Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fake Plugin Activity2 error [Closed]

Fake Plugin malware

  • This topic is locked This topic is locked

#1
vecastone

vecastone

    New Member

  • Member
  • Pip
  • 7 posts

I am receiving the error Fake Plugin Activity2 in all my browsers (IE, Chrome, Mozilla).

 

From FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by SG0892112 (administrator) on HN3UY89211201 on 09-04-2015 19:43:58
Running from C:\Users\sg0892112\Desktop
Loaded Profiles: SG0892112 (Available profiles: SG0892112 & Coffee)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Check Point Software Tech Ltd) C:\Windows\SysWOW64\Prot_srv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
() C:\Program Files (x86)\Aviva Solutions\AFD\monsrv.exe
(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\CaptureService.exe
(aviva solutions) C:\Program Files (x86)\Aviva Solutions\AFD\AvivaMonitorServer.exe
(HP) C:\Windows\SysWOW64\HPTools\DesktopConfigUpdate\DesktopConfigUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Nortel Networks) C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
(Check Point Software Tech Ltd) C:\Windows\SysWOW64\pstartSr.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Common Files\Open Text\Spawner\bin\spawner.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\dp.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\SAP Document Pipeline 9.7.1\bin\cfbx.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\docrm.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\doctods.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\doctods.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\doctods.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\WCapWListener.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
() C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe
(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\WCapW32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe
(Check Point Software Tech Ltd) C:\Program Files (x86)\Pointsec\Pointsec for PC\P95tray.exe
(Verint Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\AimTray.exe
(HPES) C:\Windows\HPTools\UserNotify\UserNotifyFlg.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SAP AG) C:\Program Files (x86)\SAP\SapSetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(SAP, Walldorf) C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [601088 2015-02-23] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [Adobe ARM] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [318520 2011-05-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [NVC] => C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe [1717584 2010-03-01] (Nortel Networks)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164624 2012-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Check Point Endpoint Tray Application] => C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe [70144 2010-06-02] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Pointsec Tray] => C:\Program Files (x86)\Pointsec\Pointsec for PC\P95Tray.exe [858792 2011-03-08] (Check Point Software Tech Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [CfgDownload] => C:\Program Files (x86)\IXOS\bin\CfgDownload.exe [212992 2009-10-31] (Open Text Corporation)
HKLM-x32\...\Run: [ScanCfgDownload] => C:\Program Files (x86)\Open Text\Scan\bin\ScanCfgDownload.exe [217088 2010-04-14] (Open Text Corporation)
HKLM-x32\...\Run: [Witness AIM] => C:\Program Files (x86)\Witness Systems\Screen Capture Module\AimTray.exe [765952 2010-04-06] (Verint Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => [X]
HKLM-x32\...\Run: [UserNotify] => C:\Windows\HPTools\UserNotify\UserNotifyFlg.exe [50176 2013-08-07] (HPES)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Witness Systems\Screen Capture Module\wcapwlistener.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\MountPoints2: {b8def118-73cf-11e4-b062-c4d9879ed931} - D:\LaunchU3.exe -a
HKU\S-1-5-21-117609710-2025429265-725345543-71058\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\pscr_nt.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\sg0892112\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlander.S01E09.Micro.Hd.720p.Vose.lnk
ShortcutTarget: Outlander.S01E09.Micro.Hd.720p.Vose.lnk -> C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-117609710-2025429265-725345543-71058\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-117609710-2025429265-725345543-71058] => http://mvdpac.sabre....sabreremote.pac
HKU\S-1-5-21-117609710-2025429265-725345543-71058\Software\Microsoft\Internet Explorer\Main,Start Page = http://techteams.sab...s/Docs/SAP.aspx
BHO: SalePlus -> {71662ad8-bc87-491f-9f54-21b720af6f88} -> C:\Program Files (x86)\SalePlus\zBGJus1lurUqRz.x64.dll [2015-04-05] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\bin\IPS\IPSBHO.DLL [2014-08-08] (Symantec Corporation)
BHO-x32: SalePlus -> {71662ad8-bc87-491f-9f54-21b720af6f88} -> C:\Program Files (x86)\SalePlus\zBGJus1lurUqRz.dll [2015-04-05] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-07-29] (Sun Microsystems, Inc.)
DPF: HKLM-x32 {0C901283-4BDB-46A1-911F-AE2667894156} https://icrm.sabre.c...x_HI_Client.cab
DPF: HKLM-x32 {54181628-E626-46CC-B28B-0792CB1016A5} https://icrm.sabre.c...x_HI_Client.cab
DPF: HKLM-x32 {748DFEBB-6AF5-4C34-9AB2-5676CD075AC3} https://icrm.sabre.c...x_HI_Client.cab
DPF: HKLM-x32 {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://filemover.bc...Wizard7.0.0.ocx
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sabreholding...ex/ieatgpc1.cab
DPF: HKLM-x32 {E2A8FD26-C1EC-432E-AB11-186273E3789D} https://icrm.sabre.c...x_HI_Client.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9D216AC2-0970-4261-A7BF-FB1FE59CFBA1}: [NameServer] 10.12.64.101,10.16.61.14
 
FireFox:
========
FF ProfilePath: C:\Users\sg0892112\AppData\Roaming\Mozilla\Firefox\Profiles\xs8r7o9u.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll [2014-07-30] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: SaleePluS - C:\Users\sg0892112\AppData\Roaming\Mozilla\Firefox\Profiles\xs8r7o9u.default\Extensions\[email protected] [2015-04-05]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27]
CHR Extension: (Google Docs) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27]
CHR Extension: (Google Drive) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27]
CHR Extension: (YouTube) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27]
CHR Extension: (Google Search) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27]
CHR Extension: (Google Sheets) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Gmail) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27]
CHR Extension: (SaleePluS) - C:\ProgramData\mfogbeekhpiiapegkggfihobolhclndf\ []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AvivaMonitor; C:\Program Files (x86)\Aviva Solutions\AFD\monsrv.exe [161080 2010-08-09] ()
S3 Av_Service; C:\Program Files (x86)\Aviva Solutions\AFD\av_service.exe [87352 2010-08-09] ()
R2 CaptureService; C:\Program Files (x86)\Witness Systems\Screen Capture Module\CaptureService.exe [401408 2010-04-06] (Witness Systems, Inc.) [File not signed]
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)
R2 DskCfgUpdt; C:\Windows\SysWOW64\HPTools\DesktopConfigUpdate\DesktopConfigUpdateService.exe [600576 2010-12-13] (HP) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [317496 2011-05-13] (Hewlett-Packard Company)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 NvcSvcMgr; C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)
R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [165568 2012-06-19] (SAP AG)
R2 Pointsec; C:\Windows\SysWOW64\Prot_srv.exe [658088 2011-03-08] (Check Point Software Tech Ltd)
R2 Pointsec_start; C:\Windows\SysWOW64\pstartSr.exe [232104 2011-03-08] (Check Point Software Tech Ltd)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609792 2015-02-23] (Copyright 2013 SAMSUNG) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe [144496 2014-08-08] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe [2379128 2014-08-08] (Symantec Corporation)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\snac64.exe [335216 2014-08-08] (Symantec Corporation)
R2 spawner; C:\Program Files (x86)\Common Files\Open Text\Spawner\bin\spawner.exe [201968 2008-06-12] (IXOS SOFTWARE AG - an Open Text company)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\BASHDefs\20150309.013\BHDrvx64.sys [1622744 2015-02-10] (Symantec Corporation)
R1 ccSettings_{67210CE5-A4BA-4C22-B639-1C79F566632D}; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\ccSetx64.sys [169048 2014-08-08] (Symantec Corporation)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\IPSDefs\20150408.011\IDSvia64.sys [637656 2015-02-10] (Symantec Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-05-16] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150408.035\ENG64.SYS [129752 2015-02-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150408.035\EX64.SYS [2137304 2015-02-10] (Symantec Corporation)
R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)
R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
R0 prot_2k; C:\Windows\System32\Drivers\prot_2k.sys [285992 2014-07-29] (Check Point Software Tech Ltd)
R0 prot_2k; C:\Windows\SysWow64\Drivers\prot_2k.sys [221736 2011-03-08] (Check Point Software Tech Ltd)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSP64.SYS [867032 2014-08-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSPX64.SYS [36952 2014-08-08] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMDS64.SYS [493656 2014-08-08] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMEFA64.SYS [1148120 2014-08-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\Ironx64.SYS [225496 2014-08-08] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMNETS.SYS [437976 2014-08-08] (Symantec Corporation)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-08-08] (Spotflux, Inc.)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-07-25] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-07-25] (Microsoft Corporation) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 19:42 - 2015-04-09 19:42 - 00045012 _____ () C:\Users\sg0892112\Downloads\Addition.txt
2015-04-09 19:41 - 2015-04-09 19:44 - 00024431 _____ () C:\Users\sg0892112\Desktop\FRST.txt
2015-04-09 19:41 - 2015-04-09 19:43 - 00000000 ____D () C:\FRST
2015-04-09 19:41 - 2015-04-09 19:41 - 02095616 _____ (Farbar) C:\Users\sg0892112\Desktop\FRST64.exe
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA408D.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA404E.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA402E.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA400E.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA3FED.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACD28.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACD08.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACCE8.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACCC8.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACC69.tmp
2015-04-08 16:21 - 2015-04-08 16:21 - 00007604 _____ () C:\Users\sg0892112\Downloads\LBF Wholesale Non Wholesale %3A 5923670 %3A 13450429.xlsx
2015-04-08 16:09 - 2015-04-08 16:23 - 00010400 _____ () C:\Users\sg0892112\Downloads\LBF WSL Report.xlsx
2015-04-08 10:06 - 2015-04-08 10:06 - 00006894 _____ () C:\Users\sg0892112\Downloads\France CID bookings.xlsx
2015-04-07 15:57 - 2015-04-07 16:02 - 00026813 _____ () C:\Users\sg0892112\Desktop\Margaret.xlsx
2015-04-07 10:58 - 2015-04-07 11:19 - 00016263 _____ () C:\Users\sg0892112\Desktop\LBF.XLSX
2015-04-06 13:16 - 2015-04-06 16:20 - 00119257 _____ () C:\Users\sg0892112\Desktop\export.XLSX
2015-04-06 12:28 - 2015-04-06 12:28 - 00000000 _____ () C:\SOA75AD.tmp
2015-04-06 10:48 - 2015-04-06 10:48 - 00005117 _____ () C:\Users\sg0892112\Downloads\Business Aviator CWT both SC Codes and carrier R0 %26 O3.xlsx
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE5B5.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE595.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE574.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE554.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE534.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE4A6.tmp
2015-04-05 23:27 - 2015-04-05 23:27 - 00460288 _____ () C:\Users\sg0892112\Downloads\AVS Video Converter 8.5 Activation Code And Crack Full Version Free Downlaod.exe
2015-04-05 20:14 - 2015-04-05 20:14 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-04-05 20:13 - 2015-04-05 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-04-05 20:13 - 2015-04-05 20:13 - 00001242 _____ () C:\Users\sg0892112\Desktop\AVS Video Converter.lnk
2015-04-05 19:22 - 2015-04-07 10:31 - 00000932 _____ () C:\Users\sg0892112\Desktop\mozillatabs.txt
2015-04-05 19:17 - 2015-04-05 19:29 - 63042752 _____ (Online Media Technologies Ltd. ) C:\Users\sg0892112\Downloads\AVSVideoConverter.exe
2015-04-05 19:11 - 2015-04-05 20:18 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\AVS4YOU
2015-04-05 19:11 - 2015-04-05 19:11 - 00000000 ____D () C:\ProgramData\AVS4YOU
2015-04-05 19:10 - 2015-04-05 20:14 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-04-05 19:10 - 2011-06-23 13:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-04-05 19:10 - 2011-06-23 13:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-04-05 18:47 - 2015-04-05 18:51 - 154363320 _____ (Online Media Technologies Ltd. ) C:\Users\sg0892112\Downloads\AVSVideoEditor.exe
2015-04-05 18:00 - 2015-04-05 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2015-04-05 18:00 - 2015-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Xvid
2015-04-05 18:00 - 2011-06-24 16:44 - 00243200 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-04-05 18:00 - 2011-06-24 16:28 - 00650752 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-04-05 18:00 - 2011-06-24 15:58 - 00153088 _____ () C:\Windows\SysWOW64\xvid.ax
2015-04-05 17:56 - 2015-04-05 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivXLand
2015-04-05 17:56 - 2015-04-05 17:56 - 00000000 ____D () C:\Program Files (x86)\DivXLand
2015-04-05 17:56 - 2005-02-04 20:19 - 00057344 _____ (PV) C:\Windows\SysWOW64\dslider.ocx
2015-04-05 17:55 - 2015-04-05 17:55 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\AVI ReComp
2015-04-05 16:16 - 2015-04-05 16:22 - 00000000 ____D () C:\Program Files (x86)\Gabest
2015-04-05 16:16 - 2015-04-05 16:22 - 00000000 ____D () C:\Program Files (x86)\AVI ReComp
2015-04-05 15:44 - 2015-04-05 15:44 - 00003584 _____ () C:\Users\sg0892112\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-05 11:41 - 2015-04-09 12:12 - 00000000 ____D () C:\Program Files (x86)\bugwatcher
2015-04-05 11:41 - 2015-04-05 11:41 - 00000000 ____D () C:\Program Files (x86)\SalePlus
2015-04-05 11:40 - 2015-04-05 11:40 - 00000000 ____D () C:\ProgramData\17201988207728874483
2015-04-05 11:40 - 2015-04-05 11:40 - 00000000 ____D () C:\Program Files (x86)\SaleePluS
2015-04-05 11:39 - 2015-04-05 11:48 - 00000000 ____D () C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}
2015-04-05 11:39 - 2015-04-05 11:39 - 00001743 _____ () C:\Users\sg0892112\Desktop\Outlander.S01E09.Micro.Hd.720p.Vose.lnk
2015-04-05 11:39 - 2015-04-05 11:39 - 00000000 ____D () C:\ProgramData\mfogbeekhpiiapegkggfihobolhclndf
2015-04-03 17:28 - 2015-04-06 11:15 - 00252967 _____ () C:\Users\sg0892112\Desktop\export_2.XLSX
2015-03-31 20:28 - 2015-03-31 20:29 - 02120715 _____ (divxland.org ) C:\Users\sg0892112\Downloads\DivXLand_MediaSub_210.exe
2015-03-31 19:26 - 2015-03-31 21:39 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\Movavi
2015-03-31 19:26 - 2015-03-31 19:26 - 00005039 _____ () C:\ProgramData\wmzddnmb.cix
2015-03-31 19:26 - 2015-03-31 19:26 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Movavi
2015-03-31 19:00 - 2015-04-05 20:28 - 00000000 ____D () C:\Users\sg0892112\Downloads\Death.At.A.Funeral[2007]DvDrip.AC3[Eng]-aXXo
2015-03-30 07:31 - 2015-01-29 00:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-30 07:31 - 2015-01-29 00:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-30 07:31 - 2015-01-29 00:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-30 07:31 - 2015-01-29 00:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-30 07:31 - 2015-01-29 00:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-30 07:31 - 2015-01-29 00:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-30 07:31 - 2015-01-29 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-30 07:31 - 2015-01-29 00:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-30 07:31 - 2015-01-29 00:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-30 07:31 - 2015-01-29 00:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-30 07:31 - 2015-01-28 23:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-30 07:30 - 2015-02-26 00:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-30 07:30 - 2015-02-03 00:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-30 07:30 - 2015-02-03 00:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-30 07:29 - 2015-03-06 02:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-30 07:29 - 2015-03-06 02:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-30 07:29 - 2015-03-06 02:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-30 07:29 - 2015-03-06 02:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-30 07:29 - 2015-03-06 02:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-30 07:29 - 2015-03-06 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-30 07:29 - 2015-03-06 02:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-30 07:29 - 2015-03-06 02:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-30 07:29 - 2015-03-06 02:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-30 07:29 - 2015-03-06 02:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-30 07:29 - 2015-03-06 02:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-30 07:29 - 2015-03-06 02:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-30 07:29 - 2015-03-06 02:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-30 07:29 - 2015-02-03 00:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-30 07:29 - 2015-02-03 00:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-30 07:29 - 2015-01-30 20:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-30 07:28 - 2015-02-20 01:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-30 07:28 - 2015-02-20 01:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-30 07:28 - 2015-02-20 01:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-30 07:28 - 2015-02-20 01:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-30 07:28 - 2015-02-20 01:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-30 07:28 - 2015-02-20 01:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-30 07:28 - 2015-02-20 01:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-30 07:28 - 2015-02-20 01:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-30 07:28 - 2015-02-20 00:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-30 07:28 - 2015-02-20 00:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-30 07:28 - 2015-02-13 02:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-30 07:28 - 2015-02-13 02:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-30 07:28 - 2015-02-04 00:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-30 07:28 - 2015-02-03 23:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-30 07:27 - 2015-02-21 16:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-30 07:27 - 2015-02-21 16:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-30 07:27 - 2015-02-21 16:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-30 07:27 - 2015-02-21 16:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-30 07:27 - 2015-02-21 15:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-30 07:27 - 2015-02-21 15:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-30 07:27 - 2015-02-21 15:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-30 07:27 - 2015-02-21 15:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-30 07:27 - 2015-02-21 15:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-30 07:27 - 2015-02-21 15:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-30 07:27 - 2015-02-21 15:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-30 07:27 - 2015-02-21 15:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-30 07:27 - 2015-02-21 15:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-30 07:27 - 2015-02-21 15:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-30 07:27 - 2015-02-21 14:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-30 07:27 - 2015-02-21 14:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-30 07:27 - 2015-02-21 14:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-30 07:27 - 2015-02-21 14:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-30 07:27 - 2015-02-21 14:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-30 07:27 - 2015-02-21 14:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-30 07:27 - 2015-02-21 14:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-30 07:27 - 2015-02-21 14:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-30 07:27 - 2015-02-21 14:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-30 07:27 - 2015-02-21 14:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-30 07:27 - 2015-02-21 14:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-30 07:27 - 2015-02-21 14:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-30 07:27 - 2015-02-21 14:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-30 07:26 - 2015-01-31 00:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-30 07:26 - 2015-01-31 00:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-30 07:26 - 2015-01-31 00:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-30 07:26 - 2015-01-16 23:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-30 07:26 - 2015-01-16 23:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-23 19:14 - 2015-04-05 11:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F5C.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F3C.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F0C.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3EEC.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3ECC.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2933.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2913.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA28E3.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA28C3.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2874.tmp
2015-03-17 17:23 - 2015-03-17 17:23 - 04130697 _____ () C:\Users\sg0892112\Downloads\OBT Bookings.xlsx
2015-03-17 16:47 - 2015-03-19 17:30 - 00241244 _____ () C:\Users\sg0892112\Desktop\SAP LOAD FEB15.xlsx
2015-03-16 13:01 - 2015-03-16 13:01 - 00044544 _____ () C:\Users\sg0892112\Downloads\gastos comunes febrero 2015.xls
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6BAB.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B8B.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B5B.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B3B.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B1A.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA147D.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA145C.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA142D.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA140C.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA13EC.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF700.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF6B1.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF691.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF661.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF651.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF621.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF5F1.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA535F.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA533F.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA531F.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA52EF.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA52B0.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 19:09 - 2009-07-14 02:13 - 00790912 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 19:06 - 2014-07-29 02:36 - 01496431 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 19:05 - 2014-11-27 19:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 17:38 - 2014-07-29 10:43 - 00000000 ____D () C:\Users\sg0892112
2015-04-09 17:38 - 2014-06-11 12:28 - 1078166528 _____ () C:\Users\sg0892112\ArchiveOld.pst
2015-04-09 17:38 - 2014-03-26 10:43 - 4211811328 _____ () C:\Users\sg0892112\Personal Folders.pst
2015-04-09 17:38 - 2012-03-02 10:52 - 2373067776 _____ () C:\Users\sg0892112\ArchiveNuevo.pst
2015-04-09 16:51 - 2014-07-29 16:37 - 00000992 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-09 15:49 - 2014-07-29 15:25 - 00000000 ____D () C:\Users\sg0892112\Documents\BO DB2 and SAP Reports
2015-04-09 14:32 - 2014-07-29 00:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-09 13:10 - 2014-07-29 16:32 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\SAP
2015-04-09 13:10 - 2014-07-29 12:09 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\SAP
2015-04-09 13:10 - 2009-07-14 01:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:10 - 2009-07-14 01:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:06 - 2014-07-29 00:43 - 00000581 _____ () C:\Windows\SMSCFG.ini
2015-04-09 13:05 - 2014-07-29 13:35 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\Deployment
2015-04-09 13:04 - 2014-07-29 10:44 - 00000000 ____D () C:\Users\sg0892112\Tracing
2015-04-09 13:03 - 2014-11-27 19:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 13:03 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 13:03 - 2009-07-14 01:51 - 00055816 _____ () C:\Windows\setupact.log
2015-04-09 10:37 - 2014-08-04 12:26 - 00000000 ____D () C:\Users\sg0892112\Desktop\0
2015-04-09 10:34 - 2014-08-04 11:09 - 00000000 ____D () C:\Scan Files
2015-04-09 10:33 - 2014-08-04 11:04 - 00000177 _____ () C:\Windows\bi_group.ini
2015-04-08 23:30 - 2014-07-29 15:01 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Skype
2015-04-08 15:24 - 2014-07-29 15:25 - 00000000 ____D () C:\Users\sg0892112\Documents\GLOBAL
2015-04-07 10:20 - 2010-11-21 00:47 - 00702252 _____ () C:\Windows\PFRO.log
2015-04-06 22:42 - 2014-08-02 12:48 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\vlc
2015-04-06 20:32 - 2014-07-29 15:44 - 00000000 ____D () C:\Users\sg0892112\Documents\PREMIER
2015-04-05 15:33 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\uTorrent
2015-04-05 11:44 - 2014-07-29 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-04 23:57 - 2014-11-27 19:45 - 00002188 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 17:21 - 2014-07-29 01:06 - 00000000 ____D () C:\ProgramData\Symantec
2015-04-02 11:21 - 2014-07-30 11:54 - 00000000 ____D () C:\Users\sg0892112\Documents\My Received Files
2015-04-02 09:38 - 2009-07-14 01:45 - 00415544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 19:26 - 2014-07-29 10:44 - 00112528 _____ () C:\Users\sg0892112\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-30 14:55 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache
2015-03-28 23:44 - 2015-01-06 20:37 - 00000000 ____D () C:\Users\sg0892112\Downloads\Fanfic
2015-03-25 13:26 - 2014-10-28 11:38 - 00000000 ____D () C:\Windows\ccmcache
2015-03-20 17:23 - 2014-07-29 15:45 - 00023894 _____ () C:\Users\sg0892112\Documents\PRMGLO Birthdays.xlsx
2015-03-17 14:56 - 2015-02-16 13:06 - 00531456 _____ () C:\Users\sg0892112\Desktop\CWT TAX FINAL.xls
2015-03-17 14:55 - 2015-02-16 13:05 - 00480768 _____ () C:\Users\sg0892112\Desktop\Z2_FINAL.xls
2015-03-17 10:28 - 2014-08-11 11:29 - 00000000 ____D () C:\Users\sg0892112\Desktop\Pre POS
2015-03-16 13:09 - 2014-07-29 16:39 - 00000000 ____D () C:\Users\sg0892112\My Notebook
2015-03-11 14:32 - 2014-08-12 14:50 - 00000000 ___SD () C:\Users\sg0892112\Documents\My Data Sources
 
==================== Files in the root of some directories =======
 
2014-09-01 05:18 - 2014-09-01 05:18 - 0002086 _____ () C:\Users\sg0892112\AppData\Roaming\CONGOXE
2014-07-29 15:51 - 2014-07-29 16:11 - 0000600 _____ () C:\Users\sg0892112\AppData\Roaming\winscp.rnd
2014-09-01 05:18 - 2014-09-01 05:18 - 0001248 _____ () C:\Users\sg0892112\AppData\Roaming\YUXTSH
2015-04-05 15:44 - 2015-04-05 15:44 - 0003584 _____ () C:\Users\sg0892112\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 19:26 - 2015-03-31 19:26 - 0005039 _____ () C:\ProgramData\wmzddnmb.cix
 
Some content of TEMP:
====================
C:\Users\sg0892112\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sg0892112\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 11:18
 
==================== End Of Log ============================

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi and welcome to G2G. Sorry for the delay. If you still need assistance, please post your Addition.txt log that is in your downloads folder. Thank you.


  • 0

#3
vecastone

vecastone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hello Brian,

 

I was able to disable the 'extension' that was causing the constant error to pop up at least (in Chrome and Mozilla) Saalesplus. . Though I don't know if that will be enough. Here is the other txt.

Thanks for your help :)

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by SG0892112 at 2015-04-09 19:44:19
Running from C:\Users\sg0892112\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Data Provider for Teradata 14.00.0.0 (HKLM-x32\...\{F83B6C10-988A-420D-B579-2A960F36A1B2}) (Version: 14.00.0.0 - Teradata Corporation)
µTorrent (HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
AD Photo Edit Free Edition (HKLM-x32\...\{147B9B23-BFE6-4F58-96F0-201E6AF91B61}) (Version: 2.6.1 - Cjwdev)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{6BA9BA04-B062-42F4-A852-902229FD4C2A}) (Version: 11.6.602.168 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Aviva for Desktops (HKLM-x32\...\InstallShield_{CBBE637F-9F5E-4123-81C5-24ED9B87F3E8}) (Version: 11.1.0043c - Aviva Inc.)
Aviva for Desktops (x32 Version: 11.1.0043c - Aviva Inc.) Hidden
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
Check Point Endpoint Security - Full Disk Encryption (HKLM-x32\...\{31B33270-24D7-4307-84F2-A3288636B83A}) (Version: 7.4.4.1657 - Check Point Software Technologies Ltd)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
DataDirect Shadow for ODBC 7.3 (HKLM-x32\...\DataDirect Shadow for ODBC 7.3) (Version: 7.3.1.0 - DataDirect Technologies)
Defender Desktop Token (HKLM-x32\...\PassGo Desktop Token) (Version: 5.5.0.907 - Quest Software, Inc.)
Desktop Configuration Update Service v5.2  (HKLM-x32\...\{183F7597-A48E-4B0D-8FFC-B363FEF2EC5A}) (Version: 5.2.18 - HP)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivXLand Media Subtitler 2.1.0 (HKLM-x32\...\{74D5F45B-EC9F-4083-9493-364D159FFFBE}_is1) (Version:  - divxland.org)
FalconTec (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d3d61953}) (Version:  - FalconTec) <==== ATTENTION
FileZilla Client 3.3.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.3.4.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{C0C9A493-51CB-4F3F-A296-5B5E410C338E}) (Version: 5.0.9.0 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{06160949-DACD-4F5D-99A1-B7676CE5C83B}) (Version: 4.0.18.1 - Hewlett-Packard Company)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017F0}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Conferencing Add-in for Microsoft Office Outlook (HKLM-x32\...\{13BEAC7C-69C1-4A9E-89A3-D5F311DE2B69}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Communicator 2007 R2 (HKLM-x32\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.266 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mosaic (HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\e079e44a696270c1) (Version: 2.1.0.15 - Sabre)
MosaicAddIn (HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\2DBD3C6155DEF0E746B32C82F37E0EA2A82AF198) (Version: 1.0.0.30 - Sabre)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Nortel VPN Client (HKLM\...\{4EC5CF64-2E59-411D-0301-120101004016}) (Version: 10.04.016 - Nortel Networks)
ODBC Driver for Teradata 14.00.0.3 (HKLM-x32\...\{1551F9D6-1B14-4AE1-BABA-70A4319C236A}) (Version: 14.00.00.03 - Teradata Corporation)
ODBC Driver for Teradata nt-x8664 14.00.0.3 (HKLM\...\{68F1AD2A-94AF-4E5F-A4AA-C836C42F9B99}) (Version: 14.00.00.03 - Teradata Corporation)
Open Text Document Pipeline Base 9.7.1 (HKLM-x32\...\{BD5F69EA-8BC4-43EB-A0A3-4C9717AF3750}) (Version: 9.7.1.696 - Open Text Corporation)
Open Text Document Pipeline Info 9.7.1 (HKLM-x32\...\{EB230D9D-4100-48D4-9C5C-BBF3D6404AFE}) (Version: 9.7.1.420 - Open Text Corporation)
Open Text Document Pipeline Perl 9.7.1 (HKLM-x32\...\{42E78938-489B-4279-9DCC-C4E180AA5DC0}) (Version: 9.7.1.638 - Open Text Corporation)
Open Text Document Pipeline SAP 9.7.1 (HKLM-x32\...\{EA2C4431-D4E1-4BFB-9D15-E87A673445E8}) (Version: 9.7.1.964 - Open Text Corporation)
Open Text Imaging DesktopLink 9.7.0 - 64 bit (HKLM\...\{54F3859E-69CA-4E0B-9E6A-7D508EE66D40}) (Version: 9.7.0 - OPEN TEXT CORPORATION)
Open Text Imaging Enterprise Scan 9.7.1 (HKLM-x32\...\{971C0913-3C23-4199-AC2F-BA56104B2910}) (Version: 9.7.1 - Open Text Corporation)
Open Text Imaging Windows Viewer 9.7.0 (HKLM-x32\...\{7549A4D5-963E-4BFE-BCD6-3EC1233D717A}) (Version: 9.7.0 - OPEN TEXT CORPORATION)
Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapid Results (HKLM-x32\...\Rapid Results) (Version:  - )
Sabre_Win7_Profile (HKLM-x32\...\{AA25884F-14B7-4B4E-861C-88C7A2DDF88E}) (Version: 1.13.0118 - Hewlett-Packard)
SalePlus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version:  - )
Samsung Link 2.0.0.1502231139 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1502231139 - Copyright 2013 SAMSUNG)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 1 - SAP)
SAPSetup Automatic Workstation Update Service (HKLM-x32\...\SAP_WUS) (Version:  - SAP AG)
Screen Capture Module (HKLM-x32\...\{5C5BA4A4-F2F9-4791-AE91-501206DA1738}) (Version: 7.8.2.526 - Verint Systems, Inc.)
Shared ICU Libraries for Teradata 14.00.0.1 (HKLM-x32\...\{0CDBDB7E-B45C-48C2-BEF1-3F602ED1051A}) (Version: 14.00.00.01 - Teradata Corporation)
Shared ICU Libraries for Teradata nt-x8664 14.00.0.1 (HKLM\...\{C27A1002-9BA2-417C-9859-C195F014B9DA}) (Version: 14.00.00.01 - Teradata Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Symantec Endpoint Protection (HKLM\...\{60171618-BEB9-4E89-AA7B-43AD32A3EC05}) (Version: 12.1.4100.4126 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Teradata GSS Client nt-i386  14.0.2.2 (HKLM-x32\...\{D6A69B04-6F9E-48D1-B42E-4AD7F5EBED76}) (Version: 14.00.02.02 - Teradata Corporation)
Teradata GSS Client nt-x8664  14.0.2.2 (HKLM\...\{358EC7BD-F1E6-419A-B1C9-2A552E233959}) (Version: 14.00.02.02 - Teradata Corporation)
Teradata SQL Assistant 14.01.0.2 (HKLM-x32\...\{5A717A30-8F97-4B96-900F-3799CEDD743D}) (Version: 14.01.00.02 - Teradata Corporation)
UserNotify (HKLM-x32\...\{83D4188F-6907-45CA-B73A-ABA4DA1FFFE0}) (Version: 1.00.0000 - Hewlett Packard)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WinZip 11.2 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}) (Version: 11.2.8094 - WinZip Computing, S.L. )
Xvid MPEG-4 Video Codec (HKLM-x32\...\Xvid_is1) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
28-03-2015 01:00:20 Scheduled Checkpoint
30-03-2015 07:26:23 Windows Update
07-04-2015 00:11:45 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {20EA546F-1364-40CE-882F-77779A3F847B} - System32\Tasks\{2CFB0FDD-631A-4F1D-A5E0-C8A30900AF4D} => pcalua.exe -a C:\Users\sg0892112\Software\TTU.exe -d C:\Users\sg0892112\Software
Task: {3411558A-31D5-4097-81B2-EC0098C62F55} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)
Task: {3E8336E8-22CF-42E8-BA73-CCCF83347582} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {42FC2ACC-016A-4300-98BA-233ABE4B9E86} - System32\Tasks\{F3CF552E-0779-4538-B4BA-075C8ACC521A} => Iexplore.exe http://www.skype.com...8;LastError=403
Task: {82133AF1-C733-49E0-95A0-29A3B9A8581B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {C1EBD7A8-FAF4-4A12-AFDE-798DB93F2D1B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D67BD992-ED36-4B8D-85C7-78144FE59C17} - System32\Tasks\{F08757CA-3002-42C8-9B18-83FC5FA55A88} => pcalua.exe -a C:\Users\sg0892112\Downloads\B2CAppSetup.exe -d C:\Users\sg0892112\Downloads
Task: {DEEF8628-3C7C-4C26-A6A6-07AEFE1951CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)
Task: {F6D69AAC-30C0-4D1C-8F8C-7EA236D275EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-08-09 13:21 - 2010-08-09 13:21 - 00161080 _____ () C:\Program Files (x86)\Aviva Solutions\AFD\monsrv.exe
2015-03-02 20:13 - 2015-02-23 10:39 - 00025088 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2015-03-02 20:13 - 2015-02-23 10:39 - 02633728 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2015-03-02 20:13 - 2015-02-23 10:39 - 02540544 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-21 10:25 - 2013-12-21 10:25 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-21 10:26 - 2013-12-21 10:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-21 10:27 - 2013-12-21 10:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-22 08:52 - 2013-10-22 08:52 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll
2013-10-22 08:52 - 2013-10-22 08:52 - 00908800 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll
2013-12-21 10:27 - 2013-12-21 10:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 18:19 - 2013-07-23 18:19 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2011-03-17 02:07 - 2011-03-17 02:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 11:42 - 2010-01-02 11:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-21 16:13 - 2012-09-02 15:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-02 20:13 - 2015-02-23 10:39 - 00049664 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2014-04-05 11:39 - 2014-04-05 11:39 - 00461312 _____ () C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe
2011-03-08 16:26 - 2011-03-08 16:26 - 00135168 _____ () C:\Windows\SysWOW64\LogonAgentAPI.dll
2014-10-16 00:48 - 2014-10-16 00:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-22 08:48 - 2013-10-22 08:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 15:46 - 2013-12-11 15:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 18:49 - 2013-10-25 18:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 15:45 - 2013-12-11 15:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 18:53 - 2013-10-25 18:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 18:48 - 2013-10-25 18:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 15:53 - 2013-10-24 15:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 15:38 - 2013-04-19 15:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 18:42 - 2013-02-14 18:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2010-04-06 19:38 - 2010-04-06 19:38 - 00143360 _____ () C:\Program Files (x86)\Witness Systems\Screen Capture Module\OSUtils.dll
2008-10-24 18:32 - 2008-10-24 18:32 - 00012288 _____ () C:\Program Files (x86)\Witness Systems\Screen Capture Module\boost_system-vc90-mt-1_35.dll
2008-10-24 18:32 - 2008-10-24 18:32 - 00037888 _____ () C:\Program Files (x86)\Witness Systems\Screen Capture Module\boost_date_time-vc90-mt-1_35.dll
2008-10-24 18:32 - 2008-10-24 18:32 - 00035840 _____ () C:\Program Files (x86)\Witness Systems\Screen Capture Module\boost_thread-vc90-mt-1_35.dll
2008-06-12 21:06 - 2008-06-12 21:06 - 00778240 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\bin\perl58.dll
2008-06-12 22:46 - 2008-06-12 22:46 - 00008704 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\lib\perl-5.8.5\MSWin32-x86-multi-thread\auto\IXOS\DTLogging\DTLogging.dll
2008-06-12 22:46 - 2008-06-12 22:46 - 00017920 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\lib\perl-5.8.5\MSWin32-x86-multi-thread\auto\IXOS\DTUtil\DTUtil.dll
2008-06-12 22:46 - 2008-06-12 22:46 - 00081920 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\lib\perl-5.8.5\MSWin32-x86-multi-thread\auto\IXOS\DTDocument2\DTDocument2.dll
2008-06-12 21:06 - 2008-06-12 21:06 - 00009728 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\lib\MSWin32-x86-multi-thread\auto\Cwd\Cwd.dll
2008-06-12 21:08 - 2008-06-12 21:08 - 00014848 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\lib\MSWin32-x86-multi-thread\auto\IO\IO.dll
2008-06-12 21:08 - 2008-06-12 21:08 - 00018944 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\lib\MSWin32-x86-multi-thread\auto\Socket\Socket.dll
2008-06-12 21:08 - 2008-06-12 21:08 - 00010240 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\lib\MSWin32-x86-multi-thread\auto\MIME\Base64\Base64.dll
2008-06-12 21:14 - 2008-06-12 21:14 - 00163840 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\site\lib\MSWin32-x86-multi-thread\auto\XML\Parser\Expat\Expat.dll
2008-06-12 22:45 - 2008-06-12 22:45 - 00010240 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\lib\perl-5.8.5\MSWin32-x86-multi-thread\auto\IXOS\DT\DT.dll
2009-07-13 18:03 - 2009-07-13 22:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-07-30 19:04 - 2014-07-30 19:04 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2010-08-15 19:08 - 2010-08-15 19:08 - 00094208 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2011-03-17 02:11 - 2011-03-17 02:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-04 23:57 - 2015-03-30 18:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-04 23:57 - 2015-03-30 18:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-04 23:57 - 2015-03-30 18:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\sg0892112\Downloads\El Observador + BROTHER.pdf:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-117609710-2025429265-725345543-71058\Control Panel\Desktop\\Wallpaper -> C:\Users\sg0892112\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Coffee (S-1-5-21-1306677910-1177036720-1036269624-500 - Administrator - Enabled) => C:\Users\Administrator
SabreNTGuest (S-1-5-21-1306677910-1177036720-1036269624-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2015 01:03:26 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen in File: C:\Program Files (x86)\bugwatcher\bugwatcher.dll by: Auto-Protect scan.  Action: Clean failed : Quarantine failed.  Action Description: Reboot Processing
 
Error: (04/09/2015 01:03:25 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen in File: c:\program files (x86)\bugwatcher\bugwatcher.dll by: Manual scan.  Action: Clean failed : Leave Alone failed.  Action Description: Reboot Processing
 
Error: (04/09/2015 01:03:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/09/2015 00:15:01 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen in File: C:\Program Files (x86)\bugwatcher\bugwatcher.dll by: Auto-Protect scan.  Action: Reboot Required.  Action Description: The file was quarantined successfully.
 
Error: (04/09/2015 00:11:44 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen in File: c:\program files (x86)\bugwatcher\bugwatcher.dll by: Manual scan.  Action: Reboot Required.  Action Description: Clean was partially successful.
 
Error: (04/09/2015 00:09:53 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen in File: c:\program files (x86)\bugwatcher\bugwatcher.dll by: Defwatch scan.  Action: Process or service must be halted.  Action Description:
 
Error: (04/09/2015 00:06:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Mosaic2.exe, version: 2.1.0.15, time stamp: 0x5509c2dc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0xe0434352
Fault offset: 0x0000c41f
Faulting process id: 0x5c94
Faulting application start time: 0xMosaic2.exe0
Faulting application path: Mosaic2.exe1
Faulting module path: Mosaic2.exe2
Report Id: Mosaic2.exe3
 
Error: (04/09/2015 00:06:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Mosaic2.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Genesyslab.Platform.Commons.Protocols.ProtocolException
Stack:
   at Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolFacility.BeginOpenProtocol(Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolInstance)
   at Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolManagementService.BeginOpenProtocol(Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolInstance)
   at Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolManagementService.BeginOpen()
   at Sabre.Mosaic.Modules.Genesys.Servers.StatsServerController.Connect()
   at Sabre.Mosaic.Modules.Genesys.Servers.StatsServerController.OnNetworkChangeEvent(Boolean)
   at Microsoft.Practices.Prism.Events.EventSubscription`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeAction(System.Action`1<Boolean>, Boolean)
   at Microsoft.Practices.Prism.Events.EventSubscription`1+<>c__DisplayClass2[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<GetExecutionStrategy>b__0(System.Object[])
   at Microsoft.Practices.Prism.Events.EventBase.InternalPublish(System.Object[])
   at Microsoft.Practices.Prism.Events.CompositePresentationEvent`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Publish(Boolean)
   at Sabre.Mosaic.Modules.Genesys.GenesysModule.OnNetworkAvailabilityChange(System.Object, System.Net.NetworkInformation.NetworkAvailabilityEventArgs)
   at System.Net.NetworkInformation.NetworkChange+AvailabilityChangeListener.RunHandlerCallback(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Net.NetworkInformation.NetworkChange+AvailabilityChangeListener.ChangedAddress(System.Object, System.EventArgs)
   at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.AddressChangedCallback(System.Object, Boolean)
   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)
 
Error: (04/09/2015 07:26:42 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: GLOBAL\SG08921120x8007003aThe specified server cannot perform the requested operation.
 
Error: (04/08/2015 11:26:41 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: GLOBAL\SG08921120x8007003aThe specified server cannot perform the requested operation.
 
 
System errors:
=============
Error: (04/09/2015 07:44:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1297
 
Error: (04/09/2015 07:44:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1297
 
Error: (04/09/2015 07:43:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1297
 
Error: (04/09/2015 07:43:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1297
 
Error: (04/09/2015 07:43:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1297
 
Error: (04/09/2015 07:43:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1297
 
Error: (04/09/2015 07:43:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1297
 
Error: (04/09/2015 07:43:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1297
 
Error: (04/09/2015 07:43:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1297
 
Error: (04/09/2015 07:43:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1297
 
 
Microsoft Office Sessions:
=========================
Error: (04/09/2015 01:03:26 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen in File: C:\Program Files (x86)\bugwatcher\bugwatcher.dll by: Auto-Protect scan.  Action: Clean failed : Quarantine failed.  Action Description: Reboot Processing
 
Error: (04/09/2015 01:03:25 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen in File: c:\program files (x86)\bugwatcher\bugwatcher.dll by: Manual scan.  Action: Clean failed : Leave Alone failed.  Action Description: Reboot Processing
 
Error: (04/09/2015 01:03:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/09/2015 00:15:01 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen in File: C:\Program Files (x86)\bugwatcher\bugwatcher.dll by: Auto-Protect scan.  Action: Reboot Required.  Action Description: The file was quarantined successfully.
 
Error: (04/09/2015 00:11:44 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen in File: c:\program files (x86)\bugwatcher\bugwatcher.dll by: Manual scan.  Action: Reboot Required.  Action Description: Clean was partially successful.
 
Error: (04/09/2015 00:09:53 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen in File: c:\program files (x86)\bugwatcher\bugwatcher.dll by: Defwatch scan.  Action: Process or service must be halted.  Action Description:
 
Error: (04/09/2015 00:06:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Mosaic2.exe2.1.0.155509c2dcKERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41f5c9401d072bcb577b53eC:\Users\sg0892112\AppData\Local\Apps\2.0\W11Z22ZY.881\BO7R4KC1.DHB\mosa..tion_0000000000000000_0002.0001_bd9ea008890af9ac\Mosaic2.exeC:\Windows\syswow64\KERNELBASE.dll007dced4-deca-11e4-bec7-c4346b28f0f3
 
Error: (04/09/2015 00:06:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Mosaic2.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Genesyslab.Platform.Commons.Protocols.ProtocolException
Stack:
   at Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolFacility.BeginOpenProtocol(Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolInstance)
   at Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolManagementService.BeginOpenProtocol(Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolInstance)
   at Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolManagementService.BeginOpen()
   at Sabre.Mosaic.Modules.Genesys.Servers.StatsServerController.Connect()
   at Sabre.Mosaic.Modules.Genesys.Servers.StatsServerController.OnNetworkChangeEvent(Boolean)
   at Microsoft.Practices.Prism.Events.EventSubscription`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeAction(System.Action`1<Boolean>, Boolean)
   at Microsoft.Practices.Prism.Events.EventSubscription`1+<>c__DisplayClass2[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<GetExecutionStrategy>b__0(System.Object[])
   at Microsoft.Practices.Prism.Events.EventBase.InternalPublish(System.Object[])
   at Microsoft.Practices.Prism.Events.CompositePresentationEvent`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Publish(Boolean)
   at Sabre.Mosaic.Modules.Genesys.GenesysModule.OnNetworkAvailabilityChange(System.Object, System.Net.NetworkInformation.NetworkAvailabilityEventArgs)
   at System.Net.NetworkInformation.NetworkChange+AvailabilityChangeListener.RunHandlerCallback(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Net.NetworkInformation.NetworkChange+AvailabilityChangeListener.ChangedAddress(System.Object, System.EventArgs)
   at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.AddressChangedCallback(System.Object, Boolean)
   at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)
 
Error: (04/09/2015 07:26:42 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: GLOBAL\SG08921120x8007003aThe specified server cannot perform the requested operation.
 
Error: (04/08/2015 11:26:41 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: GLOBAL\SG08921120x8007003aThe specified server cannot perform the requested operation.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-29 00:41:59.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBSTOR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-29 00:41:59.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBSTOR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-29 02:41:43.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBSTOR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-29 02:41:42.988
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\USBSTOR.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-29 02:33:43.240
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-29 02:33:43.225
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-29 02:33:30.324
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-29 02:33:30.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-29 02:32:24.507
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-29 02:32:24.507
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3427U CPU @ 1.80GHz
Percentage of memory in use: 43%
Total physical RAM: 8055.5 MB
Available physical RAM: 4513.51 MB
Total Pagefile: 16109.2 MB
Available Pagefile: 11992.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Sabre) (Fixed) (Total:298.09 GB) (Free:164.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FFB21081)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you. Let's get rid of it off your system, fix some damage that was done and decrease your exposure to infection. Please do the following.

 

Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
 
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): uTorrent

 

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

Java 7 Update 51 (64-bit)
Java™ 6 Update 17                <----------you will have a chance to update Java later
Java™ 6 Update 18
SalePlus

 

Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   745bytes   166 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#5 - Questions

1. Your antivirus detected the following but it's not clear if it cleaned it. Is this a program you recognize or can it be removed?

Security Risk Found!Trojan.Gen in File: C:\Program Files (x86)\bugwatcher\bugwatcher.dll by: Auto-Protect scan.  Action: Clean failed : Quarantine failed.  Action Description: Reboot Processing

 

 

2. Do you have WindowsUpdates disabled for some reason?

The fact that you are still on IE9 and the following being in your log prompted the question.

HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoWindowsUpdate] 1

 

 

 

Items for your next post

1. FRST Fix Log

2. AdwCleaner Log

3. Answers to Questions


  • 0

#5
vecastone

vecastone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi again Brian,

Below the FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by SG0892112 (administrator) on HN3UY89211201 on 09-04-2015 19:43:58
Running from C:\Users\sg0892112\Desktop
Loaded Profiles: SG0892112 (Available profiles: SG0892112 & Coffee)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Check Point Software Tech Ltd) C:\Windows\SysWOW64\Prot_srv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
() C:\Program Files (x86)\Aviva Solutions\AFD\monsrv.exe
(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\CaptureService.exe
(aviva solutions) C:\Program Files (x86)\Aviva Solutions\AFD\AvivaMonitorServer.exe
(HP) C:\Windows\SysWOW64\HPTools\DesktopConfigUpdate\DesktopConfigUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Nortel Networks) C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
(Check Point Software Tech Ltd) C:\Windows\SysWOW64\pstartSr.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Common Files\Open Text\Spawner\bin\spawner.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\dp.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\SAP Document Pipeline 9.7.1\bin\cfbx.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\docrm.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\doctods.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\doctods.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\doctods.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\WCapWListener.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
() C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe
(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\WCapW32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe
(Check Point Software Tech Ltd) C:\Program Files (x86)\Pointsec\Pointsec for PC\P95tray.exe
(Verint Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\AimTray.exe
(HPES) C:\Windows\HPTools\UserNotify\UserNotifyFlg.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SAP AG) C:\Program Files (x86)\SAP\SapSetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(SAP, Walldorf) C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [601088 2015-02-23] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [Adobe ARM] => [X]
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [318520 2011-05-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [NVC] => C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe [1717584 2010-03-01] (Nortel Networks)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164624 2012-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Check Point Endpoint Tray Application] => C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe [70144 2010-06-02] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Pointsec Tray] => C:\Program Files (x86)\Pointsec\Pointsec for PC\P95Tray.exe [858792 2011-03-08] (Check Point Software Tech Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [CfgDownload] => C:\Program Files (x86)\IXOS\bin\CfgDownload.exe [212992 2009-10-31] (Open Text Corporation)
HKLM-x32\...\Run: [ScanCfgDownload] => C:\Program Files (x86)\Open Text\Scan\bin\ScanCfgDownload.exe [217088 2010-04-14] (Open Text Corporation)
HKLM-x32\...\Run: [Witness AIM] => C:\Program Files (x86)\Witness Systems\Screen Capture Module\AimTray.exe [765952 2010-04-06] (Verint Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => [X]
HKLM-x32\...\Run: [UserNotify] => C:\Windows\HPTools\UserNotify\UserNotifyFlg.exe [50176 2013-08-07] (HPES)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Witness Systems\Screen Capture Module\wcapwlistener.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\MountPoints2: {b8def118-73cf-11e4-b062-c4d9879ed931} - D:\LaunchU3.exe -a
HKU\S-1-5-21-117609710-2025429265-725345543-71058\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\pscr_nt.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\sg0892112\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlander.S01E09.Micro.Hd.720p.Vose.lnk
ShortcutTarget: Outlander.S01E09.Micro.Hd.720p.Vose.lnk -> C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-117609710-2025429265-725345543-71058\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-117609710-2025429265-725345543-71058] => http://mvdpac.sabre....sabreremote.pac
HKU\S-1-5-21-117609710-2025429265-725345543-71058\Software\Microsoft\Internet Explorer\Main,Start Page = http://techteams.sab...s/Docs/SAP.aspx
BHO: SalePlus -> {71662ad8-bc87-491f-9f54-21b720af6f88} -> C:\Program Files (x86)\SalePlus\zBGJus1lurUqRz.x64.dll [2015-04-05] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\bin\IPS\IPSBHO.DLL [2014-08-08] (Symantec Corporation)
BHO-x32: SalePlus -> {71662ad8-bc87-491f-9f54-21b720af6f88} -> C:\Program Files (x86)\SalePlus\zBGJus1lurUqRz.dll [2015-04-05] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-07-29] (Sun Microsystems, Inc.)
DPF: HKLM-x32 {0C901283-4BDB-46A1-911F-AE2667894156} https://icrm.sabre.c...x_HI_Client.cab
DPF: HKLM-x32 {54181628-E626-46CC-B28B-0792CB1016A5} https://icrm.sabre.c...x_HI_Client.cab
DPF: HKLM-x32 {748DFEBB-6AF5-4C34-9AB2-5676CD075AC3} https://icrm.sabre.c...x_HI_Client.cab
DPF: HKLM-x32 {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://filemover.bc...Wizard7.0.0.ocx
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sabreholding...ex/ieatgpc1.cab
DPF: HKLM-x32 {E2A8FD26-C1EC-432E-AB11-186273E3789D} https://icrm.sabre.c...x_HI_Client.cab
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9D216AC2-0970-4261-A7BF-FB1FE59CFBA1}: [NameServer] 10.12.64.101,10.16.61.14
 
FireFox:
========
FF ProfilePath: C:\Users\sg0892112\AppData\Roaming\Mozilla\Firefox\Profiles\xs8r7o9u.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll [2014-07-30] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: SaleePluS - C:\Users\sg0892112\AppData\Roaming\Mozilla\Firefox\Profiles\xs8r7o9u.default\Extensions\[email protected] [2015-04-05]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27]
CHR Extension: (Google Docs) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27]
CHR Extension: (Google Drive) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27]
CHR Extension: (YouTube) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27]
CHR Extension: (Google Search) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27]
CHR Extension: (Google Sheets) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]
CHR Extension: (Gmail) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27]
CHR Extension: (SaleePluS) - C:\ProgramData\mfogbeekhpiiapegkggfihobolhclndf\ []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AvivaMonitor; C:\Program Files (x86)\Aviva Solutions\AFD\monsrv.exe [161080 2010-08-09] ()
S3 Av_Service; C:\Program Files (x86)\Aviva Solutions\AFD\av_service.exe [87352 2010-08-09] ()
R2 CaptureService; C:\Program Files (x86)\Witness Systems\Screen Capture Module\CaptureService.exe [401408 2010-04-06] (Witness Systems, Inc.) [File not signed]
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)
R2 DskCfgUpdt; C:\Windows\SysWOW64\HPTools\DesktopConfigUpdate\DesktopConfigUpdateService.exe [600576 2010-12-13] (HP) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [317496 2011-05-13] (Hewlett-Packard Company)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
R2 NvcSvcMgr; C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)
R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [165568 2012-06-19] (SAP AG)
R2 Pointsec; C:\Windows\SysWOW64\Prot_srv.exe [658088 2011-03-08] (Check Point Software Tech Ltd)
R2 Pointsec_start; C:\Windows\SysWOW64\pstartSr.exe [232104 2011-03-08] (Check Point Software Tech Ltd)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609792 2015-02-23] (Copyright 2013 SAMSUNG) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe [144496 2014-08-08] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe [2379128 2014-08-08] (Symantec Corporation)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\snac64.exe [335216 2014-08-08] (Symantec Corporation)
R2 spawner; C:\Program Files (x86)\Common Files\Open Text\Spawner\bin\spawner.exe [201968 2008-06-12] (IXOS SOFTWARE AG - an Open Text company)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\BASHDefs\20150309.013\BHDrvx64.sys [1622744 2015-02-10] (Symantec Corporation)
R1 ccSettings_{67210CE5-A4BA-4C22-B639-1C79F566632D}; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\ccSetx64.sys [169048 2014-08-08] (Symantec Corporation)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\IPSDefs\20150408.011\IDSvia64.sys [637656 2015-02-10] (Symantec Corporation)
S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-05-16] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150408.035\ENG64.SYS [129752 2015-02-10] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150408.035\EX64.SYS [2137304 2015-02-10] (Symantec Corporation)
R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)
R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
R0 prot_2k; C:\Windows\System32\Drivers\prot_2k.sys [285992 2014-07-29] (Check Point Software Tech Ltd)
R0 prot_2k; C:\Windows\SysWow64\Drivers\prot_2k.sys [221736 2011-03-08] (Check Point Software Tech Ltd)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSP64.SYS [867032 2014-08-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSPX64.SYS [36952 2014-08-08] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMDS64.SYS [493656 2014-08-08] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMEFA64.SYS [1148120 2014-08-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\Ironx64.SYS [225496 2014-08-08] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMNETS.SYS [437976 2014-08-08] (Symantec Corporation)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-08-08] (Spotflux, Inc.)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-07-25] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-07-25] (Microsoft Corporation) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 19:42 - 2015-04-09 19:42 - 00045012 _____ () C:\Users\sg0892112\Downloads\Addition.txt
2015-04-09 19:41 - 2015-04-09 19:44 - 00024431 _____ () C:\Users\sg0892112\Desktop\FRST.txt
2015-04-09 19:41 - 2015-04-09 19:43 - 00000000 ____D () C:\FRST
2015-04-09 19:41 - 2015-04-09 19:41 - 02095616 _____ (Farbar) C:\Users\sg0892112\Desktop\FRST64.exe
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA408D.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA404E.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA402E.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA400E.tmp
2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA3FED.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACD28.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACD08.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACCE8.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACCC8.tmp
2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACC69.tmp
2015-04-08 16:21 - 2015-04-08 16:21 - 00007604 _____ () C:\Users\sg0892112\Downloads\LBF Wholesale Non Wholesale %3A 5923670 %3A 13450429.xlsx
2015-04-08 16:09 - 2015-04-08 16:23 - 00010400 _____ () C:\Users\sg0892112\Downloads\LBF WSL Report.xlsx
2015-04-08 10:06 - 2015-04-08 10:06 - 00006894 _____ () C:\Users\sg0892112\Downloads\France CID bookings.xlsx
2015-04-07 15:57 - 2015-04-07 16:02 - 00026813 _____ () C:\Users\sg0892112\Desktop\Margaret.xlsx
2015-04-07 10:58 - 2015-04-07 11:19 - 00016263 _____ () C:\Users\sg0892112\Desktop\LBF.XLSX
2015-04-06 13:16 - 2015-04-06 16:20 - 00119257 _____ () C:\Users\sg0892112\Desktop\export.XLSX
2015-04-06 12:28 - 2015-04-06 12:28 - 00000000 _____ () C:\SOA75AD.tmp
2015-04-06 10:48 - 2015-04-06 10:48 - 00005117 _____ () C:\Users\sg0892112\Downloads\Business Aviator CWT both SC Codes and carrier R0 %26 O3.xlsx
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE5B5.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE595.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE574.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE554.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE534.tmp
2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE4A6.tmp
2015-04-05 23:27 - 2015-04-05 23:27 - 00460288 _____ () C:\Users\sg0892112\Downloads\AVS Video Converter 8.5 Activation Code And Crack Full Version Free Downlaod.exe
2015-04-05 20:14 - 2015-04-05 20:14 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-04-05 20:13 - 2015-04-05 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-04-05 20:13 - 2015-04-05 20:13 - 00001242 _____ () C:\Users\sg0892112\Desktop\AVS Video Converter.lnk
2015-04-05 19:22 - 2015-04-07 10:31 - 00000932 _____ () C:\Users\sg0892112\Desktop\mozillatabs.txt
2015-04-05 19:17 - 2015-04-05 19:29 - 63042752 _____ (Online Media Technologies Ltd. ) C:\Users\sg0892112\Downloads\AVSVideoConverter.exe
2015-04-05 19:11 - 2015-04-05 20:18 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\AVS4YOU
2015-04-05 19:11 - 2015-04-05 19:11 - 00000000 ____D () C:\ProgramData\AVS4YOU
2015-04-05 19:10 - 2015-04-05 20:14 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-04-05 19:10 - 2011-06-23 13:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-04-05 19:10 - 2011-06-23 13:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-04-05 18:47 - 2015-04-05 18:51 - 154363320 _____ (Online Media Technologies Ltd. ) C:\Users\sg0892112\Downloads\AVSVideoEditor.exe
2015-04-05 18:00 - 2015-04-05 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2015-04-05 18:00 - 2015-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Xvid
2015-04-05 18:00 - 2011-06-24 16:44 - 00243200 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-04-05 18:00 - 2011-06-24 16:28 - 00650752 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-04-05 18:00 - 2011-06-24 15:58 - 00153088 _____ () C:\Windows\SysWOW64\xvid.ax
2015-04-05 17:56 - 2015-04-05 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivXLand
2015-04-05 17:56 - 2015-04-05 17:56 - 00000000 ____D () C:\Program Files (x86)\DivXLand
2015-04-05 17:56 - 2005-02-04 20:19 - 00057344 _____ (PV) C:\Windows\SysWOW64\dslider.ocx
2015-04-05 17:55 - 2015-04-05 17:55 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\AVI ReComp
2015-04-05 16:16 - 2015-04-05 16:22 - 00000000 ____D () C:\Program Files (x86)\Gabest
2015-04-05 16:16 - 2015-04-05 16:22 - 00000000 ____D () C:\Program Files (x86)\AVI ReComp
2015-04-05 15:44 - 2015-04-05 15:44 - 00003584 _____ () C:\Users\sg0892112\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-05 11:41 - 2015-04-09 12:12 - 00000000 ____D () C:\Program Files (x86)\bugwatcher
2015-04-05 11:41 - 2015-04-05 11:41 - 00000000 ____D () C:\Program Files (x86)\SalePlus
2015-04-05 11:40 - 2015-04-05 11:40 - 00000000 ____D () C:\ProgramData\17201988207728874483
2015-04-05 11:40 - 2015-04-05 11:40 - 00000000 ____D () C:\Program Files (x86)\SaleePluS
2015-04-05 11:39 - 2015-04-05 11:48 - 00000000 ____D () C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}
2015-04-05 11:39 - 2015-04-05 11:39 - 00001743 _____ () C:\Users\sg0892112\Desktop\Outlander.S01E09.Micro.Hd.720p.Vose.lnk
2015-04-05 11:39 - 2015-04-05 11:39 - 00000000 ____D () C:\ProgramData\mfogbeekhpiiapegkggfihobolhclndf
2015-04-03 17:28 - 2015-04-06 11:15 - 00252967 _____ () C:\Users\sg0892112\Desktop\export_2.XLSX
2015-03-31 20:28 - 2015-03-31 20:29 - 02120715 _____ (divxland.org ) C:\Users\sg0892112\Downloads\DivXLand_MediaSub_210.exe
2015-03-31 19:26 - 2015-03-31 21:39 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\Movavi
2015-03-31 19:26 - 2015-03-31 19:26 - 00005039 _____ () C:\ProgramData\wmzddnmb.cix
2015-03-31 19:26 - 2015-03-31 19:26 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Movavi
2015-03-31 19:00 - 2015-04-05 20:28 - 00000000 ____D () C:\Users\sg0892112\Downloads\Death.At.A.Funeral[2007]DvDrip.AC3[Eng]-aXXo
2015-03-30 07:31 - 2015-01-29 00:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-30 07:31 - 2015-01-29 00:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-30 07:31 - 2015-01-29 00:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-30 07:31 - 2015-01-29 00:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-30 07:31 - 2015-01-29 00:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-30 07:31 - 2015-01-29 00:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-30 07:31 - 2015-01-29 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-30 07:31 - 2015-01-29 00:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-30 07:31 - 2015-01-29 00:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-30 07:31 - 2015-01-29 00:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-30 07:31 - 2015-01-28 23:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-30 07:30 - 2015-02-26 00:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-30 07:30 - 2015-02-03 00:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-30 07:30 - 2015-02-03 00:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-30 07:29 - 2015-03-06 02:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-30 07:29 - 2015-03-06 02:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-30 07:29 - 2015-03-06 02:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-30 07:29 - 2015-03-06 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-30 07:29 - 2015-03-06 02:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-30 07:29 - 2015-03-06 02:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-30 07:29 - 2015-03-06 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-30 07:29 - 2015-03-06 02:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-30 07:29 - 2015-03-06 02:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-30 07:29 - 2015-03-06 02:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-30 07:29 - 2015-03-06 02:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-30 07:29 - 2015-03-06 02:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-30 07:29 - 2015-03-06 02:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-30 07:29 - 2015-03-06 02:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-30 07:29 - 2015-03-06 02:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-30 07:29 - 2015-02-03 00:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-30 07:29 - 2015-02-03 00:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-30 07:29 - 2015-01-30 20:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-30 07:28 - 2015-02-20 01:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-30 07:28 - 2015-02-20 01:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-30 07:28 - 2015-02-20 01:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-30 07:28 - 2015-02-20 01:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-30 07:28 - 2015-02-20 01:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-30 07:28 - 2015-02-20 01:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-30 07:28 - 2015-02-20 01:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-30 07:28 - 2015-02-20 01:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-30 07:28 - 2015-02-20 00:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-30 07:28 - 2015-02-20 00:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-30 07:28 - 2015-02-13 02:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-30 07:28 - 2015-02-13 02:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-30 07:28 - 2015-02-04 00:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-30 07:28 - 2015-02-03 23:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-30 07:27 - 2015-02-21 16:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-30 07:27 - 2015-02-21 16:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-30 07:27 - 2015-02-21 16:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-30 07:27 - 2015-02-21 16:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-30 07:27 - 2015-02-21 15:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-30 07:27 - 2015-02-21 15:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-30 07:27 - 2015-02-21 15:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-30 07:27 - 2015-02-21 15:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-30 07:27 - 2015-02-21 15:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-30 07:27 - 2015-02-21 15:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-30 07:27 - 2015-02-21 15:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-30 07:27 - 2015-02-21 15:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-30 07:27 - 2015-02-21 15:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-30 07:27 - 2015-02-21 15:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-30 07:27 - 2015-02-21 15:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-30 07:27 - 2015-02-21 14:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-30 07:27 - 2015-02-21 14:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-30 07:27 - 2015-02-21 14:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-30 07:27 - 2015-02-21 14:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-30 07:27 - 2015-02-21 14:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-30 07:27 - 2015-02-21 14:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-30 07:27 - 2015-02-21 14:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-30 07:27 - 2015-02-21 14:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-30 07:27 - 2015-02-21 14:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-30 07:27 - 2015-02-21 14:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-30 07:27 - 2015-02-21 14:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-30 07:27 - 2015-02-21 14:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-30 07:27 - 2015-02-21 14:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-30 07:27 - 2015-02-21 14:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-30 07:27 - 2015-02-21 14:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-30 07:26 - 2015-01-31 00:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-30 07:26 - 2015-01-31 00:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-30 07:26 - 2015-01-31 00:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-30 07:26 - 2015-01-16 23:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-30 07:26 - 2015-01-16 23:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-23 19:14 - 2015-04-05 11:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F5C.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F3C.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F0C.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3EEC.tmp
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3ECC.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2933.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2913.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA28E3.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA28C3.tmp
2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2874.tmp
2015-03-17 17:23 - 2015-03-17 17:23 - 04130697 _____ () C:\Users\sg0892112\Downloads\OBT Bookings.xlsx
2015-03-17 16:47 - 2015-03-19 17:30 - 00241244 _____ () C:\Users\sg0892112\Desktop\SAP LOAD FEB15.xlsx
2015-03-16 13:01 - 2015-03-16 13:01 - 00044544 _____ () C:\Users\sg0892112\Downloads\gastos comunes febrero 2015.xls
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6BAB.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B8B.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B5B.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B3B.tmp
2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B1A.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA147D.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA145C.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA142D.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA140C.tmp
2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA13EC.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF700.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF6B1.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF691.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF661.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF651.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF621.tmp
2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF5F1.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA535F.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA533F.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA531F.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA52EF.tmp
2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA52B0.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 19:09 - 2009-07-14 02:13 - 00790912 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 19:06 - 2014-07-29 02:36 - 01496431 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 19:05 - 2014-11-27 19:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 17:38 - 2014-07-29 10:43 - 00000000 ____D () C:\Users\sg0892112
2015-04-09 17:38 - 2014-06-11 12:28 - 1078166528 _____ () C:\Users\sg0892112\ArchiveOld.pst
2015-04-09 17:38 - 2014-03-26 10:43 - 4211811328 _____ () C:\Users\sg0892112\Personal Folders.pst
2015-04-09 17:38 - 2012-03-02 10:52 - 2373067776 _____ () C:\Users\sg0892112\ArchiveNuevo.pst
2015-04-09 16:51 - 2014-07-29 16:37 - 00000992 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-09 15:49 - 2014-07-29 15:25 - 00000000 ____D () C:\Users\sg0892112\Documents\BO DB2 and SAP Reports
2015-04-09 14:32 - 2014-07-29 00:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-09 13:10 - 2014-07-29 16:32 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\SAP
2015-04-09 13:10 - 2014-07-29 12:09 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\SAP
2015-04-09 13:10 - 2009-07-14 01:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:10 - 2009-07-14 01:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 13:06 - 2014-07-29 00:43 - 00000581 _____ () C:\Windows\SMSCFG.ini
2015-04-09 13:05 - 2014-07-29 13:35 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\Deployment
2015-04-09 13:04 - 2014-07-29 10:44 - 00000000 ____D () C:\Users\sg0892112\Tracing
2015-04-09 13:03 - 2014-11-27 19:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 13:03 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 13:03 - 2009-07-14 01:51 - 00055816 _____ () C:\Windows\setupact.log
2015-04-09 10:37 - 2014-08-04 12:26 - 00000000 ____D () C:\Users\sg0892112\Desktop\0
2015-04-09 10:34 - 2014-08-04 11:09 - 00000000 ____D () C:\Scan Files
2015-04-09 10:33 - 2014-08-04 11:04 - 00000177 _____ () C:\Windows\bi_group.ini
2015-04-08 23:30 - 2014-07-29 15:01 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Skype
2015-04-08 15:24 - 2014-07-29 15:25 - 00000000 ____D () C:\Users\sg0892112\Documents\GLOBAL
2015-04-07 10:20 - 2010-11-21 00:47 - 00702252 _____ () C:\Windows\PFRO.log
2015-04-06 22:42 - 2014-08-02 12:48 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\vlc
2015-04-06 20:32 - 2014-07-29 15:44 - 00000000 ____D () C:\Users\sg0892112\Documents\PREMIER
2015-04-05 15:33 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\uTorrent
2015-04-05 11:44 - 2014-07-29 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-04 23:57 - 2014-11-27 19:45 - 00002188 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-03 17:21 - 2014-07-29 01:06 - 00000000 ____D () C:\ProgramData\Symantec
2015-04-02 11:21 - 2014-07-30 11:54 - 00000000 ____D () C:\Users\sg0892112\Documents\My Received Files
2015-04-02 09:38 - 2009-07-14 01:45 - 00415544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 19:26 - 2014-07-29 10:44 - 00112528 _____ () C:\Users\sg0892112\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-30 14:55 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache
2015-03-28 23:44 - 2015-01-06 20:37 - 00000000 ____D () C:\Users\sg0892112\Downloads\Fanfic
2015-03-25 13:26 - 2014-10-28 11:38 - 00000000 ____D () C:\Windows\ccmcache
2015-03-20 17:23 - 2014-07-29 15:45 - 00023894 _____ () C:\Users\sg0892112\Documents\PRMGLO Birthdays.xlsx
2015-03-17 14:56 - 2015-02-16 13:06 - 00531456 _____ () C:\Users\sg0892112\Desktop\CWT TAX FINAL.xls
2015-03-17 14:55 - 2015-02-16 13:05 - 00480768 _____ () C:\Users\sg0892112\Desktop\Z2_FINAL.xls
2015-03-17 10:28 - 2014-08-11 11:29 - 00000000 ____D () C:\Users\sg0892112\Desktop\Pre POS
2015-03-16 13:09 - 2014-07-29 16:39 - 00000000 ____D () C:\Users\sg0892112\My Notebook
2015-03-11 14:32 - 2014-08-12 14:50 - 00000000 ___SD () C:\Users\sg0892112\Documents\My Data Sources
 
==================== Files in the root of some directories =======
 
2014-09-01 05:18 - 2014-09-01 05:18 - 0002086 _____ () C:\Users\sg0892112\AppData\Roaming\CONGOXE
2014-07-29 15:51 - 2014-07-29 16:11 - 0000600 _____ () C:\Users\sg0892112\AppData\Roaming\winscp.rnd
2014-09-01 05:18 - 2014-09-01 05:18 - 0001248 _____ () C:\Users\sg0892112\AppData\Roaming\YUXTSH
2015-04-05 15:44 - 2015-04-05 15:44 - 0003584 _____ () C:\Users\sg0892112\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 19:26 - 2015-03-31 19:26 - 0005039 _____ () C:\ProgramData\wmzddnmb.cix
 
Some content of TEMP:
====================
C:\Users\sg0892112\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sg0892112\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 11:18
 
==================== End Of Log ============================
 
2 - the ADWCleaner
# AdwCleaner v4.201 - Logfile created 16/04/2015 at 20:19:38
# Updated 08/04/2015 by Xplode
# Database : 2015-04-15.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : SG0892112 - HN3UY89211201
# Running from : C:\Users\sg0892112\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\Program Files (x86)\globalUpdate
[x] Not Deleted : C:\Users\sg0892112\AppData\Local\globalUpdate
[x] Not Deleted : C:\Users\sg0892112\AppData\Roaming\pdfforge
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\P71662ad8_bc87_491f_9f54_21b720af6f88_.P71662ad8_bc87_491f_9f54_21b720af6f88_
Key Deleted : HKLM\SOFTWARE\Classes\P71662ad8_bc87_491f_9f54_21b720af6f88_.P71662ad8_bc87_491f_9f54_21b720af6f88_.9
Key Deleted : HKLM\SOFTWARE\0d52f8f9-0dcf-d0d0-ab08-2cd59e57d89f
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d3d61953}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71662ad8-bc87-491f-9f54-21b720af6f88}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{10F67E56-58A9-4A52-A48A-A28A75FF9FBB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71662ad8-bc87-491f-9f54-21b720af6f88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71662ad8-bc87-491f-9f54-21b720af6f88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71662ad8-bc87-491f-9f54-21b720af6f88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71662ad8-bc87-491f-9f54-21b720af6f88}
Key Deleted : HKCU\Software\1ClickDownload
[x] Not Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\TornTv Downloader
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[x] Not Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[x] Not Deleted : [x64] HKCU\Software\GlobalUpdate
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16633
 
 
-\\ Mozilla Firefox v37.0.1 (x86 en-US)
 
[xs8r7o9u.default\prefs.js] - Line Deleted : user_pref("extensions.Ke4KNnjQz521dPLR.scode", "(function(){try{if(window.self.location.href.indexOf(\"rHaGqjg5pjsGrjC7rHrFrTk8rY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\"[...]
[xs8r7o9u.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "148bf03530d30342044d76ab888c16c3");
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3397 bytes] - [16/04/2015 20:16:31]
AdwCleaner[S0].txt - [3308 bytes] - [16/04/2015 20:19:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3367  bytes] ##########
 
 
3 - 
1. Your antivirus detected the following but it's not clear if it cleaned it. Is this a program you recognize or can it be removed?
NO, I don't recognize that bugwatcher file so it can be removed. I tried to find it now and couldn't do it. 

 

2 - 2. Do you have WindowsUpdates disabled for some reason?

The fact that you are still on IE9 and the following being in your log prompted the question.

 

This is a machine from my work. Any updates to Windows or other programs (such as Java) are done via the VPN. That's why I did not uninstall Java completely, I was afraid a program would not work properly with the new versions. The IT team helped me removed the error but I wanted to 'do some cleaning' since I am aware I've been downloading things lately that could have installed some risk files. 

 

Thanks again for your help with this.


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Please refer back to Step#3. You pasted the contents of the incorrect file. I need the fixlog.txt.

 

Also since this is a work computer please refer to our Terms of Use (TOU) that you agreed to when creating an account here. The following is one if the items listed.

We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.

 

 

I need to abide by these rules as well. It sounds as if you have an IT Dept that should take care of these types of things correct? Some of the tools we use here can cause undesirable effects on work machines (i.e. removing group policies set by the company).

 

Some self employed users don't have an IT Dept so we make an exception. I don't want to do anything without permission from your IT Dept.

 

Please let me know how you wish to proceed.


  • 0

#7
vecastone

vecastone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Oh I've deleted this manually

 

() C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe


  • 0

#8
vecastone

vecastone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here you have the correct file. And don't worry I will not do something that may harm this computer by following your 'to do' list. 
Like I said I'm just doing some cleaning if you read below i didn't know i had 2GB of temp files. Good they were deleted :)
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
Ran by SG0892112 at 2015-04-15 19:01:21 Run:1
Running from C:\Users\sg0892112\Desktop
Loaded Profiles: SG0892112 (Available profiles: SG0892112 & Coffee)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...\Run: [Adobe ARM] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-117609710-2025429265-725345543-71058\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: SalePlus -> {71662ad8-bc87-491f-9f54-21b720af6f88} -> C:\Program Files (x86)\SalePlus\zBGJus1lurUqRz.x64.dll [2015-04-05] ()
C:\Program Files (x86)\SalePlus
FF Extension: SaleePluS - C:\Users\sg0892112\AppData\Roaming\Mozilla\Firefox\Profiles\xs8r7o9u.default\Extensions\[email protected] [2015-04-05]
CHR Extension: (SaleePluS) - C:\ProgramData\mfogbeekhpiiapegkggfihobolhclndf\ []
2015-03-31 19:26 - 2015-03-31 19:26 - 0005039 _____ () C:\ProgramData\wmzddnmb.cix
EmptyTemp:
 
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-117609710-2025429265-725345543-71058\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71662ad8-bc87-491f-9f54-21b720af6f88}" => Key deleted successfully.
"HKCR\CLSID\{71662ad8-bc87-491f-9f54-21b720af6f88}" => Key deleted successfully.
"C:\Program Files (x86)\SalePlus" => File/Directory not found.
C:\Users\sg0892112\AppData\Roaming\Mozilla\Firefox\Profiles\xs8r7o9u.default\Extensions\[email protected] not found.
C:\ProgramData\mfogbeekhpiiapegkggfihobolhclndf\ directory not found.
C:\ProgramData\wmzddnmb.cix => Moved successfully.
EmptyTemp: => Removed 2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:02:09 ====

  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Is your IT Department OK with you doing this?


  • 0

#10
vecastone

vecastone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

All the programs are working properly. My C drive is much cleaner and I have more space free. How many more steps do we have left? 

The error has disappeared completely and with the adw cleaner we have removed suspicious files. I really appreciate your help throughout the process and I totally understand your concern. If you want we can stop here I have no problem.  


  • 0

#11
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I'm glad to hear things are better however we have several more steps including cleaning up our tools that we used. Is your IT Department OK with you doing this?


  • 0

#12
vecastone

vecastone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

They haven't answered to my ticket yet. 


  • 0

#13
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, please let me know what they say and we can go from there.


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Fake Plugin, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP