Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Fake Plugin Activity2 error [Closed]

Started by vecastone , Apr 09 2015 05:00 PM

Fake Plugin malware

This topic is locked

#1
vecastone

Posted 09 April 2015 - 05:00 PM

New Member

Member
7 posts

I am receiving the error Fake Plugin Activity2 in all my browsers (IE, Chrome, Mozilla).

From FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by SG0892112 (administrator) on HN3UY89211201 on 09-04-2015 19:43:58

Running from C:\Users\sg0892112\Desktop

Loaded Profiles: SG0892112 (Available profiles: SG0892112 & Coffee)

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Check Point Software Tech Ltd) C:\Windows\SysWOW64\Prot_srv.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe

() C:\Program Files (x86)\Aviva Solutions\AFD\monsrv.exe

(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\CaptureService.exe

(aviva solutions) C:\Program Files (x86)\Aviva Solutions\AFD\AvivaMonitorServer.exe

(HP) C:\Windows\SysWOW64\HPTools\DesktopConfigUpdate\DesktopConfigUpdateService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

(Nortel Networks) C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe

(Check Point Software Tech Ltd) C:\Windows\SysWOW64\pstartSr.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe

(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Common Files\Open Text\Spawner\bin\spawner.exe

(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\dp.exe

(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\SAP Document Pipeline 9.7.1\bin\cfbx.exe

(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\docrm.exe

(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\BASE Document Pipeline 9.7.1\bin\doctods.exe

(IXOS SOFTWARE AG - an Open Text company) C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\bin\perldtn.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\WCapWListener.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE

() C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe

(Witness Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\WCapW32.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe

(Check Point Software Technologies LTD) C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe

(Check Point Software Tech Ltd) C:\Program Files (x86)\Pointsec\Pointsec for PC\P95tray.exe

(Verint Systems, Inc.) C:\Program Files (x86)\Witness Systems\Screen Capture Module\AimTray.exe

(HPES) C:\Windows\HPTools\UserNotify\UserNotifyFlg.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(SAP AG) C:\Program Files (x86)\SAP\SapSetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe

(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe

(SAP, Walldorf) C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)

HKLM\...\Run: [Adobe ARM] => [X]

HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [318520 2011-05-13] (Hewlett-Packard Company)

HKLM-x32\...\Run: [NVC] => C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe [1717584 2010-03-01] (Nortel Networks)

HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164624 2012-11-30] (Microsoft Corporation)

HKLM-x32\...\Run: [Check Point Endpoint Tray Application] => C:\Program Files (x86)\Common Files\Check Point\UIFramework\cptray.exe [70144 2010-06-02] (Check Point Software Technologies LTD)

HKLM-x32\...\Run: [Pointsec Tray] => C:\Program Files (x86)\Pointsec\Pointsec for PC\P95Tray.exe [858792 2011-03-08] (Check Point Software Tech Ltd)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [CfgDownload] => C:\Program Files (x86)\IXOS\bin\CfgDownload.exe [212992 2009-10-31] (Open Text Corporation)

HKLM-x32\...\Run: [ScanCfgDownload] => C:\Program Files (x86)\Open Text\Scan\bin\ScanCfgDownload.exe [217088 2010-04-14] (Open Text Corporation)

HKLM-x32\...\Run: [Witness AIM] => C:\Program Files (x86)\Witness Systems\Screen Capture Module\AimTray.exe [765952 2010-04-06] (Verint Systems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] => [X]

HKLM-x32\...\Run: [UserNotify] => C:\Windows\HPTools\UserNotify\UserNotifyFlg.exe [50176 2013-08-07] (HPES)

HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => [X]

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Witness Systems\Screen Capture Module\wcapwlistener.exe

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718720 2010-12-21] (Microsoft Corporation)

HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoWindowsUpdate] 1

HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\Policies\Explorer: [NoStartMenuMyGames] 1

HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\MountPoints2: {b8def118-73cf-11e4-b062-c4d9879ed931} - D:\LaunchU3.exe -a

HKU\S-1-5-21-117609710-2025429265-725345543-71058\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\pscr_nt.SCR

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

Startup: C:\Users\sg0892112\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlander.S01E09.Micro.Hd.720p.Vose.lnk

ShortcutTarget: Outlander.S01E09.Micro.Hd.720p.Vose.lnk -> C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe ()

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-117609710-2025429265-725345543-71058\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

AutoConfigURL: [S-1-5-21-117609710-2025429265-725345543-71058] => http://mvdpac.sabre....sabreremote.pac

HKU\S-1-5-21-117609710-2025429265-725345543-71058\Software\Microsoft\Internet Explorer\Main,Start Page = http://techteams.sab...s/Docs/SAP.aspx

BHO: SalePlus -> {71662ad8-bc87-491f-9f54-21b720af6f88} -> C:\Program Files (x86)\SalePlus\zBGJus1lurUqRz.x64.dll [2015-04-05] ()

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File

BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\bin\IPS\IPSBHO.DLL [2014-08-08] (Symantec Corporation)

BHO-x32: SalePlus -> {71662ad8-bc87-491f-9f54-21b720af6f88} -> C:\Program Files (x86)\SalePlus\zBGJus1lurUqRz.dll [2015-04-05] ()

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-07-29] (Sun Microsystems, Inc.)

DPF: HKLM-x32 {0C901283-4BDB-46A1-911F-AE2667894156} https://icrm.sabre.c...x_HI_Client.cab

DPF: HKLM-x32 {54181628-E626-46CC-B28B-0792CB1016A5} https://icrm.sabre.c...x_HI_Client.cab

DPF: HKLM-x32 {748DFEBB-6AF5-4C34-9AB2-5676CD075AC3} https://icrm.sabre.c...x_HI_Client.cab

DPF: HKLM-x32 {B25AB9F1-B8A2-4072-8964-00C7EDF99750} https://filemover.bc...Wizard7.0.0.ocx

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sabreholding...ex/ieatgpc1.cab

DPF: HKLM-x32 {E2A8FD26-C1EC-432E-AB11-186273E3789D} https://icrm.sabre.c...x_HI_Client.cab

Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf)

Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{9D216AC2-0970-4261-A7BF-FB1FE59CFBA1}: [NameServer] 10.12.64.101,10.16.61.14

FireFox:

========

FF ProfilePath: C:\Users\sg0892112\AppData\Roaming\Mozilla\Firefox\Profiles\xs8r7o9u.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll [2014-07-30] ()

FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File

FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-30] ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Extension: SaleePluS - C:\Users\sg0892112\AppData\Roaming\Mozilla\Firefox\Profiles\xs8r7o9u.default\Extensions\[email protected] [2015-04-05]

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-27]

CHR Extension: (Google Docs) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-27]

CHR Extension: (Google Drive) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-27]

CHR Extension: (YouTube) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-27]

CHR Extension: (Google Search) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-27]

CHR Extension: (Google Sheets) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-27]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]

CHR Extension: (Google Wallet) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-27]

CHR Extension: (Gmail) - C:\Users\sg0892112\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-27]

CHR Extension: (SaleePluS) - C:\ProgramData\mfogbeekhpiiapegkggfihobolhclndf\ []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]

R2 AvivaMonitor; C:\Program Files (x86)\Aviva Solutions\AFD\monsrv.exe [161080 2010-08-09] ()

S3 Av_Service; C:\Program Files (x86)\Aviva Solutions\AFD\av_service.exe [87352 2010-08-09] ()

R2 CaptureService; C:\Program Files (x86)\Witness Systems\Screen Capture Module\CaptureService.exe [401408 2010-04-06] (Witness Systems, Inc.) [File not signed]

R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)

S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)

R2 DskCfgUpdt; C:\Windows\SysWOW64\HPTools\DesktopConfigUpdate\DesktopConfigUpdateService.exe [600576 2010-12-13] (HP) [File not signed]

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [317496 2011-05-13] (Hewlett-Packard Company)

S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)

S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)

R2 NvcSvcMgr; C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)

R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [165568 2012-06-19] (SAP AG)

R2 Pointsec; C:\Windows\SysWOW64\Prot_srv.exe [658088 2011-03-08] (Check Point Software Tech Ltd)

R2 Pointsec_start; C:\Windows\SysWOW64\pstartSr.exe [232104 2011-03-08] (Check Point Software Tech Ltd)

R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin\ccSvcHst.exe [144496 2014-08-08] (Symantec Corporation)

R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\Smc.exe [2379128 2014-08-08] (Symantec Corporation)

S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)

S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Bin64\snac64.exe [335216 2014-08-08] (Symantec Corporation)

R2 spawner; C:\Program Files (x86)\Common Files\Open Text\Spawner\bin\spawner.exe [201968 2008-06-12] (IXOS SOFTWARE AG - an Open Text company)

S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\BASHDefs\20150309.013\BHDrvx64.sys [1622744 2015-02-10] (Symantec Corporation)

R1 ccSettings_{67210CE5-A4BA-4C22-B639-1C79F566632D}; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\ccSetx64.sys [169048 2014-08-08] (Symantec Corporation)

S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-10] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\IPSDefs\20150408.011\IDSvia64.sys [637656 2015-02-10] (Symantec Corporation)

S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2012-05-16] (Intel Corporation)

R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150408.035\ENG64.SYS [129752 2015-02-10] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4100.4126.105\Data\Definitions\VirusDefs\20150408.035\EX64.SYS [2137304 2015-02-10] (Symantec Corporation)

R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)

R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)

R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)

R0 prot_2k; C:\Windows\System32\Drivers\prot_2k.sys [285992 2014-07-29] (Check Point Software Tech Ltd)

R0 prot_2k; C:\Windows\SysWow64\Drivers\prot_2k.sys [221736 2011-03-08] (Check Point Software Tech Ltd)

R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)

S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)

R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSP64.SYS [867032 2014-08-08] (Symantec Corporation)

R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SRTSPX64.SYS [36952 2014-08-08] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMDS64.SYS [493656 2014-08-08] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMEFA64.SYS [1148120 2014-08-08] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-29] (Symantec Corporation)

R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\Ironx64.SYS [225496 2014-08-08] (Symantec Corporation)

R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C011004\101E.105\x64\SYMNETS.SYS [437976 2014-08-08] (Symantec Corporation)

S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-08-08] (Spotflux, Inc.)

S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-07-25] (Microsoft Corporation) [File not signed]

S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-07-25] (Microsoft Corporation) [File not signed]

S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 19:42 - 2015-04-09 19:42 - 00045012 _____ () C:\Users\sg0892112\Downloads\Addition.txt

2015-04-09 19:41 - 2015-04-09 19:44 - 00024431 _____ () C:\Users\sg0892112\Desktop\FRST.txt

2015-04-09 19:41 - 2015-04-09 19:43 - 00000000 ____D () C:\FRST

2015-04-09 19:41 - 2015-04-09 19:41 - 02095616 _____ (Farbar) C:\Users\sg0892112\Desktop\FRST64.exe

2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA408D.tmp

2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA404E.tmp

2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA402E.tmp

2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA400E.tmp

2015-04-09 13:07 - 2015-04-09 13:07 - 00000000 _____ () C:\SOA3FED.tmp

2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACD28.tmp

2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACD08.tmp

2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACCE8.tmp

2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACCC8.tmp

2015-04-09 13:06 - 2015-04-09 13:06 - 00000000 _____ () C:\SOACC69.tmp

2015-04-08 16:21 - 2015-04-08 16:21 - 00007604 _____ () C:\Users\sg0892112\Downloads\LBF Wholesale Non Wholesale %3A 5923670 %3A 13450429.xlsx

2015-04-08 16:09 - 2015-04-08 16:23 - 00010400 _____ () C:\Users\sg0892112\Downloads\LBF WSL Report.xlsx

2015-04-08 10:06 - 2015-04-08 10:06 - 00006894 _____ () C:\Users\sg0892112\Downloads\France CID bookings.xlsx

2015-04-07 15:57 - 2015-04-07 16:02 - 00026813 _____ () C:\Users\sg0892112\Desktop\Margaret.xlsx

2015-04-07 10:58 - 2015-04-07 11:19 - 00016263 _____ () C:\Users\sg0892112\Desktop\LBF.XLSX

2015-04-06 13:16 - 2015-04-06 16:20 - 00119257 _____ () C:\Users\sg0892112\Desktop\export.XLSX

2015-04-06 12:28 - 2015-04-06 12:28 - 00000000 _____ () C:\SOA75AD.tmp

2015-04-06 10:48 - 2015-04-06 10:48 - 00005117 _____ () C:\Users\sg0892112\Downloads\Business Aviator CWT both SC Codes and carrier R0 %26 O3.xlsx

2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE5B5.tmp

2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE595.tmp

2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE574.tmp

2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE554.tmp

2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE534.tmp

2015-04-06 10:09 - 2015-04-06 10:09 - 00000000 _____ () C:\SOAE4A6.tmp

2015-04-05 23:27 - 2015-04-05 23:27 - 00460288 _____ () C:\Users\sg0892112\Downloads\AVS Video Converter 8.5 Activation Code And Crack Full Version Free Downlaod.exe

2015-04-05 20:14 - 2015-04-05 20:14 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU

2015-04-05 20:13 - 2015-04-05 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU

2015-04-05 20:13 - 2015-04-05 20:13 - 00001242 _____ () C:\Users\sg0892112\Desktop\AVS Video Converter.lnk

2015-04-05 19:22 - 2015-04-07 10:31 - 00000932 _____ () C:\Users\sg0892112\Desktop\mozillatabs.txt

2015-04-05 19:17 - 2015-04-05 19:29 - 63042752 _____ (Online Media Technologies Ltd. ) C:\Users\sg0892112\Downloads\AVSVideoConverter.exe

2015-04-05 19:11 - 2015-04-05 20:18 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\AVS4YOU

2015-04-05 19:11 - 2015-04-05 19:11 - 00000000 ____D () C:\ProgramData\AVS4YOU

2015-04-05 19:10 - 2015-04-05 20:14 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU

2015-04-05 19:10 - 2011-06-23 13:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll

2015-04-05 19:10 - 2011-06-23 13:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll

2015-04-05 18:47 - 2015-04-05 18:51 - 154363320 _____ (Online Media Technologies Ltd. ) C:\Users\sg0892112\Downloads\AVSVideoEditor.exe

2015-04-05 18:00 - 2015-04-05 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid

2015-04-05 18:00 - 2015-04-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Xvid

2015-04-05 18:00 - 2011-06-24 16:44 - 00243200 _____ () C:\Windows\SysWOW64\xvidvfw.dll

2015-04-05 18:00 - 2011-06-24 16:28 - 00650752 _____ () C:\Windows\SysWOW64\xvidcore.dll

2015-04-05 18:00 - 2011-06-24 15:58 - 00153088 _____ () C:\Windows\SysWOW64\xvid.ax

2015-04-05 17:56 - 2015-04-05 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivXLand

2015-04-05 17:56 - 2015-04-05 17:56 - 00000000 ____D () C:\Program Files (x86)\DivXLand

2015-04-05 17:56 - 2005-02-04 20:19 - 00057344 _____ (PV) C:\Windows\SysWOW64\dslider.ocx

2015-04-05 17:55 - 2015-04-05 17:55 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\AVI ReComp

2015-04-05 16:16 - 2015-04-05 16:22 - 00000000 ____D () C:\Program Files (x86)\Gabest

2015-04-05 16:16 - 2015-04-05 16:22 - 00000000 ____D () C:\Program Files (x86)\AVI ReComp

2015-04-05 15:44 - 2015-04-05 15:44 - 00003584 _____ () C:\Users\sg0892112\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-04-05 11:41 - 2015-04-09 12:12 - 00000000 ____D () C:\Program Files (x86)\bugwatcher

2015-04-05 11:41 - 2015-04-05 11:41 - 00000000 ____D () C:\Program Files (x86)\SalePlus

2015-04-05 11:40 - 2015-04-05 11:40 - 00000000 ____D () C:\ProgramData\17201988207728874483

2015-04-05 11:40 - 2015-04-05 11:40 - 00000000 ____D () C:\Program Files (x86)\SaleePluS

2015-04-05 11:39 - 2015-04-05 11:48 - 00000000 ____D () C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}

2015-04-05 11:39 - 2015-04-05 11:39 - 00001743 _____ () C:\Users\sg0892112\Desktop\Outlander.S01E09.Micro.Hd.720p.Vose.lnk

2015-04-05 11:39 - 2015-04-05 11:39 - 00000000 ____D () C:\ProgramData\mfogbeekhpiiapegkggfihobolhclndf

2015-04-03 17:28 - 2015-04-06 11:15 - 00252967 _____ () C:\Users\sg0892112\Desktop\export_2.XLSX

2015-03-31 20:28 - 2015-03-31 20:29 - 02120715 _____ (divxland.org ) C:\Users\sg0892112\Downloads\DivXLand_MediaSub_210.exe

2015-03-31 19:26 - 2015-03-31 21:39 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\Movavi

2015-03-31 19:26 - 2015-03-31 19:26 - 00005039 _____ () C:\ProgramData\wmzddnmb.cix

2015-03-31 19:26 - 2015-03-31 19:26 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Movavi

2015-03-31 19:00 - 2015-04-05 20:28 - 00000000 ____D () C:\Users\sg0892112\Downloads\Death.At.A.Funeral[2007]DvDrip.AC3[Eng]-aXXo

2015-03-30 07:31 - 2015-01-29 00:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-30 07:31 - 2015-01-29 00:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-30 07:31 - 2015-01-29 00:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-30 07:31 - 2015-01-29 00:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-30 07:31 - 2015-01-29 00:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-30 07:31 - 2015-01-29 00:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-30 07:31 - 2015-01-29 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-30 07:31 - 2015-01-29 00:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-03-30 07:31 - 2015-01-29 00:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-03-30 07:31 - 2015-01-29 00:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-03-30 07:31 - 2015-01-28 23:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-03-30 07:30 - 2015-02-26 00:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-30 07:30 - 2015-02-03 00:31 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-30 07:30 - 2015-02-03 00:12 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-30 07:29 - 2015-03-06 02:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-30 07:29 - 2015-03-06 02:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-30 07:29 - 2015-03-06 02:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-30 07:29 - 2015-03-06 02:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-30 07:29 - 2015-03-06 02:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-30 07:29 - 2015-03-06 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-30 07:29 - 2015-03-06 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-30 07:29 - 2015-03-06 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-30 07:29 - 2015-03-06 02:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-30 07:29 - 2015-03-06 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-30 07:29 - 2015-03-06 02:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-30 07:29 - 2015-03-06 02:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-30 07:29 - 2015-03-06 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-30 07:29 - 2015-03-06 02:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-30 07:29 - 2015-03-06 02:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-30 07:29 - 2015-03-06 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-30 07:29 - 2015-03-06 02:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-30 07:29 - 2015-03-06 02:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-30 07:29 - 2015-03-06 02:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-03-30 07:29 - 2015-03-06 02:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-03-30 07:29 - 2015-03-06 02:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-03-30 07:29 - 2015-03-06 02:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-03-30 07:29 - 2015-03-06 02:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-03-30 07:29 - 2015-03-06 02:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-03-30 07:29 - 2015-03-06 02:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-03-30 07:29 - 2015-03-06 02:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-03-30 07:29 - 2015-03-06 02:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-03-30 07:29 - 2015-03-06 02:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-03-30 07:29 - 2015-03-06 02:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-03-30 07:29 - 2015-03-06 02:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-03-30 07:29 - 2015-03-06 02:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-03-30 07:29 - 2015-02-03 00:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-30 07:29 - 2015-02-03 00:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-30 07:29 - 2015-01-30 20:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-30 07:28 - 2015-02-20 01:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-30 07:28 - 2015-02-20 01:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-30 07:28 - 2015-02-20 01:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-30 07:28 - 2015-02-20 01:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-30 07:28 - 2015-02-20 01:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-03-30 07:28 - 2015-02-20 01:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-30 07:28 - 2015-02-20 01:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-03-30 07:28 - 2015-02-20 01:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-03-30 07:28 - 2015-02-20 00:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-30 07:28 - 2015-02-20 00:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-30 07:28 - 2015-02-13 02:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-30 07:28 - 2015-02-13 02:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-30 07:28 - 2015-02-04 00:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-30 07:28 - 2015-02-03 23:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-30 07:27 - 2015-02-21 16:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-30 07:27 - 2015-02-21 16:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-03-30 07:27 - 2015-02-21 16:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-30 07:27 - 2015-02-21 16:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-30 07:27 - 2015-02-21 15:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-30 07:27 - 2015-02-21 15:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-30 07:27 - 2015-02-21 15:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-30 07:27 - 2015-02-21 15:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-03-30 07:27 - 2015-02-21 15:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-30 07:27 - 2015-02-21 15:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-30 07:27 - 2015-02-21 15:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-30 07:27 - 2015-02-21 15:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-03-30 07:27 - 2015-02-21 15:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-30 07:27 - 2015-02-21 15:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-30 07:27 - 2015-02-21 15:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-30 07:27 - 2015-02-21 15:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-30 07:27 - 2015-02-21 15:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-03-30 07:27 - 2015-02-21 15:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-03-30 07:27 - 2015-02-21 15:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-30 07:27 - 2015-02-21 15:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-30 07:27 - 2015-02-21 15:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-30 07:27 - 2015-02-21 15:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-03-30 07:27 - 2015-02-21 14:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-03-30 07:27 - 2015-02-21 14:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-03-30 07:27 - 2015-02-21 14:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-03-30 07:27 - 2015-02-21 14:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-03-30 07:27 - 2015-02-21 14:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-03-30 07:27 - 2015-02-21 14:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-03-30 07:27 - 2015-02-21 14:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-03-30 07:27 - 2015-02-21 14:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2015-03-30 07:27 - 2015-02-21 14:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-03-30 07:27 - 2015-02-21 14:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-03-30 07:27 - 2015-02-21 14:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-03-30 07:27 - 2015-02-21 14:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-03-30 07:27 - 2015-02-21 14:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-03-30 07:27 - 2015-02-21 14:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-03-30 07:27 - 2015-02-21 14:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-03-30 07:27 - 2015-02-21 14:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-03-30 07:27 - 2015-02-21 14:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-03-30 07:27 - 2015-02-21 14:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-03-30 07:27 - 2015-02-21 14:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2015-03-30 07:27 - 2015-02-21 14:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2015-03-30 07:27 - 2015-02-21 14:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2015-03-30 07:27 - 2015-02-21 14:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-03-30 07:26 - 2015-01-31 00:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-03-30 07:26 - 2015-01-31 00:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-30 07:26 - 2015-01-31 00:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2015-03-30 07:26 - 2015-01-16 23:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-30 07:26 - 2015-01-16 23:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-23 19:14 - 2015-04-05 11:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F5C.tmp

2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F3C.tmp

2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3F0C.tmp

2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3EEC.tmp

2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 _____ () C:\SOA3ECC.tmp

2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2933.tmp

2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2913.tmp

2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA28E3.tmp

2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA28C3.tmp

2015-03-23 11:07 - 2015-03-23 11:07 - 00000000 _____ () C:\SOA2874.tmp

2015-03-17 17:23 - 2015-03-17 17:23 - 04130697 _____ () C:\Users\sg0892112\Downloads\OBT Bookings.xlsx

2015-03-17 16:47 - 2015-03-19 17:30 - 00241244 _____ () C:\Users\sg0892112\Desktop\SAP LOAD FEB15.xlsx

2015-03-16 13:01 - 2015-03-16 13:01 - 00044544 _____ () C:\Users\sg0892112\Downloads\gastos comunes febrero 2015.xls

2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6BAB.tmp

2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B8B.tmp

2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B5B.tmp

2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B3B.tmp

2015-03-13 12:24 - 2015-03-13 12:24 - 00000000 _____ () C:\SOA6B1A.tmp

2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA147D.tmp

2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA145C.tmp

2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA142D.tmp

2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA140C.tmp

2015-03-13 12:15 - 2015-03-13 12:15 - 00000000 _____ () C:\SOA13EC.tmp

2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF700.tmp

2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF6B1.tmp

2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF691.tmp

2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF661.tmp

2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF651.tmp

2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF621.tmp

2015-03-13 11:01 - 2015-03-13 11:01 - 00000000 _____ () C:\SOAF5F1.tmp

2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA535F.tmp

2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA533F.tmp

2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA531F.tmp

2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA52EF.tmp

2015-03-11 16:05 - 2015-03-11 16:05 - 00000000 _____ () C:\SOA52B0.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 19:09 - 2009-07-14 02:13 - 00790912 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-09 19:06 - 2014-07-29 02:36 - 01496431 _____ () C:\Windows\WindowsUpdate.log

2015-04-09 19:05 - 2014-11-27 19:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-09 17:38 - 2014-07-29 10:43 - 00000000 ____D () C:\Users\sg0892112

2015-04-09 17:38 - 2014-06-11 12:28 - 1078166528 _____ () C:\Users\sg0892112\ArchiveOld.pst

2015-04-09 17:38 - 2014-03-26 10:43 - 4211811328 _____ () C:\Users\sg0892112\Personal Folders.pst

2015-04-09 17:38 - 2012-03-02 10:52 - 2373067776 _____ () C:\Users\sg0892112\ArchiveNuevo.pst

2015-04-09 16:51 - 2014-07-29 16:37 - 00000992 _____ () C:\Windows\system32\config\netlogon.ftl

2015-04-09 15:49 - 2014-07-29 15:25 - 00000000 ____D () C:\Users\sg0892112\Documents\BO DB2 and SAP Reports

2015-04-09 14:32 - 2014-07-29 00:57 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-04-09 13:10 - 2014-07-29 16:32 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\SAP

2015-04-09 13:10 - 2014-07-29 12:09 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\SAP

2015-04-09 13:10 - 2009-07-14 01:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-09 13:10 - 2009-07-14 01:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-09 13:06 - 2014-07-29 00:43 - 00000581 _____ () C:\Windows\SMSCFG.ini

2015-04-09 13:05 - 2014-07-29 13:35 - 00000000 ____D () C:\Users\sg0892112\AppData\Local\Deployment

2015-04-09 13:04 - 2014-07-29 10:44 - 00000000 ____D () C:\Users\sg0892112\Tracing

2015-04-09 13:03 - 2014-11-27 19:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-09 13:03 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-09 13:03 - 2009-07-14 01:51 - 00055816 _____ () C:\Windows\setupact.log

2015-04-09 10:37 - 2014-08-04 12:26 - 00000000 ____D () C:\Users\sg0892112\Desktop\0

2015-04-09 10:34 - 2014-08-04 11:09 - 00000000 ____D () C:\Scan Files

2015-04-09 10:33 - 2014-08-04 11:04 - 00000177 _____ () C:\Windows\bi_group.ini

2015-04-08 23:30 - 2014-07-29 15:01 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\Skype

2015-04-08 15:24 - 2014-07-29 15:25 - 00000000 ____D () C:\Users\sg0892112\Documents\GLOBAL

2015-04-07 10:20 - 2010-11-21 00:47 - 00702252 _____ () C:\Windows\PFRO.log

2015-04-06 22:42 - 2014-08-02 12:48 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\vlc

2015-04-06 20:32 - 2014-07-29 15:44 - 00000000 ____D () C:\Users\sg0892112\Documents\PREMIER

2015-04-05 15:33 - 2014-09-23 19:22 - 00000000 ____D () C:\Users\sg0892112\AppData\Roaming\uTorrent

2015-04-05 11:44 - 2014-07-29 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-04 23:57 - 2014-11-27 19:45 - 00002188 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-04-03 17:21 - 2014-07-29 01:06 - 00000000 ____D () C:\ProgramData\Symantec

2015-04-02 11:21 - 2014-07-30 11:54 - 00000000 ____D () C:\Users\sg0892112\Documents\My Received Files

2015-04-02 09:38 - 2009-07-14 01:45 - 00415544 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-31 19:26 - 2014-07-29 10:44 - 00112528 _____ () C:\Users\sg0892112\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-30 14:55 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache

2015-03-28 23:44 - 2015-01-06 20:37 - 00000000 ____D () C:\Users\sg0892112\Downloads\Fanfic

2015-03-25 13:26 - 2014-10-28 11:38 - 00000000 ____D () C:\Windows\ccmcache

2015-03-20 17:23 - 2014-07-29 15:45 - 00023894 _____ () C:\Users\sg0892112\Documents\PRMGLO Birthdays.xlsx

2015-03-17 14:56 - 2015-02-16 13:06 - 00531456 _____ () C:\Users\sg0892112\Desktop\CWT TAX FINAL.xls

2015-03-17 14:55 - 2015-02-16 13:05 - 00480768 _____ () C:\Users\sg0892112\Desktop\Z2_FINAL.xls

2015-03-17 10:28 - 2014-08-11 11:29 - 00000000 ____D () C:\Users\sg0892112\Desktop\Pre POS

2015-03-16 13:09 - 2014-07-29 16:39 - 00000000 ____D () C:\Users\sg0892112\My Notebook

2015-03-11 14:32 - 2014-08-12 14:50 - 00000000 ___SD () C:\Users\sg0892112\Documents\My Data Sources

==================== Files in the root of some directories =======

2014-09-01 05:18 - 2014-09-01 05:18 - 0002086 _____ () C:\Users\sg0892112\AppData\Roaming\CONGOXE

2014-07-29 15:51 - 2014-07-29 16:11 - 0000600 _____ () C:\Users\sg0892112\AppData\Roaming\winscp.rnd

2014-09-01 05:18 - 2014-09-01 05:18 - 0001248 _____ () C:\Users\sg0892112\AppData\Roaming\YUXTSH

2015-04-05 15:44 - 2015-04-05 15:44 - 0003584 _____ () C:\Users\sg0892112\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-03-31 19:26 - 2015-03-31 19:26 - 0005039 _____ () C:\ProgramData\wmzddnmb.cix

Some content of TEMP:

====================

C:\Users\sg0892112\AppData\Local\Temp\SkypeSetup.exe

C:\Users\sg0892112\AppData\Local\Temp\vlc-2.1.5-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-04 11:18

==================== End Of Log ============================

#2
BrianDrab

Posted 14 April 2015 - 05:40 PM

Trusted Helper

Malware Removal
3,591 posts

Hi and welcome to G2G. Sorry for the delay. If you still need assistance, please post your Addition.txt log that is in your downloads folder. Thank you.

#3
vecastone

Posted 14 April 2015 - 06:35 PM

New Member

Topic Starter
Member
7 posts

Hello Brian,

I was able to disable the 'extension' that was causing the constant error to pop up at least (in Chrome and Mozilla) Saalesplus. . Though I don't know if that will be enough. Here is the other txt.

Thanks for your help

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by SG0892112 at 2015-04-09 19:44:19

Running from C:\Users\sg0892112\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Data Provider for Teradata 14.00.0.0 (HKLM-x32\...\{F83B6C10-988A-420D-B579-2A960F36A1B2}) (Version: 14.00.0.0 - Teradata Corporation)

µTorrent (HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)

AD Photo Edit Free Edition (HKLM-x32\...\{147B9B23-BFE6-4F58-96F0-201E6AF91B61}) (Version: 2.6.1 - Cjwdev)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\{6BA9BA04-B062-42F4-A852-902229FD4C2A}) (Version: 11.6.602.168 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Aviva for Desktops (HKLM-x32\...\InstallShield_{CBBE637F-9F5E-4123-81C5-24ED9B87F3E8}) (Version: 11.1.0043c - Aviva Inc.)

Aviva for Desktops (x32 Version: 11.1.0043c - Aviva Inc.) Hidden

AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)

Check Point Endpoint Security - Full Disk Encryption (HKLM-x32\...\{31B33270-24D7-4307-84F2-A3288636B83A}) (Version: 7.4.4.1657 - Check Point Software Technologies Ltd)

Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)

Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden

Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)

Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden

DataDirect Shadow for ODBC 7.3 (HKLM-x32\...\DataDirect Shadow for ODBC 7.3) (Version: 7.3.1.0 - DataDirect Technologies)

Defender Desktop Token (HKLM-x32\...\PassGo Desktop Token) (Version: 5.5.0.907 - Quest Software, Inc.)

Desktop Configuration Update Service v5.2 (HKLM-x32\...\{183F7597-A48E-4B0D-8FFC-B363FEF2EC5A}) (Version: 5.2.18 - HP)

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

DivXLand Media Subtitler 2.1.0 (HKLM-x32\...\{74D5F45B-EC9F-4083-9493-364D159FFFBE}_is1) (Version: - divxland.org)

FalconTec (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d3d61953}) (Version: - FalconTec) <==== ATTENTION

FileZilla Client 3.3.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.3.4.1 - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

HP 3D DriveGuard (HKLM\...\{C0C9A493-51CB-4F3F-A296-5B5E410C338E}) (Version: 5.0.9.0 - Hewlett-Packard Company)

HP HotKey Support (HKLM\...\{06160949-DACD-4F5D-99A1-B7676CE5C83B}) (Version: 4.0.18.1 - Hewlett-Packard Company)

Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)

Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017F0}) (Version: 6.0.170 - Sun Microsystems, Inc.)

Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)

Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft Conferencing Add-in for Microsoft Office Outlook (HKLM-x32\...\{13BEAC7C-69C1-4A9E-89A3-D5F311DE2B69}) (Version: 8.0.6362.202 - Microsoft Corporation)

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)

Microsoft Office Communicator 2007 R2 (HKLM-x32\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.266 - Microsoft Corporation)

Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)

Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)

Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mosaic (HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\e079e44a696270c1) (Version: 2.1.0.15 - Sabre)

MosaicAddIn (HKU\S-1-5-21-117609710-2025429265-725345543-71058\...\2DBD3C6155DEF0E746B32C82F37E0EA2A82AF198) (Version: 1.0.0.30 - Sabre)

Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)

Nortel VPN Client (HKLM\...\{4EC5CF64-2E59-411D-0301-120101004016}) (Version: 10.04.016 - Nortel Networks)

ODBC Driver for Teradata 14.00.0.3 (HKLM-x32\...\{1551F9D6-1B14-4AE1-BABA-70A4319C236A}) (Version: 14.00.00.03 - Teradata Corporation)

ODBC Driver for Teradata nt-x8664 14.00.0.3 (HKLM\...\{68F1AD2A-94AF-4E5F-A4AA-C836C42F9B99}) (Version: 14.00.00.03 - Teradata Corporation)

Open Text Document Pipeline Base 9.7.1 (HKLM-x32\...\{BD5F69EA-8BC4-43EB-A0A3-4C9717AF3750}) (Version: 9.7.1.696 - Open Text Corporation)

Open Text Document Pipeline Info 9.7.1 (HKLM-x32\...\{EB230D9D-4100-48D4-9C5C-BBF3D6404AFE}) (Version: 9.7.1.420 - Open Text Corporation)

Open Text Document Pipeline Perl 9.7.1 (HKLM-x32\...\{42E78938-489B-4279-9DCC-C4E180AA5DC0}) (Version: 9.7.1.638 - Open Text Corporation)

Open Text Document Pipeline SAP 9.7.1 (HKLM-x32\...\{EA2C4431-D4E1-4BFB-9D15-E87A673445E8}) (Version: 9.7.1.964 - Open Text Corporation)

Open Text Imaging DesktopLink 9.7.0 - 64 bit (HKLM\...\{54F3859E-69CA-4E0B-9E6A-7D508EE66D40}) (Version: 9.7.0 - OPEN TEXT CORPORATION)

Open Text Imaging Enterprise Scan 9.7.1 (HKLM-x32\...\{971C0913-3C23-4199-AC2F-BA56104B2910}) (Version: 9.7.1 - Open Text Corporation)

Open Text Imaging Windows Viewer 9.7.0 (HKLM-x32\...\{7549A4D5-963E-4BFE-BCD6-3EC1233D717A}) (Version: 9.7.0 - OPEN TEXT CORPORATION)

Paquete de idioma de Microsoft .NET Framework 4.5 ESN (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50709 - Microsoft Corporation)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Rapid Results (HKLM-x32\...\Rapid Results) (Version: - )

Sabre_Win7_Profile (HKLM-x32\...\{AA25884F-14B7-4B4E-861C-88C7A2DDF88E}) (Version: 1.13.0118 - Hewlett-Packard)

SalePlus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version: - )

SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 1 - SAP)

SAPSetup Automatic Workstation Update Service (HKLM-x32\...\SAP_WUS) (Version: - SAP AG)

Screen Capture Module (HKLM-x32\...\{5C5BA4A4-F2F9-4791-AE91-501206DA1738}) (Version: 7.8.2.526 - Verint Systems, Inc.)

Shared ICU Libraries for Teradata 14.00.0.1 (HKLM-x32\...\{0CDBDB7E-B45C-48C2-BEF1-3F602ED1051A}) (Version: 14.00.00.01 - Teradata Corporation)

Shared ICU Libraries for Teradata nt-x8664 14.00.0.1 (HKLM\...\{C27A1002-9BA2-417C-9859-C195F014B9DA}) (Version: 14.00.00.01 - Teradata Corporation)

Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

Symantec Endpoint Protection (HKLM\...\{60171618-BEB9-4E89-AA7B-43AD32A3EC05}) (Version: 12.1.4100.4126 - Symantec Corporation)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)

Teradata GSS Client nt-i386 14.0.2.2 (HKLM-x32\...\{D6A69B04-6F9E-48D1-B42E-4AD7F5EBED76}) (Version: 14.00.02.02 - Teradata Corporation)

Teradata GSS Client nt-x8664 14.0.2.2 (HKLM\...\{358EC7BD-F1E6-419A-B1C9-2A552E233959}) (Version: 14.00.02.02 - Teradata Corporation)

Teradata SQL Assistant 14.01.0.2 (HKLM-x32\...\{5A717A30-8F97-4B96-900F-3799CEDD743D}) (Version: 14.01.00.02 - Teradata Corporation)

UserNotify (HKLM-x32\...\{83D4188F-6907-45CA-B73A-ABA4DA1FFFE0}) (Version: 1.00.0000 - Hewlett Packard)

VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)

WinZip 11.2 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}) (Version: 11.2.8094 - WinZip Computing, S.L. )

Xvid MPEG-4 Video Codec (HKLM-x32\...\Xvid_is1) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

28-03-2015 01:00:20 Scheduled Checkpoint

30-03-2015 07:26:23 Windows Update

07-04-2015 00:11:45 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {20EA546F-1364-40CE-882F-77779A3F847B} - System32\Tasks\{2CFB0FDD-631A-4F1D-A5E0-C8A30900AF4D} => pcalua.exe -a C:\Users\sg0892112\Software\TTU.exe -d C:\Users\sg0892112\Software

Task: {3411558A-31D5-4097-81B2-EC0098C62F55} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation)

Task: {3E8336E8-22CF-42E8-BA73-CCCF83347582} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection

Task: {42FC2ACC-016A-4300-98BA-233ABE4B9E86} - System32\Tasks\{F3CF552E-0779-4538-B4BA-075C8ACC521A} => Iexplore.exe http://www.skype.com...8;LastError=403

Task: {82133AF1-C733-49E0-95A0-29A3B9A8581B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)

Task: {C1EBD7A8-FAF4-4A12-AFDE-798DB93F2D1B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {D67BD992-ED36-4B8D-85C7-78144FE59C17} - System32\Tasks\{F08757CA-3002-42C8-9B18-83FC5FA55A88} => pcalua.exe -a C:\Users\sg0892112\Downloads\B2CAppSetup.exe -d C:\Users\sg0892112\Downloads

Task: {DEEF8628-3C7C-4C26-A6A6-07AEFE1951CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)

Task: {F6D69AAC-30C0-4D1C-8F8C-7EA236D275EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-27] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2010-08-09 13:21 - 2010-08-09 13:21 - 00161080 _____ () C:\Program Files (x86)\Aviva Solutions\AFD\monsrv.exe

2015-03-02 20:13 - 2015-02-23 10:39 - 00025088 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll

2015-03-02 20:13 - 2015-02-23 10:39 - 02633728 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll

2015-03-02 20:13 - 2015-02-23 10:39 - 02540544 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll

2013-12-21 10:25 - 2013-12-21 10:25 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll

2013-12-21 10:26 - 2013-12-21 10:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll

2013-12-21 10:27 - 2013-12-21 10:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll

2013-10-22 08:52 - 2013-10-22 08:52 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll

2013-10-22 08:52 - 2013-10-22 08:52 - 00908800 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll

2013-12-21 10:27 - 2013-12-21 10:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll

2013-07-23 18:19 - 2013-07-23 18:19 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll

2013-07-23 18:19 - 2013-07-23 18:19 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll

2013-07-23 18:19 - 2013-07-23 18:19 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll

2013-07-23 18:19 - 2013-07-23 18:19 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll

2011-03-17 02:07 - 2011-03-17 02:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2010-01-02 11:42 - 2010-01-02 11:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2013-03-21 16:13 - 2012-09-02 15:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2015-03-02 20:13 - 2015-02-23 10:39 - 00049664 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll

2014-04-05 11:39 - 2014-04-05 11:39 - 00461312 _____ () C:\ProgramData\{7fb06a9c-70ff-7c90-7fb0-06a9c70faa71}\Outlander.S01E09.Micro.Hd.720p.Vose.exe

2011-03-08 16:26 - 2011-03-08 16:26 - 00135168 _____ () C:\Windows\SysWOW64\LogonAgentAPI.dll

2014-10-16 00:48 - 2014-10-16 00:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

2013-12-11 15:46 - 2013-12-11 15:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll

2013-10-22 08:48 - 2013-10-22 08:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll

2013-10-24 15:53 - 2013-10-24 15:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll

2013-12-11 15:46 - 2013-12-11 15:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll

2013-12-11 15:46 - 2013-12-11 15:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll

2013-10-25 18:48 - 2013-10-25 18:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll

2013-10-25 18:48 - 2013-10-25 18:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll

2013-10-25 18:49 - 2013-10-25 18:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll

2013-10-25 18:48 - 2013-10-25 18:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll

2013-10-25 18:48 - 2013-10-25 18:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll

2013-10-25 18:48 - 2013-10-25 18:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll

2013-12-11 15:45 - 2013-12-11 15:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll

2013-10-25 18:53 - 2013-10-25 18:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll

2013-10-25 18:53 - 2013-10-25 18:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll

2013-12-11 15:45 - 2013-12-11 15:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll

2013-10-25 18:48 - 2013-10-25 18:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll

2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll

2013-10-25 18:53 - 2013-10-25 18:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll

2013-10-25 18:48 - 2013-10-25 18:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll

2013-10-25 18:48 - 2013-10-25 18:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll

2013-10-24 15:53 - 2013-10-24 15:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll

2013-04-19 15:38 - 2013-04-19 15:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll

2013-07-23 18:18 - 2013-07-23 18:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll

2013-07-23 18:18 - 2013-07-23 18:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll

2013-07-23 18:18 - 2013-07-23 18:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll

2013-07-23 18:18 - 2013-07-23 18:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll

2013-02-14 18:42 - 2013-02-14 18:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll

2010-04-06 19:38 - 2010-04-06 19:38 - 00143360 _____ () C:\Program Files (x86)\Witness Systems\Screen Capture Module\OSUtils.dll

2008-10-24 18:32 - 2008-10-24 18:32 - 00012288 _____ () C:\Program Files (x86)\Witness Systems\Screen Capture Module\boost_system-vc90-mt-1_35.dll

2008-10-24 18:32 - 2008-10-24 18:32 - 00037888 _____ () C:\Program Files (x86)\Witness Systems\Screen Capture Module\boost_date_time-vc90-mt-1_35.dll

2008-10-24 18:32 - 2008-10-24 18:32 - 00035840 _____ () C:\Program Files (x86)\Witness Systems\Screen Capture Module\boost_thread-vc90-mt-1_35.dll

2008-06-12 21:06 - 2008-06-12 21:06 - 00778240 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\bin\perl58.dll

2008-06-12 22:46 - 2008-06-12 22:46 - 00008704 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\lib\perl-5.8.5\MSWin32-x86-multi-thread\auto\IXOS\DTLogging\DTLogging.dll

2008-06-12 22:46 - 2008-06-12 22:46 - 00017920 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\lib\perl-5.8.5\MSWin32-x86-multi-thread\auto\IXOS\DTUtil\DTUtil.dll

2008-06-12 22:46 - 2008-06-12 22:46 - 00081920 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\lib\perl-5.8.5\MSWin32-x86-multi-thread\auto\IXOS\DTDocument2\DTDocument2.dll

2008-06-12 21:06 - 2008-06-12 21:06 - 00009728 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\lib\MSWin32-x86-multi-thread\auto\Cwd\Cwd.dll

2008-06-12 21:08 - 2008-06-12 21:08 - 00014848 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\lib\MSWin32-x86-multi-thread\auto\IO\IO.dll

2008-06-12 21:08 - 2008-06-12 21:08 - 00018944 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\lib\MSWin32-x86-multi-thread\auto\Socket\Socket.dll

2008-06-12 21:08 - 2008-06-12 21:08 - 00010240 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\lib\MSWin32-x86-multi-thread\auto\MIME\Base64\Base64.dll

2008-06-12 21:14 - 2008-06-12 21:14 - 00163840 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\perl-5.8.5\site\lib\MSWin32-x86-multi-thread\auto\XML\Parser\Expat\Expat.dll

2008-06-12 22:45 - 2008-06-12 22:45 - 00010240 _____ () C:\Program Files (x86)\Open Text\Document Pipeline Perl 9.7.1\lib\perl-5.8.5\MSWin32-x86-multi-thread\auto\IXOS\DT\DT.dll

2009-07-13 18:03 - 2009-07-13 22:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

2014-07-30 19:04 - 2014-07-30 19:04 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

2010-08-15 19:08 - 2010-08-15 19:08 - 00094208 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2011-03-17 02:11 - 2011-03-17 02:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-04-04 23:57 - 2015-03-30 18:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll

2015-04-04 23:57 - 2015-03-30 18:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll

2015-04-04 23:57 - 2015-03-30 18:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\sg0892112\Downloads\El Observador + BROTHER.pdf:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117609710-2025429265-725345543-71058\Control Panel\Desktop\\Wallpaper -> C:\Users\sg0892112\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Coffee (S-1-5-21-1306677910-1177036720-1036269624-500 - Administrator - Enabled) => C:\Users\Administrator

SabreNTGuest (S-1-5-21-1306677910-1177036720-1036269624-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Teredo Tunneling Adapter

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (04/09/2015 01:03:26 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )

Description: Security Risk Found!Trojan.Gen in File: C:\Program Files (x86)\bugwatcher\bugwatcher.dll by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: Reboot Processing

Error: (04/09/2015 01:03:25 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )

Description: Security Risk Found!Trojan.Gen in File: c:\program files (x86)\bugwatcher\bugwatcher.dll by: Manual scan. Action: Clean failed : Leave Alone failed. Action Description: Reboot Processing

Error: (04/09/2015 01:03:19 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2015 00:15:01 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )

Description: Security Risk Found!Trojan.Gen in File: C:\Program Files (x86)\bugwatcher\bugwatcher.dll by: Auto-Protect scan. Action: Reboot Required. Action Description: The file was quarantined successfully.

Error: (04/09/2015 00:11:44 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )

Description: Security Risk Found!Trojan.Gen in File: c:\program files (x86)\bugwatcher\bugwatcher.dll by: Manual scan. Action: Reboot Required. Action Description: Clean was partially successful.

Error: (04/09/2015 00:09:53 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )

Description: Security Risk Found!Trojan.Gen in File: c:\program files (x86)\bugwatcher\bugwatcher.dll by: Defwatch scan. Action: Process or service must be halted. Action Description:

Error: (04/09/2015 00:06:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Mosaic2.exe, version: 2.1.0.15, time stamp: 0x5509c2dc

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116

Exception code: 0xe0434352

Fault offset: 0x0000c41f

Faulting process id: 0x5c94

Faulting application start time: 0xMosaic2.exe0

Faulting application path: Mosaic2.exe1

Faulting module path: Mosaic2.exe2

Report Id: Mosaic2.exe3

Error: (04/09/2015 00:06:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: Mosaic2.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: Genesyslab.Platform.Commons.Protocols.ProtocolException

Stack:

at Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolFacility.BeginOpenProtocol(Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolInstance)

at Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolManagementService.BeginOpenProtocol(Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolInstance)

at Genesyslab.Platform.ApplicationBlocks.Commons.Protocols.ProtocolManagementService.BeginOpen()

at Sabre.Mosaic.Modules.Genesys.Servers.StatsServerController.Connect()

at Sabre.Mosaic.Modules.Genesys.Servers.StatsServerController.OnNetworkChangeEvent(Boolean)

at Microsoft.Practices.Prism.Events.EventSubscription`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].InvokeAction(System.Action`1<Boolean>, Boolean)

at Microsoft.Practices.Prism.Events.EventSubscription`1+<>c__DisplayClass2[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<GetExecutionStrategy>b__0(System.Object[])

at Microsoft.Practices.Prism.Events.EventBase.InternalPublish(System.Object[])

at Microsoft.Practices.Prism.Events.CompositePresentationEvent`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Publish(Boolean)

at Sabre.Mosaic.Modules.Genesys.GenesysModule.OnNetworkAvailabilityChange(System.Object, System.Net.NetworkInformation.NetworkAvailabilityEventArgs)

at System.Net.NetworkInformation.NetworkChange+AvailabilityChangeListener.RunHandlerCallback(System.Object)

at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

at System.Net.NetworkInformation.NetworkChange+AvailabilityChangeListener.ChangedAddress(System.Object, System.EventArgs)

at System.Net.NetworkInformation.NetworkChange+AddressChangeListener.AddressChangedCallback(System.Object, Boolean)

at System.Threading._ThreadPoolWaitOrTimerCallback.PerformWaitOrTimerCallback(System.Object, Boolean)

Error: (04/09/2015 07:26:42 AM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\SG08921120x8007003aThe specified server cannot perform the requested operation.

Error: (04/08/2015 11:26:41 PM) (Source: AutoEnrollment) (EventID: 6) (User: )

Description: GLOBAL\SG08921120x8007003aThe specified server cannot perform the requested operation.

System errors:

=============

Error: (04/09/2015 07:44:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )