Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Accept Adwcleaner recommendations? Or always get logfile reviewed?


  • This topic is locked This topic is locked

#1
m3110w

m3110w

    Member

  • Member
  • PipPip
  • 17 posts

Hi All,

 

Malwarebytes says I'm infected with suptab.a so I'm researching how to get rid of it. 

 

From this forum I've learned about AdwCleaner. Looks like a good product and it seems to be safe. So I downloaded and ran it on my up to date Win7 Pro laptop. AdwCleaner found some stuff missed by Norton IS and Antimalwarebytes.

 

Is it OK to just accept and implement the cleaning recommendations offered by AdwCleaner? Or should the AdwCleaner logfile always be reviewed by a trained anti-malware person to make sure the AdwCleaner recommendations are valid?

 

I looked over the AdwCleaner logfile recommendations but I'm not trained so I can't tell if any of the recommendations are invalid.

 

Sorry for my newbie question. Thanks!

 

PS: Let me know if you want me to post the AdwCleaner logfile. Thanks.


Edited by m3110w, 04 May 2015 - 03:48 AM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Post the adwCleaner log for review
  • 0

#3
m3110w

m3110w

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Hello zep516, Thanks for your offer to help. Below is the adwcleaner log file. Just let me know what I should do next. Every time I run Malwarebytes Free version PUP suptab.a shows up. I check remove or quarantine but it shows up again next time. I only use Chrome for browsing, never Firefox or IE.

 

# AdwCleaner v4.203 - Logfile created 05/05/2015 at 20:52:55
# Updated 30/04/2015 by Xplode
# Database : 2015-05-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Admin 2 for switch - ADVAIT-LAPTOP
# Running from : C:\Users\Advait\Documents\_dwld files to be processed\adwcleaner_4.203.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Found : C:\Users\Advait\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage
File Found : C:\Users\Advait\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Mobogenie3
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\WPM
Folder Found : C:\Users\Admin 2 for switch\AppData\Local\PackageAware
Folder Found : C:\Users\Admin 2 for switch\AppData\Roaming\Mobogenie
Folder Found : C:\Users\Admin 2 for switch\Documents\Mobogenie
Folder Found : C:\Users\Advait\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Found : C:\Users\Advait\AppData\Local\PackageAware
Folder Found : C:\Users\Advait\AppData\Roaming\Mobogenie
Folder Found : C:\Users\Advait\AppData\Roaming\Mozilla\Firefox\Profiles\u5jhkkyc.default-1401417174549\Extensions\[email protected]
Folder Found : C:\Users\Advait\mobogenieP2sp
Folder Found : C:\Windows\SysWOW64\config\systemprofile\Documents\Mobogenie
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Somoto
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Somoto
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : HKLM\SOFTWARE\supWPM
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKU\.DEFAULT\Software\IGearSettings
Key Found : HKU\.DEFAULT\Software\Mobogenie
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Advait\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.avg.com/search?cid={DF74D1C7-12B1-4D2D-9F84-A5FFA94C5DC5}&mid=49f3f93550b26eef7c5229f438b8aa2c-1283f2fc6c284e036037fa72879d52c695860feb&lang=us&ds=AVG&pr=&d=2012-02-24 08:46:06&v=10.0.0.7&sap=dsp&q={searchTerms}
[C:\Users\Advait\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Advait\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Advait\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Advait\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Advait\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : niloccemoadcdkdjlinkgdfekeahmflj
 
*************************
 
AdwCleaner[R0].txt - [5875 bytes] - [04/05/2015 11:53:12]
AdwCleaner[R1].txt - [5689 bytes] - [05/05/2015 20:52:55]
 
########## EOF - \AdwCleaner\AdwCleaner[R1].txt - [5748 bytes] ##########

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts

Hello,

 

That's all adware and can be deleted. Lets also look at another scan called FRST (Farber Recovery Scan Tool.) Go ahead and clean what adwcleaner found;

 

Then

 

Everything gets download to the desktop and tools are "Run as administrator."

 

Download this version of  tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Save it to your Desktop.
Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run (Desktop). Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please also paste it to your reply.

 

Please post in your next reply;

FRST.txt

Additions.txt


  • 0

#5
m3110w

m3110w

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

OK, I tried to download it but my Norton IS keeps removing it. I posted a message on the Norton forums about how to fix this.

 

You know any way I can bypass the Norton blockage and download the file? Thanks,


  • 0

#6
m3110w

m3110w

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I was able to download FRST.exe using my smartphone and then I transferred it over to my pc. I'll post the txt files soon.


  • 0

#7
m3110w

m3110w

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

OK, here's FRST.txt and addition.txt. Cheers,

 

-------------frst-----------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015
Ran by Admin 2 for switch (administrator) on ADVAIT-LAPTOP on 06-05-2015 15:16:05
Running from C:\Users\Advait\Documents\Farbar FRST scanner
Loaded Profiles: Advait & Admin 2 for switch (Available profiles: Advait & Standard User Accoun & Admin 2 for switch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apache Software Foundation) C:\Apache24\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Apache Software Foundation) C:\Apache24\bin\httpd.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
() C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Logitech©) C:\Program Files (x86)\Logitech\Z-5 Speakers\Z-5 Speakers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Mblaze_Home\CheckNDISPort.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The Audacity Team) C:\Program Files (x86)\Audacity\audacity.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [822816 2009-10-30] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-09] (Google)
HKLM-x32\...\Run: [Z-5 Speakers] => C:\Program Files (x86)\Logitech\Z-5 Speakers\Z-5 Speakers.exe [550160 2008-05-31] (Logitech©)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CheckNDISPort] => C:\Program Files (x86)\Mblaze_Home\CheckNDISPort.exe [454656 2014-11-28] ()
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\utorrent\utorrent.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Run: [Google Update] => C:\Users\Advait\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-07] (Google Inc.)
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Run: [uTorrent] => "C:\Users\Advait\Documents\Downloads\Dwld Exes Misc\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {0402a836-e8be-11e3-b605-00262286b35d} - F:\AutoRun.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {0402a852-e8be-11e3-b605-00262286b35d} - F:\AutoRun.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {04d7129a-55ec-11e4-a17f-00262286b35d} - G:\Autorun.exe /Auto
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {25d41b5c-19a5-11e2-bcc9-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {25d41b77-19a5-11e2-bcc9-00262286b35d} - F:\AutoRun.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {3188338b-9e1b-11e4-803a-00262286b35d} - F:\Windows/AutoRun.exe /autoinstall
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {364d44dc-59cf-11df-9ebf-005056c00008} - E:\setup_.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {450a0ce2-ea18-11e3-a7c5-00262286b35d} - F:\AutoRun.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {51d33d02-fa09-11df-b62a-80871bada31f} - G:\Setup.exe /Auto
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {7af679bc-d006-11e1-b1e8-00262286b35d} - IomegaEncryptionSetup v1.3.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {899c527b-c414-11e0-a3d9-a3f540c30016} - F:\LaunchU3.exe -a
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {8e1294f1-0b5b-11df-9af1-00262286b35d} - G:\IronKey.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {ac52c267-fc54-11e3-aa70-00262286b35d} - G:\AutoRun.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {eef294e0-ea2a-11e3-a7f1-9fb6fd49dec7} - F:\AutoRun.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {f2e169d9-ea35-11e3-80c5-00262286b35d} - F:\AutoRun.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\MountPoints2: {f2e16a0c-ea35-11e3-80c5-aee97a8233b9} - F:\AutoRun.exe
HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-321482684-1703469-3941775667-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-321482684-1703469-3941775667-1007\...\Run: [Google Update] => C:\Users\Admin 2 for switch\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-26] (Google Inc.)
HKU\S-1-5-21-321482684-1703469-3941775667-1007\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-321482684-1703469-3941775667-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-321482684-1703469-3941775667-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-321482684-1703469-3941775667-1007\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-321482684-1703469-3941775667-1007\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-09-09] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-04-11]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-10] (Egis Technology Inc.)
GroupPolicyUsers\S-1-5-21-321482684-1703469-3941775667-1006\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKU\S-1-5-21-321482684-1703469-3941775667-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
HKU\S-1-5-21-321482684-1703469-3941775667-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...g4z195t4852x895
HKU\S-1-5-21-321482684-1703469-3941775667-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-321482684-1703469-3941775667-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-321482684-1703469-3941775667-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.7.0.11
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-321482684-1703469-3941775667-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...AW_enUS362US363
SearchScopes: HKU\S-1-5-21-321482684-1703469-3941775667-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...AW_enUS362US363
SearchScopes: HKU\S-1-5-21-321482684-1703469-3941775667-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKU\S-1-5-21-321482684-1703469-3941775667-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.c...r=&d=2012-02-2408:46:06&v=9.0.0.18&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-321482684-1703469-3941775667-1000 -> {F06611A2-B411-4878-B135-23CA6D25039F} URL = http://us.yhs.search...p={searchTerms}
SearchScopes: HKU\S-1-5-21-321482684-1703469-3941775667-1007 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...AW_enUS362US363
SearchScopes: HKU\S-1-5-21-321482684-1703469-3941775667-1007 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-04-11] (LastPass)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-04-11] (LastPass)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-04-11] (LastPass)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-04-11] (LastPass)
Toolbar: HKU\S-1-5-21-321482684-1703469-3941775667-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-321482684-1703469-3941775667-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-321482684-1703469-3941775667-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2010-01-23] (Logitech Inc.)
Filter: text/html - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Admin 2 for switch\AppData\Roaming\Mozilla\Firefox\Profiles\euph91i7.default
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-04-11] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-04-11] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-321482684-1703469-3941775667-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Advait\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-321482684-1703469-3941775667-1000: @talk.google.com/O1DPlugin -> C:\Users\Advait\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-321482684-1703469-3941775667-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Advait\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-321482684-1703469-3941775667-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Advait\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-321482684-1703469-3941775667-1007: @talk.google.com/GoogleTalkPlugin -> C:\Users\Admin 2 for switch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-321482684-1703469-3941775667-1007: @talk.google.com/O1DPlugin -> C:\Users\Admin 2 for switch\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-321482684-1703469-3941775667-1007: @tools.google.com/Google Update;version=3 -> C:\Users\Admin 2 for switch\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-321482684-1703469-3941775667-1007: @tools.google.com/Google Update;version=9 -> C:\Users\Admin 2 for switch\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin 2 for switch\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin 2 for switch\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: LastPass - C:\Users\Admin 2 for switch\AppData\Roaming\Mozilla\Firefox\Profiles\euph91i7.default\Extensions\[email protected] [2013-06-26]
FF Extension: Flashblock - C:\Users\Admin 2 for switch\AppData\Roaming\Mozilla\Firefox\Profiles\euph91i7.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-05-14]
FF Extension: NoScript - C:\Users\Admin 2 for switch\AppData\Roaming\Mozilla\Firefox\Profiles\euph91i7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-06-25]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2014-06-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2015-05-06]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://sites.google...mma/home/links"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\pdf.dll No File
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java Deployment Toolkit 8.0.400.26) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Admin 2 for switch\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Admin 2 for switch\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Admin 2 for switch\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Profile: C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-28]
CHR Extension: (Google Drive) - C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-26]
CHR Extension: (YouTube) - C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-26]
CHR Extension: (Google Search) - C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-30]
CHR Extension: (Bookmark Manager) - C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]
CHR Extension: (Google Wallet) - C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-11]
CHR Extension: (Gmail) - C:\Users\Admin 2 for switch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-26]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.goog...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
CHR HKU\S-1-5-21-321482684-1703469-3941775667-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Advait\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-15]
CHR HKU\S-1-5-21-321482684-1703469-3941775667-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apache2.4; C:\Apache24\bin\httpd.exe [22016 2013-02-23] (Apache Software Foundation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [423600 2014-01-25] (Future Systems Solutions, Inc.)
S3 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [217088 2015-01-29] (Connectify) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-09] (Google)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
R2 UDisk Monitor; C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe [403456 2010-05-14] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20150501.001\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [42152 2014-08-08] (Connectify)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-30] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20150501.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
S3 MEMSWEEP2; C:\Windows\system32\25E8.tmp [6144 2011-08-25] (Sophos Plc) [File not signed]
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150505.017\ENG64.SYS [129752 2015-05-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150505.017\EX64.SYS [2137304 2015-05-04] (Symantec Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [58360 2012-11-26] (NetFilterSDK.com)
S3 OXSDIDRV_x64; C:\Windows\System32\DRIVERS\OXSDIDRV_x64.sys [51760 2009-09-28] ()
S3 OXUDIDRV; C:\Windows\system32\Drivers\OXUDIDRV_X64.sys [31280 2010-05-25] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15208 2009-06-17] (Secunia) [File not signed]
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-11] (Realtek Semiconductor Corporation                           )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2014-08-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-07] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-26] (Symantec Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [25592 2015-04-24] (Windows ® Win 7 DDK provider)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-06-07] (ZTEMT Incorporated)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S2 RHDISK_AMD64; \??\C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-06 15:15 - 2015-05-06 15:16 - 00000000 ____D () C:\FRST
2015-05-06 15:14 - 2015-05-06 15:16 - 00000000 ____D () C:\Users\Advait\Documents\Farbar FRST scanner
2015-05-06 13:07 - 2015-05-06 13:47 - 00000710 _____ () C:\Users\Advait\Desktop\Videos to record.txt
2015-05-06 08:21 - 2015-05-06 08:21 - 00000073 _____ () C:\Users\Admin 2 for switch\Desktop\farbar download link.txt
2015-05-05 20:51 - 2015-05-05 20:51 - 00013788 _____ () C:\Users\Advait\Desktop\adwcleaner_4.203.exe.lnk
2015-05-04 11:52 - 2015-05-05 20:54 - 00000000 ____D () C:\AdwCleaner
2015-05-04 07:05 - 2015-05-04 07:05 - 656366267 _____ () C:\Windows\MEMORY.DMP
2015-04-29 18:37 - 2015-04-29 18:37 - 00000970 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-04-28 18:11 - 2015-04-28 18:11 - 00034978 _____ () C:\Users\Admin
2015-04-25 19:53 - 2015-04-25 19:53 - 00002322 _____ () C:\Users\Advait\Desktop\Evernote.lnk
2015-04-25 18:40 - 2015-04-25 18:40 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote
2015-04-25 18:18 - 2015-05-01 11:05 - 00000000 ____D () C:\Users\Advait\Documents\_Mahita Movies
2015-04-19 19:26 - 2015-04-19 19:26 - 00000218 _____ () C:\Users\Advait\AppData\Local\recently-used.xbel
2015-04-15 10:00 - 2015-04-02 05:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:00 - 2015-04-02 05:19 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 10:00 - 2015-03-13 09:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:00 - 2015-03-13 09:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:00 - 2015-03-13 09:39 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:00 - 2015-03-13 09:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:00 - 2015-03-13 09:37 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:00 - 2015-03-13 09:30 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:00 - 2015-03-13 09:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:00 - 2015-03-13 09:25 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:00 - 2015-03-13 09:24 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:00 - 2015-03-13 09:24 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:00 - 2015-03-13 09:14 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:00 - 2015-03-13 09:12 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 10:00 - 2015-03-13 09:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 10:00 - 2015-03-13 09:10 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:00 - 2015-03-13 09:02 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:00 - 2015-03-13 08:58 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 10:00 - 2015-03-13 08:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 10:00 - 2015-03-13 08:57 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 10:00 - 2015-03-13 08:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 10:00 - 2015-03-13 08:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 10:00 - 2015-03-13 08:53 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:00 - 2015-03-13 08:52 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 10:00 - 2015-03-13 08:50 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 10:00 - 2015-03-13 08:50 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 10:00 - 2015-03-13 08:47 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 10:00 - 2015-03-13 08:46 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 10:00 - 2015-03-13 08:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 10:00 - 2015-03-13 08:38 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:00 - 2015-03-13 08:37 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:00 - 2015-03-13 08:36 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 10:00 - 2015-03-13 08:35 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:00 - 2015-03-13 08:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 10:00 - 2015-03-13 08:27 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 10:00 - 2015-03-13 08:26 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 10:00 - 2015-03-13 08:24 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 10:00 - 2015-03-13 08:19 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 10:00 - 2015-03-13 08:14 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 10:00 - 2015-03-13 08:13 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 10:00 - 2015-03-13 08:12 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 10:00 - 2015-03-13 08:04 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 10:00 - 2015-03-13 08:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:00 - 2015-03-13 07:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:00 - 2015-03-13 07:50 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 10:00 - 2015-03-13 07:46 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 10:00 - 2015-03-13 07:44 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 09:59 - 2015-03-13 10:02 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 09:59 - 2015-03-13 09:38 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 09:59 - 2015-03-13 09:38 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 09:59 - 2015-03-13 09:36 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 09:59 - 2015-03-13 09:23 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 09:59 - 2015-03-13 09:20 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 09:59 - 2015-03-13 08:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 09:59 - 2015-03-13 08:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 09:59 - 2015-03-13 08:35 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 09:59 - 2015-03-13 08:30 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 09:59 - 2015-03-13 08:15 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 09:53 - 2015-03-25 08:54 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 09:53 - 2015-03-25 08:54 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 09:53 - 2015-03-25 08:54 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 09:53 - 2015-03-25 08:54 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 09:53 - 2015-03-25 08:54 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 09:53 - 2015-03-25 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 09:53 - 2015-03-25 08:54 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 09:53 - 2015-03-25 08:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 09:53 - 2015-03-25 08:53 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 09:53 - 2015-03-25 08:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 09:53 - 2015-03-25 08:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 09:53 - 2015-03-25 08:30 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 09:53 - 2015-03-25 08:30 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 09:53 - 2015-03-25 08:30 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 09:53 - 2015-03-25 08:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 09:53 - 2015-03-25 08:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 09:50 - 2015-03-23 08:55 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 09:50 - 2015-03-23 08:55 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 09:50 - 2015-03-23 08:54 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 09:50 - 2015-03-23 08:54 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 09:50 - 2015-03-23 08:54 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 09:50 - 2015-03-23 08:54 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 09:50 - 2015-03-23 08:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 09:50 - 2015-03-23 08:47 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 09:50 - 2015-03-17 10:52 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 09:50 - 2015-03-17 10:52 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 09:50 - 2015-03-17 10:52 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 09:50 - 2015-03-17 10:49 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 09:50 - 2015-03-17 10:47 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 09:50 - 2015-03-17 10:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 09:50 - 2015-03-17 10:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 09:50 - 2015-03-17 10:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 09:50 - 2015-03-17 10:46 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 09:50 - 2015-03-17 10:46 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 09:50 - 2015-03-17 10:45 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 09:50 - 2015-03-17 10:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 09:50 - 2015-03-17 10:45 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 09:50 - 2015-03-17 10:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 09:50 - 2015-03-17 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:31 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 09:50 - 2015-03-17 10:31 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 09:50 - 2015-03-17 10:29 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 09:50 - 2015-03-17 10:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 09:50 - 2015-03-17 10:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 09:50 - 2015-03-17 10:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 09:50 - 2015-03-17 10:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 09:50 - 2015-03-17 10:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 09:50 - 2015-03-17 10:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 09:50 - 2015-03-17 10:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 09:50 - 2015-03-17 10:27 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 09:50 - 2015-03-17 10:27 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 09:50 - 2015-03-17 10:26 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 09:50 - 2015-03-17 10:26 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 09:50 - 2015-03-17 10:26 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 09:50 - 2015-03-17 10:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 09:50 - 2015-03-17 10:26 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 09:50 - 2015-03-17 10:26 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 09:50 - 2015-03-17 10:26 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 09:50 - 2015-03-17 10:23 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 09:50 - 2015-03-17 10:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 09:15 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 09:50 - 2015-03-17 09:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 09:50 - 2015-03-17 09:13 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 09:13 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 09:13 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:50 - 2015-03-17 09:13 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:48 - 2015-03-10 08:55 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:48 - 2015-03-10 08:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 09:48 - 2015-03-10 08:38 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 09:48 - 2015-03-10 08:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 09:48 - 2015-03-05 10:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:48 - 2015-03-05 09:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 09:48 - 2015-03-04 10:25 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:48 - 2015-03-04 10:11 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:48 - 2015-03-04 09:40 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 09:48 - 2015-02-25 08:48 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 07:18 - 2015-04-13 07:18 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-04-13 07:18 - 2015-04-13 07:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-04-13 07:16 - 2015-04-13 07:18 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2015-04-12 05:52 - 2015-04-12 05:52 - 00001760 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-12 05:52 - 2015-04-12 05:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-12 05:50 - 2015-04-12 05:50 - 00000000 ____D () C:\Program Files\iPod
2015-04-12 05:50 - 2015-04-12 05:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-12 05:49 - 2015-04-12 05:52 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-12 05:49 - 2015-04-12 05:52 - 00000000 ____D () C:\Program Files\iTunes
2015-04-11 11:26 - 2015-04-11 11:26 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-04-11 11:25 - 2015-04-11 11:26 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-04-11 11:25 - 2015-04-11 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-04-11 08:02 - 2015-04-11 08:02 - 00000000 ____D () C:\Users\Advait\Documents\N5, Xfer to N5
2015-04-10 11:21 - 2015-04-10 11:21 - 00001029 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-10 11:11 - 2015-04-10 11:11 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\MPC-HC
2015-04-10 11:09 - 2015-04-10 11:09 - 00001709 _____ () C:\Users\Public\Desktop\MPC-HC x64.lnk
2015-04-10 11:09 - 2015-04-10 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2015-04-10 11:09 - 2015-04-10 11:09 - 00000000 ____D () C:\Program Files\MPC-HC
2015-04-07 16:00 - 2015-04-07 16:00 - 00000000 ____D () C:\Users\Advait\Netcast
2015-04-07 10:12 - 2015-04-07 10:12 - 00000000 __SHD () C:\Users\Admin 2 for switch\AppData\Local\EmieUserList
2015-04-07 10:12 - 2015-04-07 10:12 - 00000000 __SHD () C:\Users\Admin 2 for switch\AppData\Local\EmieSiteList
2015-04-07 10:12 - 2015-04-07 10:12 - 00000000 __SHD () C:\Users\Admin 2 for switch\AppData\Local\EmieBrowserModeList
2015-04-07 10:07 - 2015-04-07 10:07 - 00000000 ____D () C:\Users\Advait\mobogenieP2sp
2015-04-07 09:03 - 2015-04-07 10:09 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Mobogenie
2015-04-07 08:03 - 2015-04-07 08:04 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Roaming\Mobogenie
2015-04-07 08:03 - 2015-04-07 08:03 - 00000000 ____D () C:\Users\Public\Documents\GenieSoft
2015-04-07 08:02 - 2015-04-07 10:13 - 00000000 ____D () C:\Users\Admin 2 for switch\Documents\Mobogenie
2015-04-07 08:02 - 2015-04-07 10:13 - 00000000 ____D () C:\Program Files (x86)\Mobogenie3
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-06 15:13 - 2013-08-21 08:12 - 00000000 ____D () C:\Users\Advait\Documents\_dwld files to be processed
2015-05-06 15:11 - 2010-01-18 04:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 14:53 - 2010-01-18 03:56 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1000UA.job
2015-05-06 14:29 - 2012-11-26 08:02 - 00000960 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1007UA.job
2015-05-06 13:39 - 2009-11-19 00:49 - 01497755 _____ () C:\Windows\WindowsUpdate.log
2015-05-06 13:04 - 2012-11-14 08:50 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Audacity
2015-05-06 12:34 - 2014-06-02 17:35 - 00110220 _____ () C:\Windows\setupact.log
2015-05-06 11:48 - 2015-01-17 16:26 - 00000000 ____D () C:\Program Files (x86)\Mblaze_Home
2015-05-06 11:04 - 2009-07-14 10:15 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 11:04 - 2009-07-14 10:15 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-06 10:55 - 2010-01-18 04:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-06 10:52 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 09:12 - 2014-06-27 15:40 - 00036017 _____ () C:\Users\Advait\Desktop\scratch pad.txt
2015-05-06 09:05 - 2010-02-02 01:35 - 00000000 ____D () C:\Users\Advait\AppData\Local\CutePDF Writer
2015-05-06 08:58 - 2014-01-22 16:38 - 00003578 _____ () C:\Windows\Sandboxie.ini
2015-05-06 08:22 - 2012-12-25 10:53 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\MediaMonkey
2015-05-05 18:53 - 2010-01-18 03:56 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1000Core.job
2015-05-05 18:29 - 2012-11-26 08:02 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1007Core.job
2015-05-05 16:54 - 2009-07-14 10:43 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-05 16:49 - 2010-01-17 06:12 - 00000000 ____D () C:\Users\Advait\Documents\Misc Docs
2015-05-05 09:11 - 2015-01-06 19:33 - 00000000 ____D () C:\ProgramData\Unified Remote
2015-05-04 19:02 - 2012-06-23 07:00 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{073A47D5-0910-49EF-A958-488414CB55C6}
2015-05-04 15:39 - 2015-02-15 18:17 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Electrum
2015-05-04 15:38 - 2015-02-15 18:15 - 00000970 _____ () C:\Users\Admin 2 for switch\Desktop\Electrum.lnk
2015-05-04 15:38 - 2015-02-15 18:15 - 00000000 ____D () C:\Program Files (x86)\Electrum
2015-05-04 13:34 - 2013-08-25 07:36 - 00000000 ____D () C:\Users\Advait\AppData\Local\CrashDumps
2015-05-04 07:26 - 2012-10-29 07:44 - 00000000 ____D () C:\Users\Advait\Documents\Fun Misc
2015-05-04 07:06 - 2010-01-15 05:37 - 00000000 ____D () C:\Windows\Minidump
2015-05-03 18:10 - 2010-01-19 21:22 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Mp3tag
2015-05-03 12:02 - 2012-07-22 14:01 - 00000000 ____D () C:\Windows\PCHEALTH
2015-05-01 16:38 - 2015-02-06 16:53 - 00044217 _____ () C:\Users\Advait\Desktop\Scratch pad.odt
2015-05-01 15:15 - 2010-01-17 03:21 - 00000000 ____D () C:\Users\Advait\Documents\Sanatana Dharma Misc
2015-05-01 09:02 - 2013-07-29 19:11 - 00000000 ____D () C:\Users\Advait\Documents\My Ebooks, Calibre Library
2015-05-01 07:47 - 2015-02-27 08:08 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Roaming\Darkcoin
2015-04-30 16:15 - 2015-01-17 16:27 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-30 08:34 - 2015-01-06 19:33 - 00001077 _____ () C:\Users\Public\Desktop\Unified Remote.lnk
2015-04-30 08:34 - 2015-01-06 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3.0
2015-04-30 08:34 - 2015-01-06 19:33 - 00000000 ____D () C:\Program Files (x86)\Unified Remote 3.0
2015-04-30 08:23 - 2013-07-08 17:33 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-04-30 08:23 - 2010-02-23 04:32 - 00000632 __RSH () C:\Users\Advait\ntuser.pol
2015-04-30 08:23 - 2010-01-14 04:30 - 00000000 ____D () C:\Users\Advait
2015-04-29 18:39 - 2014-04-09 07:45 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Roaming\Audacity
2015-04-29 18:38 - 2010-01-18 07:57 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-04-29 18:37 - 2010-01-18 07:58 - 00000982 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-04-28 18:11 - 2012-06-02 16:09 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Roaming\DVDVideoSoft
2015-04-27 07:19 - 2010-01-14 07:11 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2015-04-26 19:25 - 2012-06-25 13:58 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Roaming\Mozilla
2015-04-25 18:50 - 2012-05-19 21:26 - 00000000 ____D () C:\Users\Admin 2 for switch
2015-04-24 11:50 - 2015-01-06 19:33 - 00025592 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\uvhid.sys
2015-04-24 11:49 - 2015-01-06 19:33 - 00007680 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2015-04-21 04:08 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\AppCompat
2015-04-19 06:03 - 2010-04-24 11:04 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-19 06:02 - 2015-03-28 06:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-16 08:48 - 2010-01-14 07:25 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Skype
2015-04-15 16:51 - 2013-07-23 08:51 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\vlc
2015-04-15 15:47 - 2010-01-17 04:15 - 00000000 ____D () C:\Users\Advait\Documents\Documents on Advait's Old Treo Pro
2015-04-15 11:00 - 2010-02-19 06:53 - 00779276 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 10:35 - 2014-12-10 17:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 10:35 - 2014-04-30 07:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 10:35 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 10:34 - 2009-11-07 08:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 10:32 - 2013-07-10 15:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 10:09 - 2010-01-14 05:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 18:58 - 2012-06-02 16:12 - 00115640 _____ () C:\Users\Admin 2 for switch\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-13 07:24 - 2010-01-14 04:31 - 00115640 _____ () C:\Users\Advait\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-13 07:22 - 2009-07-14 10:15 - 00447560 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-12 05:50 - 2010-01-15 01:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-11 11:26 - 2010-02-01 06:01 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-04-10 20:02 - 2015-03-25 19:51 - 00000000 ____D () C:\Users\Advait\AppData\Local\RippleClient
2015-04-10 18:27 - 2015-03-28 07:31 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\MultiDoge
2015-04-08 18:13 - 2014-02-25 18:06 - 00000000 ____D () C:\Users\Advait\Documents\N5 man bu, archived
2015-04-08 06:41 - 2015-02-27 13:35 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Darkcoin
2015-04-07 10:12 - 2012-06-02 16:12 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2015-04-11 11:26 - 2015-04-11 11:26 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-09-13 16:46 - 2013-09-13 16:46 - 0000218 _____ () C:\Users\Admin 2 for switch\AppData\Local\recently-used.xbel
2013-03-04 08:39 - 2014-12-17 07:16 - 0007623 _____ () C:\Users\Admin 2 for switch\AppData\Local\Resmon.ResmonCfg
2013-12-19 08:30 - 2013-12-19 08:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-11-07 09:14 - 2009-11-07 09:16 - 0008415 _____ () C:\ProgramData\ArcadeDeluxe3.log
2010-01-14 07:37 - 2010-01-14 07:37 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-07-13 20:03 - 2011-07-13 20:03 - 0000091 _____ () C:\ProgramData\PS.log
 
Files to move or delete:
====================
C:\Users\Advait\IP_Log_Data.js
C:\Users\Advait\Network_Meter_Data.js
 
 
Some content of TEMP:
====================
C:\Users\Admin 2 for switch\AppData\Local\Temp\7z.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\cygiconv-2.dll
C:\Users\Admin 2 for switch\AppData\Local\Temp\cygintl-8.dll
C:\Users\Admin 2 for switch\AppData\Local\Temp\cygwin1.dll
C:\Users\Admin 2 for switch\AppData\Local\Temp\dtkill.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\Executor.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\md5sum.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\MyRouter.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\npp.6.4.3.Installer.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\npp.6.4.5.Installer.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\un17396.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\un27374.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Admin 2 for switch\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Advait\AppData\Local\Temp\Checkupdate.exe
C:\Users\Advait\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbo4b3k.dll
C:\Users\Advait\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Advait\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Advait\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Advait\AppData\Local\Temp\jna1340698543165834466.dll
C:\Users\Advait\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Advait\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\Advait\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Advait\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Advait\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Advait\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\IconCodecService.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 19:58
 
==================== End Of Log ============================

 

-------------end frst-----------------

 

--------------------addition.txt--------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015
Ran by Admin 2 for switch at 2015-05-06 15:17:45
Running from C:\Users\Advait\Documents\Farbar FRST scanner
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin 2 for switch (S-1-5-21-321482684-1703469-3941775667-1007 - Administrator - Enabled) => C:\Users\Admin 2 for switch
Administrator (S-1-5-21-321482684-1703469-3941775667-500 - Administrator - Disabled)
Advait (S-1-5-21-321482684-1703469-3941775667-1000 - Limited - Enabled) => C:\Users\Advait
Guest (S-1-5-21-321482684-1703469-3941775667-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-321482684-1703469-3941775667-1002 - Limited - Enabled)
Standard User Accoun (S-1-5-21-321482684-1703469-3941775667-1006 - Limited - Enabled) => C:\Users\Standard User Accoun
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-321482684-1703469-3941775667-1007\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Assist (HKLM-x32\...\Acer Assist) (Version:  - Acer Incorporated)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.5.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.02.0804 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audio Notes (HKLM-x32\...\Audio Notes) (Version:  - )
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 3.5.0.0 - Auslogics Labs Pty Ltd)
Auslogics System Information (HKLM-x32\...\{AF5A39FE-51FB-4BA3-B399-2D1F0C65D617}_is1) (Version: version 1.5 - Auslogics Software Pty Ltd)
AutoRun Disable by Endpoint Protector (HKLM-x32\...\{553CB6F4-CE15-4C37-A624-AF14667B8006}) (Version: 1.0.06 - CoSoSys Ltd.)
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Bitcoin (HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Bitcoin) (Version: 0.3.20 - Bitcoin project)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
calibre 64bit (HKLM\...\{C30715AA-E41F-4B8E-BA9E-4C455FB22DD4}) (Version: 2.4.0 - Kovid Goyal)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Casper 7.0 (HKLM\...\{467B36C7-C3B1-40CA-824D-C564F54E3F03}) (Version: 7.0.2754 - Future Systems Solutions, Inc.)
Casper 7.0 Startup Disk Creator (HKLM-x32\...\Casper 7.0 Startup Disk Creator 7.0.2600) (Version: 7.0.2600 - Future Systems Solutions, Inc.)
Casper 7.0 Startup Disk Creator (x32 Version: 7.0.2600 - Future Systems Solutions, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDex extraction audio (HKLM-x32\...\CDex) (Version:  - )
Cheetah Sync (HKLM-x32\...\{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}) (Version: 1.5.1 - JRT Studio)
CompanionLink (HKLM-x32\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 6.00.6000 - CompanionLink Software, Inc.)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.0.1.34332 - Connectify)
Cool Timer 3.6 (HKLM-x32\...\Cool Timer_is1) (Version:  - )
CryptoPrevent v6.0.2 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CVE-2012-1889 (HKLM\...\{06b2b7ed-809a-44e6-8538-ca0f5b74ecc4}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{29447369-6968-4e86-a208-603f6f0771a6}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{393ffabe-5a1a-43b3-8e03-8f573e1e0d01}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{7d32ab1f-1858-4373-a75a-b7cd8feb5d92}.sdb) (Version:  - )
CVE-2012-1889 (HKLM\...\{f300e352-12de-4e7f-ace3-a376874402b6}.sdb) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darkcoin Core (32-bit) (HKU\S-1-5-21-321482684-1703469-3941775667-1007\...\Darkcoin Core (32-bit)) (Version: 0.11.1 - Darkcoin Core project)
Direct MP3 Joiner version 3.0.2.9 (HKLM-x32\...\Direct MP3 Joiner_is1) (Version: 3.0.2.9 - Piston Software)
Dropbox (HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
EaseUS Partition Master 10.1 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EMET (HKLM-x32\...\{002E4E18-D227-4053-AEEB-84C12F954C93}) (Version: 2.0.0.2 - Microsoft)
Eraser 6.0.9.2343 (HKLM\...\{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}) (Version: 6.0.2343 - The Eraser Project)
Evernote v. 5.8.5 (HKLM-x32\...\{5EDC25EC-D966-11E4-9E5C-00163E98E7D6}) (Version: 5.8.5.7193 - Evernote Corp.)
FanFictionDownloader version 0.8.8 (HKLM-x32\...\{1D868954-1083-4BBA-8379-C7A9B2705CBA}_is1) (Version: 0.8.8 - Raimond Eisele)
FastStone Photo Resizer 3.1 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
Folder Size 2.0.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1) (Version: 2.0.0.0 - MindGems, Inc.)
FreeCommander 2009.02b (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreeFileSync 6.8 (HKLM-x32\...\FreeFileSync) (Version: 6.8 - Zenju)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google SketchUp 8 (HKLM-x32\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{7D3BA8DC-91DF-4310-B5D5-DDEFE685B668}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - )
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karen's Replicator (HKLM-x32\...\Karen's Replicator) (Version: 3.6.0.8 - Karen Kenworthy)
L&H TTS3000 British English (HKLM-x32\...\LHTTSENG) (Version:  - )
LAME v3.98.2 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LastPass (uninstall only) (HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\LastPass) (Version:  - LastPass)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
LibreOffice 4.4.2.2 (HKLM-x32\...\{99A395EF-A310-40BB-B7A3-E3FF07CC38FC}) (Version: 4.4.2.2 - The Document Foundation)
Logitech Desktop Messenger (HKLM-x32\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.56.102 - Logitech, Inc.)
Logitech Updater (HKLM-x32\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Z-5 (HKLM-x32\...\{C314AD4A-1715-40DD-9C20-04EF3D22598B}) (Version: 1.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SAPI 5.1 English Voices for 2nd Speech Center (HKLM-x32\...\{204A93F8-DAF2-4934-A2EA-5F4FFBDFDD10}) (Version: 5.1 - Zero2000.com)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.22.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.53 (HKLM-x32\...\Mp3tag) (Version: v2.53 - Florian Heidenreich)
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiDoge 0.1.4 (HKLM-x32\...\MultiDoge 0.1.4) (Version: 0.1.4 - )
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
NetWorx 5.2.7 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Oracle VM VirtualBox 4.1.18 (HKLM\...\{4EE61784-10C6-4B7C-A0B2-5BED17B05741}) (Version: 4.1.18 - Oracle Corporation)
Path Copy Copy 2.1 (HKLM\...\{3C01F274-867C-4D1D-BE8C-CB488C31B0C9}_is1) (Version:  - Charles Lechasseur)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.2.0 - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{A1AB5398-D117-4B66-8754-732397E85022}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Reliance Netconnect - Broadband+ (HKLM\...\ZTEWireless-101_is1) (Version:  - )
RemoteComms External Disk Access (HKLM-x32\...\{04FCD5DE-1662-4F99-BDA9-C57212113EF2}) (Version: 1.25.0003 - PLX Technology)
Resco Explorer (HKLM-x32\...\Resco Explorer) (Version:  - )
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Secunia PSI (HKLM-x32\...\Secunia PSI) (Version:  - )
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 2 (HKLM-x32\...\Smart Defrag 2_is1) (Version: 2.3 - IObit)
Sophos Free Encryption 2.40.1 (HKLM-x32\...\{64C13A35-B44C-47E5-88DC-0916FCE1E7C1}) (Version: 2.40.1.1 - Sophos)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Taggtool Desktop (HKLM\...\{C735AAD2-9D49-491A-96ED-C41B7DCFCB20}) (Version: 4.1.1 - Taggtool)
TeamViewer 5 (HKLM-x32\...\TeamViewer 5) (Version: 5.0.9104  - TeamViewer GmbH)
TextAloud 3.0 (HKLM-x32\...\TextAloud3_is1) (Version: 3.0 - NextUp.com)
TheTravelCollection (HKLM-x32\...\TheTravelCollection) (Version:  - )
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.2.5 - Unified Intents AB)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp Detector Plug-in (HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Updates Downloader (HKLM-x32\...\Windows Updates Downloader) (Version: 2.50 Build 1002 - Supremus Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Advait\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\Advait\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Advait\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\Advait\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{BD6BEEE8-64CE-4814-B319-990645883E89}\InprocServer32 -> C:\Users\Advait\AppData\Local\Apps\Evernote\Evernote\EvernoteOLx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Advait\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Advait\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Advait\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Advait\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Admin 2 for switch\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Admin 2 for switch\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Admin 2 for switch\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Admin 2 for switch\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Admin 2 for switch\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin 2 for switch\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Advait\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-321482684-1703469-3941775667-1007_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Admin 2 for switch\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-18 23:25 - 2014-10-05 19:57 - 00000898 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0FEE67CE-63D9-4490-9902-CC0A1FE06B00} - System32\Tasks\{0D9C49EE-EA3D-4752-846B-FD8974E4A380} => pcalua.exe -a "C:\Users\Advait\Documents\Downloads\Dwld TTS\spchapi.EXE" -d "C:\Users\Advait\Documents\Downloads\Dwld TTS"
Task: {115BC57A-0B1E-4AD0-8B3B-92447F04B29E} - System32\Tasks\{82D67DEF-561B-456A-92EC-5BB5255B5D5D} => pcalua.exe -a "C:\Users\Advait\Documents\Dwld Exes Media\install_flash_player.exe" -d "C:\Users\Advait\Documents\Dwld Exes Media"
Task: {1CA663DA-B4F9-4502-9C36-8BCC871CC565} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {22DEB8B5-C611-4320-A788-C691A7F43141} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1007UA => C:\Users\Admin 2 for switch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-26] (Google Inc.)
Task: {2367C4D9-51EF-43C6-AEC4-04BF3D34B17A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1000UA => C:\Users\Advait\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {2A728321-F5C3-4DC9-B3FD-427F5F330D8F} - System32\Tasks\{04F2FA3F-4FD3-41AE-93FB-9B77C34BA147} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {37764151-3502-4C2D-B3A5-DB472F8D704E} - System32\Tasks\{9B22CE83-CEEF-4FEF-B6E3-21651ACA7861} => Firefox.exe http://ui.skype.com/...led;madedefault
Task: {45A92B9B-EC19-47BD-93DF-DDAE46779F8C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5DC6DBDC-49EC-42C1-AA88-9B4F8F714EBB} - System32\Tasks\{66A4BFB0-A56C-4656-9F67-9531BC560B16} => pcalua.exe -a "C:\Users\Advait\Documents\Downloads\Dwld TTS\SpchCpl.exe" -d "C:\Users\Advait\Documents\Downloads\Dwld TTS"
Task: {604028CB-42D7-470A-B7C0-D132F2E7978B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {6E004495-BFDE-4228-9422-E6CE6474BB4A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {80230AEB-5CF8-4A21-B951-605CF1E76453} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {84E5E350-E53E-42FC-A4E4-F55C98BEC526} - System32\Tasks\{2D9C49CD-6E84-4FD1-99C7-230BEEABD781} => pcalua.exe -a "C:\Users\Advait\Documents\Dwld Exes Security\lastpass_x64.exe" -d "C:\Users\Advait\Documents\Dwld Exes Security"
Task: {869BF78D-9BF5-4282-8F05-011FEA5B680E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {8E40A12D-3EA9-4F2D-9449-885B5BCE4F14} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {94CC50E0-47FB-498E-8992-646FE7EE5D65} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {9CD7F8CC-6D5E-4D54-BC45-3D4765CEA915} - System32\Tasks\hpUtility.exe_{520AD80F-A387-4AAF-953A-3895368B5905} => C:\Program Files\HP\HP Deskjet 1510 series\Bin\utils\hpUtility.exe [2013-11-29] (Hewlett-Packard Co.)
Task: {A1520FC0-32C6-4DB9-AC60-DAA78F6E7A22} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-11-29] (Hewlett-Packard Co.)
Task: {BAE884AF-14AC-426D-BB8E-744E1E6232F2} - System32\Tasks\{303DDC5D-7478-4701-957C-5B4B7611822F} => pcalua.exe -a "C:\ProgramData\VMware\VMware Player\Uninstaller\uninstall.exe" -c -x
Task: {BB80B387-5460-43B1-B08E-24096C57559F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1007Core => C:\Users\Admin 2 for switch\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-26] (Google Inc.)
Task: {BB920056-0416-426D-8F59-E36D78868619} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-11-22] ()
Task: {BE876BC4-49AC-4720-8022-36C4D5C085F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {CA4929DF-29DE-4B66-A655-51F19B105FBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1000Core => C:\Users\Advait\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {CF38099C-9745-4197-84FE-68581AB67233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {D488DDD7-9311-4CED-8BA7-B18AA93533F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6797056-2B5E-4CB5-B006-BEFF4C9105AA} - System32\Tasks\Future Systems Solutions\Casper\Casper 7.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 7.0\CASPER.EXE [2014-01-25] (Future Systems Solutions, Inc.)
Task: {E2CFCB43-BEF6-432F-80C7-99EC34A234CF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {EB4C17B6-623C-41AA-9AEE-871F97100CF1} - System32\Tasks\{3B08649E-F227-4593-AB89-AF9AC15E4F70} => pcalua.exe -a "C:\Users\Advait\Documents\Dwld Exes Security\lastpass.exe" -d "C:\Users\Advait\Documents\Dwld Exes Security"
Task: {F9F0867A-D650-4679-A1DC-0EAD52DFBA17} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1000Core.job => C:\Users\Advait\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1000UA.job => C:\Users\Advait\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1007Core.job => C:\Users\Admin 2 for switch\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321482684-1703469-3941775667-1007UA.job => C:\Users\Admin 2 for switch\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-01-19 06:07 - 2009-11-05 19:10 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-25 17:02 - 2013-07-23 09:17 - 00239696 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2010-11-27 15:09 - 2010-05-14 14:33 - 00403456 _____ () C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe
2010-01-30 02:53 - 2010-01-10 09:13 - 00200704 _____ () C:\Program Files\Path Copy Copy\PCC64.dll
2014-09-16 17:39 - 2013-12-17 11:59 - 03526240 _____ () C:\Program Files (x86)\TextAloud\TAContextMenu64.dll
2014-05-12 15:19 - 2014-05-12 15:19 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-01-17 16:26 - 2014-11-28 12:04 - 00454656 _____ () C:\Program Files (x86)\Mblaze_Home\CheckNDISPort.exe
2013-05-14 16:27 - 2012-12-24 11:49 - 00111616 _____ () C:\Apache24\bin\pcre.dll
2013-08-21 08:41 - 2009-12-23 17:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-01-18 06:15 - 2010-09-09 03:24 - 00034816 _____ () C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
2008-04-24 22:05 - 2008-04-24 22:05 - 00249856 _____ () C:\Program Files (x86)\Logitech\Z-5 Speakers\wxmsw28u_skin_vc_custom.dll
2008-05-31 03:06 - 2008-05-31 03:06 - 00144656 _____ () C:\Program Files (x86)\Logitech\Z-5 Speakers\LMPMdllExport.dll
2015-01-17 16:26 - 2014-11-28 12:03 - 00335872 _____ () C:\Program Files (x86)\Mblaze_Home\Helper.dll
2015-01-17 16:26 - 2014-04-03 08:18 - 00971776 _____ () C:\Program Files (x86)\Mblaze_Home\libxml2.dll
2015-01-17 16:26 - 2014-04-03 08:18 - 00073728 _____ () C:\Program Files (x86)\Mblaze_Home\zlib1.dll
2015-01-17 16:26 - 2014-04-03 08:18 - 00290904 _____ () C:\Program Files (x86)\Mblaze_Home\libxslt.dll
2015-01-17 16:26 - 2014-11-28 12:04 - 00851968 _____ () C:\Program Files (x86)\Mblaze_Home\Runtime.dll
2015-01-17 16:26 - 2014-11-28 12:03 - 00026624 _____ () C:\Program Files (x86)\Mblaze_Home\Threading.dll
2015-04-30 16:14 - 2015-04-28 07:37 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 16:14 - 2015-04-28 07:37 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93707840.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93707840.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\grc.com -> hxxps://www.grc.com
IE trusted site: HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\mozilla.com -> hxxps://www.mozilla.com
IE trusted site: HKU\S-1-5-21-321482684-1703469-3941775667-1000\...\secunia.com -> hxxps://psi.secunia.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-321482684-1703469-3941775667-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-321482684-1703469-3941775667-1007\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer5 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk => C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Taggtool.lnk => C:\Windows\pss\Taggtool.lnk.CommonStartup
MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: Connectify Hotspot => C:\Program Files (x86)\Connectify\Connectify.exe
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: Easy Sync => C:\Program Files (x86)\Pocket Wizards\Easy Sync\Easy Sync.exe
MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: lxczbmgr.exe => "C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe"
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PlayMovie => "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ROC_roc_dec12 => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
MSCONFIG\startupreg: Rohos => C:\Program Files (x86)\Rohos\agent.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Admin 2 for switch\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VMware hqtray => "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{BEC67F59-159C-44F1-B497-27EC8031005A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FFFB0FB0-F1EF-4566-8942-8E59902A8B58}] => (Allow) svchost.exe
FirewallRules: [{07127C18-C2E0-4955-8808-3E9CE9C39690}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{C07194AF-39EC-4E84-A26C-BD86805A9337}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4BF353B0-04CF-4ACF-9BD2-9673D5E014B2}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{2C4A7039-C8C0-4697-9DF1-569D095B4593}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{991A3BB4-7CA7-4B09-9DAA-B0B5E8F51DEB}] => (Allow) LPort=26675
FirewallRules: [{35B569E5-7333-47BF-AD7D-9CCCD7329B87}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{2F29D5A8-F199-4409-92E2-F27E24A8F337}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{6E3BFF02-55E3-4403-9779-3271860E4914}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{1794AFF5-2AA4-4200-A122-B2648D2A9F4F}] => (Allow) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [TCP Query User{9DDD8F28-D1AD-4A1B-9D01-DDE3720EEA58}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [UDP Query User{3D358F83-3B95-4FF0-8D5B-18D996062953}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [{D3526E83-066F-45FB-ADEB-587CBD4CAB99}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{737114D7-CCB5-4C3E-8218-B7E633C6B441}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{A18EC516-762C-458C-9095-546773E47B45}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{866C381A-B01F-47A0-848E-FB517C9660C4}C:\program files (x86)\sprite software\sprite backup\spriteservice.exe] => (Allow) C:\program files (x86)\sprite software\sprite backup\spriteservice.exe
FirewallRules: [UDP Query User{50F956E7-BB28-4F70-A3F5-4F496AD4CC3D}C:\program files (x86)\sprite software\sprite backup\spriteservice.exe] => (Allow) C:\program files (x86)\sprite software\sprite backup\spriteservice.exe
FirewallRules: [{5C609708-FB97-407A-A34D-A5B67403DDB6}] => (Block) C:\program files (x86)\sprite software\sprite backup\spriteservice.exe
FirewallRules: [{C0FD3AD4-E4C1-4BD3-AF1F-E8362722E58E}] => (Block) C:\program files (x86)\sprite software\sprite backup\spriteservice.exe
FirewallRules: [{A7F567BF-5AA9-4DA2-9198-4A6A4CBB4873}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{EA4BFA7E-692A-46FA-A89E-80EA74B2D7A2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{557C827A-EF15-4931-BAED-59DE94C56BDE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{33D24E72-C2C0-4044-BE59-715ADD2B5FC4}] => (Allow) LPort=2869
FirewallRules: [{7839E61B-BAAF-4B0A-89AD-C3C576472786}] => (Allow) LPort=1900
FirewallRules: [{86247AAA-0811-4696-9488-F0A127C222D0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{8C1FC204-6558-4819-80F1-17E7F3CA856C}C:\program files (x86)\bitcoin\bitcoin.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin.exe
FirewallRules: [UDP Query User{DF63D1E5-0B0C-4C6C-89BD-8C3BBFEA9A89}C:\program files (x86)\bitcoin\bitcoin.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin.exe
FirewallRules: [{5A2464EC-36BC-4374-9023-4003DC2D81EB}] => (Allow) C:\Users\Advait\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{4D4E39A3-D5C3-4DAC-9160-8F0B6361F51C}] => (Allow) C:\Users\Advait\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{D482581D-D03A-40E2-BD0B-16844A39BF3B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{119954CB-C3B0-4C57-A3D9-ED2A5FA915C1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09C69F85-749C-4043-AB7E-B6CC9E0874F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CA2A0F2F-8BB3-4D61-8594-33D21F5D6B08}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{785D1285-F4B7-4CAA-832C-3D7A091EFB66}] => (Allow) C:\Users\Admin 2 for switch\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{B6E90437-1572-4843-8E58-85A4A149DFD9}] => (Allow) C:\Users\Admin 2 for switch\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{0D0809CB-2528-453F-94E6-2192FAAB728D}C:\apache24\bin\httpd.exe] => (Allow) C:\apache24\bin\httpd.exe
FirewallRules: [UDP Query User{4E6F6027-2682-47AF-89C1-5EFEAF906DDB}C:\apache24\bin\httpd.exe] => (Allow) C:\apache24\bin\httpd.exe
FirewallRules: [{8AFC68A4-5C86-4B84-B6C6-04D7379F5AA8}] => (Block) C:\apache24\bin\httpd.exe
FirewallRules: [{46799911-D3AC-4F4E-AC2C-BFAD7D9B859D}] => (Block) C:\apache24\bin\httpd.exe
FirewallRules: [{74A89696-DD74-4DFA-81AF-B31174999295}] => (Allow) C:\Users\Advait\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{620BA49B-51BB-4014-B7CF-7C95DDE828A8}] => (Allow) C:\Users\Advait\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{02D6BE9A-6B13-4EED-B231-611E51B1DEB2}] => (Allow) C:\Users\Advait\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{175A84A8-C04D-40F9-B8F1-C298C0FF975D}] => (Allow) C:\Users\Advait\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A7E6EB6D-1365-4E81-BFB8-664AB2B368BE}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{C21AAFF0-91FF-4386-B61B-3EB98A9BBA78}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{15E309AB-4953-4142-B981-93B8DAF9165F}] => (Allow) C:\Program Files (x86)\MyRouter\MyRouter.exe
FirewallRules: [{3EB676DA-9F33-4C19-B93C-28EC0A8A6FD7}] => (Allow) C:\Program Files (x86)\MyRouter\MyRouter.exe
FirewallRules: [{8FFC966F-E406-4E3F-B52B-74D78A42D6A0}] => (Allow) C:\Program Files (x86)\mHotspot\mHotspot.exe
FirewallRules: [{A9B32D72-14D2-4316-AAAD-E52B96EBF81D}] => (Allow) C:\Program Files (x86)\mHotspot\mHotspot.exe
FirewallRules: [TCP Query User{112D5C30-0AE0-4248-8B8F-5E10E48BEA1D}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [UDP Query User{AB34C7D2-14D7-4F20-857E-84A8AF0C3BE8}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe] => (Allow) C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe
FirewallRules: [{C74DF20E-E4E1-4B6B-816E-28447ECCD849}] => (Allow) C:\Users\Admin 2 for switch\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5DDAB995-5E12-41D7-A90E-7BF138339A5B}] => (Allow) C:\Users\Admin 2 for switch\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C1DB72DB-ACD3-4E11-9C29-A790F08956DB}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
FirewallRules: [{88C316D4-7A74-4F21-8CCB-6701BAC68129}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{5D987F45-5BE7-4B8E-948B-3A7B98DAC4B3}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{5C755D83-5962-480A-91E7-0460CDAFA91A}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{E72C9AA2-DC7B-4AF4-AD38-E9C5973B21F8}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{3AD492CA-01A2-4633-A441-4DB895885C37}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{D564A6DE-31B8-4DB4-BA41-921BFE99F06D}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{2851B087-6EDA-415C-A78A-79080B82B81F}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{CE91284A-8F55-46CC-924C-4C81E126E7A5}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{76220CE9-7D7D-4B2B-AB0C-54C23B0A1638}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{0CD5F944-2E79-42B6-A4FB-BD6CF7E5FD19}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{2AA874A2-75FA-4E43-AB7E-7DAB41FDA3F9}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{8755B038-5B60-40DC-BEA4-8A625B728E1E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{971DE296-B923-44B5-9087-AD3E78A87B6A}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{6C356EEB-2661-4EFB-B5D9-F98F84F1EB58}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{4348F436-08A5-41A9-A6E4-FC511F5605EC}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{9CA5F178-EE52-4837-B251-F3AEC9217EA4}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{54DF9984-C196-4239-8317-098B7C18A3DB}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{ECF446E3-C605-493A-93C9-76E20410812B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{9A8E5189-3D4F-471B-9F7C-90EF6639E120}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{1CD82423-C396-4CD3-8283-13E95D5136FB}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{A218FE76-BB79-40C8-91F5-78D8DFD3F7B4}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{A2C12CDF-B5C4-40FB-92C9-DA321055B45F}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{BEEA67A5-D8A7-4E1C-A08C-305D2B7C7F28}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{D9C8DF01-CD1F-4FDB-83EE-EBE4D9764CB7}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
FirewallRules: [{F005F418-37CA-40C5-A838-8EF3A4A4FB4E}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{0D2DDC97-4440-4B83-95D6-54628D601383}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{74724220-6C1C-4CF4-A001-28959613B6BC}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{5B805C8D-A1D5-4CA3-A667-C6C1E7F6AD8A}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{2071B381-1497-4F6F-BA33-ED74B567E9F1}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{358C1F62-0779-44F5-836F-38494564ADEF}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{C17B1795-3890-4E28-A80C-97A04B85578B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8052710A-06B3-4FF1-8DC0-E7E6239BF4E8}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{045A4822-D4BD-4CA1-9159-EC190E5685FF}] => (Allow) C:\Program Files (x86)\Unified Remote 3.0\RemoteServerWin.exe
FirewallRules: [{71D58155-A8CC-4DF4-BAB8-90893C5D5B54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: RHDISK_AMD64
Description: RHDISK_AMD64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: RHDISK_AMD64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/04/2015 01:33:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.4.2.2, time stamp: 0x55144c5f
Faulting module name: vcllo.dll, version: 4.4.2.2, time stamp: 0x55143773
Exception code: 0xc0000005
Fault offset: 0x0037eee5
Faulting process id: 0x1c2c
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3
 
Error: (05/03/2015 09:18:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000045f0fd8
Faulting process id: 0xef4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (04/29/2015 09:25:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.4.2.2, time stamp: 0x55144c5f
Faulting module name: vcllo.dll, version: 4.4.2.2, time stamp: 0x55143773
Exception code: 0xc0000005
Fault offset: 0x0037eee5
Faulting process id: 0x1680
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3
 
Error: (04/29/2015 04:20:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.4.2.2, time stamp: 0x55144c5f
Faulting module name: vcllo.dll, version: 4.4.2.2, time stamp: 0x55143773
Exception code: 0xc0000005
Fault offset: 0x0037eee5
Faulting process id: 0xd10
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3
 
Error: (04/25/2015 06:16:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MediaMonkey.exe version 4.1.5.1719 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d60
 
Start Time: 01d07f2a46fc5e22
 
Termination Time: 38
 
Application Path: C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe
 
Report Id: 0ee92807-eb49-11e4-a525-00262286b35d
 
Error: (04/19/2015 07:21:13 PM) (Source: Casper SmartSense) (EventID: 1010) (User: NT AUTHORITY)
Description: No active user detected for \\?\STORAGE#Volume#_??_USBSTOR#Disk&Ven_ZXID&Prod_USB_Storage_FFF1&Rev_2.31#1234567890ABCDEF&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
 
Error: 50
 
Error: (04/19/2015 07:21:13 PM) (Source: Casper SmartSense) (EventID: 1010) (User: NT AUTHORITY)
Description: No active user detected for \\?\USBSTOR#Disk&Ven_ZXID&Prod_USB_Storage_FFF1&Rev_2.31#1234567890ABCDEF&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
 
Error: 50
 
Error: (04/19/2015 07:21:13 PM) (Source: Casper SmartSense) (EventID: 1010) (User: NT AUTHORITY)
Description: No active user detected for \\?\USBSTOR#CdRom&Ven_ZXID&Prod_USB_Storage_FFF1&Rev_2.31#1234567890ABCDEF&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
 
Error: 50
 
Error: (04/19/2015 07:20:57 PM) (Source: Casper SmartSense) (EventID: 1010) (User: NT AUTHORITY)
Description: No active user detected for \\?\STORAGE#Volume#_??_USBSTOR#Disk&Ven_ZXID&Prod_USB_Storage_FFF1&Rev_2.31#1234567890ABCDEF&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
 
Error: 50
 
Error: (04/19/2015 07:20:57 PM) (Source: Casper SmartSense) (EventID: 1010) (User: NT AUTHORITY)
Description: No active user detected for \\?\USBSTOR#Disk&Ven_ZXID&Prod_USB_Storage_FFF1&Rev_2.31#1234567890ABCDEF&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
 
Error: 50
 
 
System errors:
=============
Error: (05/06/2015 00:25:20 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/06/2015 10:56:28 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/06/2015 10:55:46 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/06/2015 10:53:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RHDISK_AMD64 service failed to start due to the following error: 
%%3
 
Error: (05/06/2015 10:04:22 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/06/2015 10:03:26 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/06/2015 10:00:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RHDISK_AMD64 service failed to start due to the following error: 
%%3
 
Error: (05/06/2015 08:46:32 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/06/2015 07:35:19 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (05/05/2015 09:42:25 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
 
Microsoft Office Sessions:
=========================
Error: (01/01/2015 07:27:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/13/2010 00:20:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3097 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/30/2010 03:48:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11124 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-10 19:18:15.326
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-10 19:18:15.233
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-10 18:52:14.393
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-10 18:52:14.315
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-09 13:21:56.200
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-09 13:21:56.106
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-09 09:09:24.960
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-09 09:09:24.866
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-08 19:41:27.610
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-08 19:41:27.517
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 66%
Total physical RAM: 4025.98 MB
Available physical RAM: 1330.86 MB
Total Pagefile: 8050.14 MB
Available Pagefile: 5088.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Toshiba) (Fixed) (Total:285.95 GB) (Free:6.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (SYSTEM RESERVED) (Fixed) (Total:0.13 GB) (Free:0.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 27560AF5)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Not Active) - (Size=133 MB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=286 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

--------------end of addition.txt------------------------


  • 0

#8
m3110w

m3110w

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

OK, I just created a Restore Point and then ran ADWCleaner. I had it clean everything it found and there appeared to be no problems after the reboot. Very nice. I was nervous ADWCleaner would delete something that was important.


Edited by m3110w, 06 May 2015 - 06:59 AM.

  • 0

#9
m3110w

m3110w

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Should I run FRST again after running ADWCleaner?


  • 0

#10
m3110w

m3110w

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Ahhh! Success! I just ran a Malwarebytes Free Version Threat Scan and it didn't find anything! (In the past it always found suptab.a.) Looks like ADWCleaner got rid of suptab.a. Cool. That means suptab.a is gone which was my main goal. Very nice. However, I'm happy to have you continue to guide me through the next steps if you feel it will be helpful for my computer. Let me know. Thanks!


Edited by m3110w, 06 May 2015 - 07:00 AM.

  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-321482684-1703469-3941775667-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 8.0.400.26) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll No File
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S2 RHDISK_AMD64; \??\C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
2015-04-07 10:07 - 2015-04-07 10:07 - 00000000 ____D () C:\Users\Advait\mobogenieP2sp
2015-04-07 09:03 - 2015-04-07 10:09 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Mobogenie
2015-04-07 08:03 - 2015-04-07 08:04 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Roaming\Mobogenie
2015-04-07 10:07 - 2015-04-07 10:07 - 00000000 ____D () C:\Users\Advait\mobogenieP2sp
2015-04-07 09:03 - 2015-04-07 10:09 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Mobogenie
2015-04-07 08:03 - 2015-04-07 08:04 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Roaming\Mobogenie
2015-04-07 08:02 - 2015-04-07 10:13 - 00000000 ____D () C:\Users\Admin 2 for switch\Documents\Mobogenie
2015-04-07 08:02 - 2015-04-07 10:13 - 00000000 ____D () C:\Program Files (x86)\Mobogenie3
C:\Users\Advait\IP_Log_Data.js
C:\Users\Advait\Network_Meter_Data.js
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION   
CMD: ipconfig /flushdns
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location) or the location that farber scanner is located.
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Post the Fixlog.txt. That log will be automatically saved to the desktop when the fix has finished
  • 0

#12
m3110w

m3110w

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

OK, thanks. I saved the txt file. I'll run frst64 right after I do a full disk image backup.

 

I'm a little nervous running this code on my computer but hopefully it won't create any problems. Thanks,


  • 0

#13
m3110w

m3110w

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

OK, I followed your instructions, ran frst64 and here is the result. I'm always in Standard User account. Should I re-run the code with Admin privileges? Anything interesting? Any problems remaining? Thanks! Kind Regards,

 

-----------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Advait at 2015-05-07 14:39:09 Run:1
Running from C:\Users\Advait\Documents\Farbar FRST scanner
Loaded Profiles: Advait (Available profiles: Advait & Standard User Accoun & Admin 2 for switch)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-321482684-1703469-3941775667-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 8.0.400.26) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 8 U40) - C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll No File
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S2 RHDISK_AMD64; \??\C:\Program Files (x86)\Rohos\RHDISK_AMD64.SYS [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
2015-04-07 10:07 - 2015-04-07 10:07 - 00000000 ____D () C:\Users\Advait\mobogenieP2sp
2015-04-07 09:03 - 2015-04-07 10:09 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Mobogenie
2015-04-07 08:03 - 2015-04-07 08:04 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Roaming\Mobogenie
2015-04-07 10:07 - 2015-04-07 10:07 - 00000000 ____D () C:\Users\Advait\mobogenieP2sp
2015-04-07 09:03 - 2015-04-07 10:09 - 00000000 ____D () C:\Users\Advait\AppData\Roaming\Mobogenie
2015-04-07 08:03 - 2015-04-07 08:04 - 00000000 ____D () C:\Users\Admin 2 for switch\AppData\Roaming\Mobogenie
2015-04-07 08:02 - 2015-04-07 10:13 - 00000000 ____D () C:\Users\Admin 2 for switch\Documents\Mobogenie
2015-04-07 08:02 - 2015-04-07 10:13 - 00000000 ____D () C:\Program Files (x86)\Mobogenie3
C:\Users\Advait\IP_Log_Data.js
C:\Users\Advait\Network_Meter_Data.js
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION   
CMD: ipconfig /flushdns
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value could not be deleted.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
HKLM\SOFTWARE\Policies\Google => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Error setting value.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key could not be deleted. Access denied.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value not found.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. 
HKU\S-1-5-21-321482684-1703469-3941775667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf => Key could not be deleted. Access denied.
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\internal-nacl-plugin No File not found.
C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\pdf.dll not found.
C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll not found.
C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll not found.
ew_hwusbdev => Error deleting Service
ew_usbenumfilter => Error deleting Service
huawei_cdcacm => Error deleting Service
huawei_enumerator => Error deleting Service
huawei_ext_ctrl => Error deleting Service
huawei_wwanecm => Error deleting Service
NLNdisMP => Error deleting Service
NLNdisPT => Error deleting Service
RHDISK_AMD64 => Error deleting Service
VMnetAdapter => Error deleting Service
"C:\Users\Advait\mobogenieP2sp" => File/Directory not found.
"C:\Users\Advait\AppData\Roaming\Mobogenie" => File/Directory not found.
"C:\Users\Admin 2 for switch\AppData\Roaming\Mobogenie" => File/Directory not found.
"C:\Users\Advait\mobogenieP2sp" => File/Directory not found.
"C:\Users\Advait\AppData\Roaming\Mobogenie" => File/Directory not found.
"C:\Users\Admin 2 for switch\AppData\Roaming\Mobogenie" => File/Directory not found.
"C:\Users\Admin 2 for switch\Documents\Mobogenie" => File/Directory not found.
"C:\Program Files (x86)\Mobogenie3" => File/Directory not found.
C:\Users\Advait\IP_Log_Data.js => Moved successfully.
C:\Users\Advait\Network_Meter_Data.js => Moved successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 3.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:41:28 ====

 

-------------------------


  • 0

#14
m3110w

m3110w

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I just looked at the free space on my hard drive. Wow! Looks like ADWCleaner and FRST removed a total of about 10GB or more of junk files. Wow. I had no idea I had that much junk files on my computer. Nice to have all that free space back.


Edited by m3110w, 07 May 2015 - 03:49 AM.

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Can you post a Malwarebytes log.

Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP