-31 19:26 - 2015-03-31 19:26 - 00005039 _____ () C:\ProgramData\wmzddnmb.cix
2015-03-31 19:26 - 2015-03-31 19:26 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Movavi
2015-03-31 19:00 - 2015-04-05 20:28 - 00000000 ____D () C:\Users\sg0892112\Downloads\Death.At.A.Funeral[2007]DvDrip.AC3[Eng]-aXXo
2015-03-30 07:31 - 2015-01-29 00:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-30 07:31 - 2015-01-29 00:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-30 07:31 - 2015-01-29 00:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-30 07:31 - 2015-01-29 00:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-30 07:31 - 2015-01-29 00:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-30 07:31 - 2015-01-29 00:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-30 07:31 - 2015-01-29 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-30 07:31 - 2015-01-29 00:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-30 07:31 - 2015-01-29 00:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-30 07:31 - 2015-01-29 00:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-30 07:31 - 2015-01-28 23:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-30 07:30 - 2015-02-26 00:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-30 07:30 - 2015-02-03 00:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-30 07:30 - 2015-02-03 00:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-30 07:29 - 2015-03-06 02:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-30 07:29 - 2015-03-06 02:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-30 07:29 - 2015-03-06 02:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-30 07:29 - 2015-03-06 02:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-30 07:29 - 2015-03-06 02:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-30 07:29 - 2015-03-06 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-30 07:29 - 2015-03-06 02:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-30 07:29 - 2015-03-06 02:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-30 07:29 - 2015-03-06 02:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-30 07:29 - 2015-03-06 02:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-30 07:29 - 2015-03-06 02:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-30 07:29 - 2015-03-06 02:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-30 07:29 - 2015-03-06 02:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-30 07:29 - 2015-02-03 00:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-30 07:29 - 2015-02-03 00:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-30 07:29 - 2015-01-30 20:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-30 07:28 - 2015-02-20 01:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-30 07:28 - 2015-02-20 01:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-30 07:28 - 2015-02-20 01:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-30 07:28 - 2015-02-20 01:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-30 07:28 - 2015-02-20 01:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-30 07:28 - 2015-02-20 01:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-30 07:28 - 2015-02-20 01:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-30 07:28 - 2015-02-20 01:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-30 07:28 - 2015-02-20 00:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-30 07:28 - 2015-02-20 00:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-30 07:28 - 2015-02-13 02:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-30 07:28 - 2015-02-13 02:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-30 07:28 - 2015-02-04 00:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-30 07:28 - 2015-02-03 23:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-30 07:27 - 2015-02-21 16:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-30 07:27 - 2015-02-21 16:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-30 07:27 - 2015-02-21 16:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-30 07:27 - 2015-02-21 16:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-30 07:27 - 2015-02-21 15:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-30 07:27 - 2015-02-21 15:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-30 07:27 - 2015-02-21 15:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-30 07:27 - 2015-02-21 15:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-30 07:27 - 2015-02-21 15:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-30 07:27 - 2015-02-21 15:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-30 07:27 - 2015-02-21 15:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-30 07:27 - 2015-02-21 15:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-30 07:27 - 2015-02-21 15:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-30 07:27 - 2015-02-21 15:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-30 07:27 - 2015-02-21 14:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-30 07:27 - 2015-02-21 14:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-30 07:27 - 2015-02-21 14:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-30 07:27 - 2015-02-21 14:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-30 07:27 - 2015-02-21 14:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-30 07:27 - 2015-02-21 14:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-30 07:27 - 2015-02-21 14:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-30 07:27 - 2015-02-21 14:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-30 07:27 - 2015-02-21 14:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-30 07:27 - 2015-02-21 14:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-30 07:27 - 2015-02-21 14:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-30 07:27 - 2015-02-21 14:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-30 07:27 - 2015-02-21 14:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-30 07:26 - 2015-01-31 00:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-30 07:26 - 2015-01-31 00:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-30 07:26 - 2015-01-31 00:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-30 07:26 - 2015-01-16 23:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-30 07:26 - 2015-01-16 23:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-23 19:14 - 2015-04-05 11:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F5C.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F3C.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F0C.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3EEC.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3ECC.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2933.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2913.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA28E3.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA28C3.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2874.tmp
2015-03-17 17:23 - 2015-03-17 17:23 - 04130697 _____ () C:\Users\sg0892112\Downloads\OBT Bookings.xlsx
2015-03-17 16:47 - 2015-03-19 17:30 - 00241244 _____ () C:\Users\sg0892112\Desktop\SAP LOAD FEB15.xlsx
2015-03-16 13:01 - 2015-03-16 13:01 - 00044544 _____ () C:\Users\sg0892112\Downloads\gastos comunes febrero 2015.xls
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6BAB.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B8B.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B5B.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B3B.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B1A.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA147D.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA145C.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA142D.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA140C.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA13EC.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF700.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF6B1.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF691.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF661.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF651.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF621.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF5F1.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA535F.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA533F.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA531F.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA52EF.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA52B0.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-09 19:09 - 2009-07-14 02:13 - 00790912 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 19:06 - 2014-07-29 02:36 - 01496431 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 19:05 - 2014-11-27 19:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 17:38 - 2014-07-29 10:43 - 00000000 ____D () C:\Users\sg0892112
2015-04-09 17:38 - 2014-06-11 12:28 - 1078166528 _____ () C:\Users\sg0892112\ArchiveOld.pst
2015-04-09 17:38 - 2014-03-26 10:43 - 4211811328 _____ () C:\Users\sg0892112\Personal Folders.pst
2015-04-09 17:38 - 2012-03-02 10:52 - 2373067776 _____ () C:\Users\sg0892112\ArchiveNuevo.pst
2015-04-09 16:51 - 2014-07-29 16:37 - 00000992 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-09 15:49 - 2014-07-29 15:25 - 00000000 ____D () C:\Users\sg0892112\Documents\BO DB2 and SAP Reports
2015-04-09 14:32 - 2014-07-29 00:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-09 13:10 - 2014-07-29 16:32 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\SAP
2015-04-09 13:10 - 2014-07-29 12:09 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\SAP
2015-04-09 13:10 - 2009-07-14 01:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:10 - 2009-07-14 01:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:06 - 2014-07-29 00:43 - 00000581 _____ () C:\Windows\SMSCFG.ini
2015-04-09 13:05 - 2014-07-29 13:35 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\Deployment
2015-04-09 13:04 - 2014-07-29 10:44 - 00000000 ____D () C:\Users\sg0892112\Tracing
2015-04-09 13:03 - 2014-11-27 19:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 13:03 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 13:03 - 2009-07-14 01:51 - 00055816 _____ () C:\Windows\setupact.log
2015-04-09 10:37 - 2014-08-04 12:26 - 00000000 ____D () C:\Users\sg0892112\Desktop\0
2015-04-09 10:34 - 2014-08-04 11:09 - 00000000 ____D () C:\Scan Files
2015-04-09 10:33 - 2014-08-04 11:04 - 00000177 _____ () C:\Windows\bi_group.ini
2015-04-08 23:30 - 2014-07-29 15:01 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Skype
2015-04-08 15:24 - 2014-07-29 15:25 - 00000000 ____D () C:\Users\sg0892112\Documents\GLOBAL
2015-04-07 10:20 - 2010-11-21 00:47 - 00702252 _____ () C:\Windows\PFRO.log
2015-04-06 22:42 - 2014-08-02 12:48 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\vlc
2015-04-06 20:32 - 2014-07-29 15:44 - 00000000 ____D () C:\Users\sg0892112\Documents\PREMIER
2015-04-05 15:33 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\uTorrent
2015-04-05 11:44 - 2014-07-29 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-04 23:57 - 2014-11-27 19:45 - 00002188 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 17:21 - 2014-07-29 01:06 - 00000000 ____D () C:\ProgramData\Symantec
2015-04-02 11:21 - 2014-07-30 11:54 - 00000000 ____D () C:\Users\sg0892112\Documents\My Received Files
2015-04-02 09:38 - 2009-07-14 01:45 - 00415544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 19:26 - 2014-07-29 10:44 - 00112528 _____ () C:\Users\sg0892112\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-30 14:55 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache
2015-03-28 23:44 - 2015-01-06 20:37 - 00000000 ____D () C:\Users\sg0892112\Downloads\Fanfic
2015-03-25 13:26 - 2014-10-28 11:38 - 00000000 ____D () C:\Windows\ccmcache
2015-03-20 17:23 - 2014-07-29 15:45 - 00023894 _____ () C:\Users\sg0892112\Documents\PRMGLO Birthdays.xlsx
2015-03-17 14:56 - 2015-02-16 13:06 - 00531456 _____ () C:\Users\sg0892112\Desktop\CWT TAX FINAL.xls
2015-03-17 14:55 - 2015-02-16 13:05 - 00480768 _____ () C:\Users\sg0892112\Desktop\Z2_FINAL.xls
2015-03-17 10:28 - 2014-08-11 11:29 - 00000000 ____D () C:\Users\sg0892112\Desktop\Pre POS
2015-03-16 13:09 - 2014-07-29 16:39 - 00000000 ____D () C:\Users\sg0892112\My Notebook
2015-03-11 14:32 - 2014-08-12 14:50 - 00000000 ___SD () C:\Users\sg0892112\Documents\My Data Sources
==================== Files in the root of some directories =======
2014-09-01 05:18 - 2014-09-01 05:18 - 0002086 _____ () C:\Users\sg0892112\AppData\Roaming\CONGOXE
2014-07-29 15:51 - 2014-07-29 16:11 - 0000600 _____ () C:\Users\sg0892112\AppData\Roaming\winscp.rnd
2014-09-01 05:18 - 2014-09-01 05:18 - 0001248 _____ () C:\Users\sg0892112\AppData\Roaming\YUXTSH
2015-04-05 15:44 - 2015-04-05 15:44 - 0003584 _____ () C:\Users\sg0892112\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 19:26 - 2015-03-31 19:26 - 0005039 _____ () C:\ProgramData\wmzddnmb.cix
Some content of TEMP:
====================
C:\Users\sg0892112\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sg0892112\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 11:18
==================== End Of Log ============================
2 - the ADWCleaner
# AdwCleaner v4.201 - Logfile created 16/04/2015 at 20:19:38
# Updated 08/04/2015 by Xplode
# Database : 2015-04-15.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : SG0892112 - HN3UY89211201
# Running from : C:\Users\sg0892112\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
[x] Not Deleted : C:\Program Files (x86)\globalUpdate
[x] Not Deleted : C:\Users\sg0892112\AppData\Local\globalUpdate
[x] Not Deleted : C:\Users\sg0892112\AppData\Roaming\pdfforge
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\P71662ad8_bc87_491f_9f54_21b720af6f88_.P71662ad8_bc87_491f_9f54_21b720af6f88_
Key Deleted : HKLM\SOFTWARE\Classes\P71662ad8_bc87_491f_9f54_21b720af6f88_.P71662ad8_bc87_491f_9f54_21b720af6f88_.9
Key Deleted : HKLM\SOFTWARE\0d52f8f9-0dcf-d0d0-ab08-2cd59e57d89f
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d3d61953}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71662ad8-bc87-491f-9f54-21b720af6f88}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{10F67E56-58A9-4A52-A48A-A28A75FF9FBB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71662ad8-bc87-491f-9f54-21b720af6f88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71662ad8-bc87-491f-9f54-21b720af6f88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71662ad8-bc87-491f-9f54-21b720af6f88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71662ad8-bc87-491f-9f54-21b720af6f88}
Key Deleted : HKCU\Software\1ClickDownload
[x] Not Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\TornTv Downloader
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[x] Not Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[x] Not Deleted : [x64] HKCU\Software\GlobalUpdate
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16633
-\\ Mozilla Firefox v37.0.1 (x86 en-US)
[xs8r7o9u.default\prefs.js] - Line Deleted : user_pref("extensions.Ke4KNnjQz521dPLR.scode", "(function(){try{if(window.self.location.href.indexOf(\"rHaGqjg5pjsGrjC7rHrFrTk8rY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
[xs8r7o9u.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "148bf03530d30342044d76ab888c16c3");
-\\ Google Chrome v42.0.2311.90
[C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [3397 bytes] - [16/04/2015 20:16:31]
AdwCleaner[S0].txt - [3308 bytes] - [16/04/2015 20:19:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3367 bytes] ##########
3 -
1. Your antivirus detected the following but it's not clear if it cleaned it. Is this a program you recognize or can it be removed?
NO, I don't recognize that bugwatcher file so it can be removed. I tried to find it now and couldn't do it.
2 - 2. Do you have WindowsUpdates disabled for some reason?
The fact that you are still on IE9 and the following being in your log prompted the question.
This is a machine from my work. Any updates to Windows or other programs (such as Java) are done via the VPN. That's why I did not uninstall Java completely, I was afraid a program would not work properly with the new versions. The IT team helped me removed the error but I wanted to 'do some cleaning' since I am aware I've been downloading things lately that could have installed some risk files.
Thanks again for your help with this.