Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AntiVirus doesn't start [Solved]

AntiVirus

  • This topic is locked This topic is locked

#1
davidhoho

davidhoho

    Member

  • Member
  • PipPip
  • 13 posts

Hi! I need help!

My antivirus doesn't wanna start! I have a virus and I don't know how to fix it.

I have Win7 Home Premium x64 with Microsoft Security Essentials and Avira

 

I read other thread and try to scan with FRST

My logs are attached. thanks.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by David (administrator) on DAVIDHOHO on 01-07-2015 16:37:21
Running from C:\Users\David\Desktop
Loaded Profiles: David & MSSQLFDLauncher$SQL2012 & MSOLAP$SQL2012 & ReportServer$SQL2012 & MSSQL$SQL2012 (Available Profiles: David & MsDtsServer110 & MSSQLFDLauncher$SQL2012 & MSOLAP$SQL2012 & ReportServer$SQL2012 & MSSQL$SQL2012)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Distressed Stretch\Distressed Stretch.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe
() C:\xampp\mysql\bin\mysqld.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.SQL2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Users\David\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\vsjitdebugger.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-30] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [13491224 2015-06-10] (LINE Corporation)
HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3417496 2011-08-31] (Tonec Inc.)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d.lnk [2015-06-10]
ShortcutTarget: d.lnk -> C:\Users\David\AppData\Roaming\obfavqufsr.exe (Kareo)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2011-05-30] (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...54HA397EHA397EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...54HA397EHA397EX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga...q={searchTerms}
HKU\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga...54HA397EHA397EX
HKU\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certif...72E0943B8A17&q=
HKU\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...72E0943B8A17&q=
HKU\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...72E0943B8A17&q=
HKU\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol...913_m1&tsp=5015
HKU\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....g}&sourceid=ie7
HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....q={searchTerms}
HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....q={searchTerms}
HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....q={searchTerms}
HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....q={searchTerms}
HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://id.search.yah...psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certif...q={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certif...q={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://id.search.yah...psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=ID&unqvl=85
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/we...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/we...q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.certif...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol...913_m1&tsp=5015
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {3404FA74-44BB-4A17-9B45-9A467874A7C1} URL = http://websearch.ask...14-9DCFE39C47A5
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/we...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.certif...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://id.search.yah...psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.coo...&cc=ID&unqvl=85
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://id.search.yah...psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://id.search.yah...psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://id.search.yah...psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://id.search.yah...psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
BHO: AllSSaver -> {6DFF934C-265E-4EDF-BCEC-850E2635CE03} -> C:\Program Files (x86)\AllSSaver\d8ZBQjp28K3NKh.x64.dll [2015-06-29] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{075D9B8C-0025-4FC3-B6CF-A58F1C996B6E}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1B86BCA7-6621-4E16-9860-B4B15399D217}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CBC345F-5772-44D4-B02F-07018B0000FF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{356C5CBD-3163-44AE-A8D8-E98B1DF5B446}: [NameServer] 10.0.28.18 10.0.28.3
Tcpip\..\Interfaces\{521BB429-17C4-4E6C-BE52-42869AC3D700}: [NameServer] 10.0.28.18 10.0.28.3
Tcpip\..\Interfaces\{7DE099D1-FF3E-4FE4-AADC-4C14A4C2ABF0}: [NameServer] 192.168.130.28 0.0.0.0
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-15] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1685673173-357443733-221515080-1000: LWAPlugin15.8 -> C:\Users\David\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2014-11-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2014-11-13] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\key-find.xml [2014-12-02]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml [2014-11-12]
FF Extension: Ant Video Downloader - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\Extensions\[email protected] [2015-05-29]
FF Extension: Download YouTube Videos as MP4 - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-05-18]
FF Extension: Adblock Edge - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-06-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qml7zgsc.default-1403588290950\extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\qml7zgsc.default-1403588290950\extensions\[email protected]
FF HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\David\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\David\AppData\Roaming\IDM\idmmzcc5 [2014-08-08]
FF HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\David\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-30]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-30]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (Speedial) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2015-01-30]
CHR Extension: (The Latest Versions of Google ) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibclkcoilbnbnppanidhimphmfbjaab [2015-04-10]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-30]
CHR Extension: (Taskforce) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc [2015-06-02]
CHR Extension: (IDM Integration Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Security Protection) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-01-30]
CHR Extension: (Vosteran New Tab) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-01-30]
CHR Extension: (Blocksi Web Filter) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmjaihnmedpcdkjcgigocogcbffgkbn [2015-06-29]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-02]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-1685673173-357443733-221515080-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-1685673173-357443733-221515080-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\David\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-02]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
U2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
U2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
U2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2014-07-17] (Apache Software Foundation) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [217280 2015-06-02] (Avira Operations GmbH & Co. KG)
R2 Distressed Stretch; C:\Program Files (x86)\Distressed Stretch\Distressed Stretch.exe [8016413 2015-06-17] () [File not signed] <==== ATTENTION
S2 FileZilla Server; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-10] (WildTangent)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-19] (Realsil Microelectronics Inc.) [File not signed]
S2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218040 2012-06-12] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSOLAP$SQL2012; C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
R2 MSSQL$SQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [11021824 2014-09-11] () [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-01] ()
R2 ReportServer$SQL2012; C:\Program Files\Microsoft SQL Server\MSRS11.SQL2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348632 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S3 SQLAgent$SQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation)
R2 VSSS; C:\Users\David\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [98107264 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [426160 2015-05-04] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 plkusbser; C:\Windows\System32\DRIVERS\plkusbser.sys [113664 2008-01-23] (QUALCOMM Incorporated)
R1 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R1 {3b232d24-d5de-4194-b4d7-d53b41a09748}w64; C:\Windows\System32\drivers\{3b232d24-d5de-4194-b4d7-d53b41a09748}w64.sys [61120 2014-04-24] (StdLib)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}w64; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys [61120 2014-09-08] (StdLib)
R1 {ecd6aae4-019c-44b2-a0e5-570904275d66}w64; C:\Windows\System32\drivers\{ecd6aae4-019c-44b2-a0e5-570904275d66}w64.sys [48792 2015-01-16] (StdLib)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 esyvrrjc; \??\C:\Windows\system32\drivers\esyvrrjc.sys [X]
S3 hxsyol; \??\C:\GAMES\AuraKingdom\avital\hxsy64.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S1 kvbqyqvg; \??\C:\Windows\system32\drivers\kvbqyqvg.sys [X]
S1 ojqlethn; \??\C:\Windows\system32\drivers\ojqlethn.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Spring64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 16:37 - 2015-07-01 16:38 - 00039829 _____ C:\Users\David\Desktop\FRST.txt
2015-07-01 16:37 - 2015-07-01 16:37 - 00000000 ____D C:\FRST
2015-07-01 16:35 - 2015-07-01 16:36 - 02112512 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-07-01 16:35 - 2015-07-01 16:36 - 01636352 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
2015-07-01 16:23 - 2015-07-01 16:22 - 00960000 _____ C:\Users\David\Desktop\xigncode.log
2015-07-01 16:17 - 2015-07-01 16:21 - 00000000 _____ C:\dfu.log
2015-07-01 10:08 - 2015-07-01 10:12 - 00013511 _____ C:\Users\David\Documents\Juli.xlsx
2015-07-01 09:26 - 2015-07-01 09:26 - 01415680 _____ (wj32) C:\Program Files\KU159DKS.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 01415680 _____ (wj32) C:\Program Files\ZSZ37BIW.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 01415680 _____ (wj32) C:\Program Files\OSZ3W07L.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 01415680 _____ (wj32) C:\Program Files\IS0AKUSN.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 01415680 _____ (wj32) C:\Program Files\G5JKCH95.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 01415680 _____ (wj32) C:\Program Files\4BFJNJNF.exe
2015-06-30 15:21 - 2015-07-01 01:14 - 00036864 _____ C:\Users\David\Desktop\SE Rev1.xls
2015-06-30 11:56 - 2015-06-30 11:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Avira
2015-06-30 11:53 - 2015-06-16 09:36 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-30 11:53 - 2015-06-16 09:36 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-30 11:53 - 2015-06-16 09:36 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-06-30 11:53 - 2015-06-16 09:36 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-06-30 11:49 - 2015-06-30 11:49 - 00001148 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-30 11:48 - 2015-06-30 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-30 11:48 - 2015-06-30 11:53 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-30 11:48 - 2015-06-30 11:48 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-30 10:52 - 2015-06-30 10:52 - 01415680 _____ (wj32) C:\Program Files\JW6GK3DN.exe
2015-06-30 10:52 - 2015-06-30 10:52 - 01415680 _____ (wj32) C:\Program Files\9DHLSLPT.exe
2015-06-30 10:52 - 2015-06-30 10:52 - 01415680 _____ (wj32) C:\Program Files\7BF8FJNR.exe
2015-06-29 21:39 - 2015-06-29 21:39 - 00000775 _____ C:\Users\David\Desktop\kisi2 CB.txt
2015-06-29 12:00 - 2015-06-29 12:00 - 00000000 _____ C:\Users\David\AppData\Local\Temp.dat
2015-06-29 11:44 - 2015-07-01 00:59 - 00000000 ____D C:\Program Files (x86)\Blocksi Web Filter
2015-06-29 11:44 - 2015-07-01 00:59 - 00000000 ____D C:\Program Files (x86)\AllSaVer
2015-06-29 11:44 - 2015-06-30 12:05 - 00000000 ____D C:\Program Files (x86)\AllSSaver
2015-06-29 11:06 - 2015-06-29 11:06 - 01415680 _____ (wj32) C:\Program Files\OSWSW07W.exe
2015-06-29 11:06 - 2015-06-29 11:06 - 01415680 _____ (wj32) C:\Program Files\8IS2FPZX.exe
2015-06-28 17:10 - 2015-06-28 17:10 - 01415680 _____ (wj32) C:\Program Files\OSW3737F.exe
2015-06-28 17:09 - 2015-06-28 17:09 - 01415680 _____ (wj32) C:\Program Files\SWPW048J.exe
2015-06-28 17:09 - 2015-06-28 17:09 - 01415680 _____ (wj32) C:\Program Files\E7BIMKU5.exe
2015-06-27 15:33 - 2015-06-27 15:35 - 00000000 ____D C:\Windows\rescache
2015-06-27 12:59 - 2015-06-27 12:59 - 01415680 _____ (wj32) C:\Program Files\OKOSW37O.exe
2015-06-27 12:58 - 2015-06-27 12:58 - 01415680 _____ (wj32) C:\Program Files\EOYBLV5Y.exe
2015-06-27 01:05 - 2015-06-30 22:28 - 00008832 _____ C:\Users\David\Desktop\Book1.xlsx
2015-06-26 17:28 - 2015-06-26 17:28 - 01415680 _____ (wj32) C:\Program Files\XVIG83K6.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 01415680 _____ (wj32) C:\Program Files\UY5959D5.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 01415680 _____ (wj32) C:\Program Files\26A3AEIA.exe
2015-06-26 11:47 - 2015-06-26 11:47 - 00001456 _____ C:\Users\David\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-26 09:24 - 2015-06-26 09:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-26 09:24 - 2015-06-26 09:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-26 02:12 - 2012-02-11 15:43 - 00253016 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL
2015-06-25 11:39 - 2015-06-25 11:39 - 01415680 _____ (wj32) C:\Program Files\R1BOY8IV.exe
2015-06-25 11:38 - 2015-06-25 11:38 - 01415680 _____ (wj32) C:\Program Files\6AELEIMT.exe
2015-06-25 11:26 - 2015-06-25 11:26 - 01415680 _____ (wj32) C:\Program Files\LPTPTX12.exe
2015-06-25 11:26 - 2015-06-25 11:26 - 01415680 _____ (wj32) C:\Program Files\9MW6G2PN.exe
2015-06-25 11:25 - 2015-06-25 11:25 - 01415680 _____ (wj32) C:\Program Files\HLSW6Z6E.exe
2015-06-25 11:00 - 2015-04-18 10:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-25 11:00 - 2015-04-18 09:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-25 10:59 - 2015-05-26 01:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-25 10:59 - 2015-05-26 01:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-25 10:59 - 2015-05-26 01:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-25 10:59 - 2015-05-26 01:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-25 10:59 - 2015-05-26 01:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-25 10:59 - 2015-05-26 01:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-25 10:59 - 2015-05-26 01:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-25 10:59 - 2015-05-26 01:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-25 10:59 - 2015-05-26 01:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-25 10:59 - 2015-05-26 00:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-25 10:59 - 2015-05-26 00:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-25 10:59 - 2015-05-26 00:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-25 10:59 - 2015-05-26 00:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-25 10:59 - 2015-05-26 00:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-25 10:59 - 2015-05-26 00:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-25 10:59 - 2015-05-25 23:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-25 10:59 - 2015-05-25 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-25 10:59 - 2015-05-25 23:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-25 10:59 - 2015-05-25 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-25 10:59 - 2015-05-25 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-25 10:59 - 2015-05-25 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-25 10:59 - 2015-04-30 01:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-25 10:59 - 2015-04-30 01:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-25 10:59 - 2015-04-30 01:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-25 10:59 - 2015-04-30 01:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-25 10:59 - 2015-04-30 01:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-25 10:59 - 2015-04-30 01:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-25 10:59 - 2015-04-30 01:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-25 10:59 - 2015-04-30 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-25 10:59 - 2015-04-30 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-25 10:59 - 2015-04-30 01:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-25 10:45 - 2015-06-25 10:45 - 01415680 _____ (wj32) C:\Program Files\IMTX15C2.exe
2015-06-25 10:44 - 2015-06-25 10:44 - 01415680 _____ (wj32) C:\Program Files\W3AHLHOD.exe
2015-06-25 10:38 - 2015-06-25 10:38 - 01415680 _____ (wj32) C:\Program Files\SW3704BM.exe
2015-06-25 07:40 - 2015-05-01 20:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-25 07:40 - 2015-05-01 20:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-25 07:13 - 2015-01-09 10:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-25 07:13 - 2015-01-09 10:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-25 07:13 - 2015-01-09 10:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-25 07:13 - 2015-01-09 09:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-06-25 06:38 - 2015-04-13 10:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-25 06:37 - 2015-05-23 01:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-25 06:37 - 2015-05-23 01:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-25 06:37 - 2015-05-21 20:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-25 06:37 - 2015-01-28 06:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-06-25 06:36 - 2015-04-25 01:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-25 06:36 - 2015-04-25 00:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-25 06:36 - 2015-04-20 10:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-25 06:36 - 2015-04-20 10:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-25 06:36 - 2015-04-20 09:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-25 06:36 - 2015-04-08 10:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-25 06:36 - 2015-04-08 10:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-25 06:36 - 2015-03-25 10:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-25 06:36 - 2015-03-25 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-25 06:36 - 2015-03-25 10:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-25 06:36 - 2015-03-25 10:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-25 06:36 - 2015-03-10 10:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-25 06:36 - 2015-03-10 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-25 06:36 - 2015-03-10 10:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-06-25 06:36 - 2015-03-10 10:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-06-25 06:36 - 2015-03-05 12:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-25 06:36 - 2015-03-05 11:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-06-25 06:36 - 2015-01-29 10:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-25 06:36 - 2015-01-29 10:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-25 06:36 - 2012-06-01 12:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-06-25 06:36 - 2012-06-01 12:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-06-25 06:36 - 2012-06-01 12:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-06-25 06:36 - 2012-06-01 12:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-06-25 06:36 - 2012-06-01 12:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-06-25 06:36 - 2012-06-01 12:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-06-25 06:36 - 2012-06-01 11:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-06-25 06:36 - 2012-06-01 11:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-06-25 06:36 - 2012-06-01 11:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-06-25 06:36 - 2012-06-01 11:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-06-25 06:36 - 2012-06-01 11:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-06-25 06:36 - 2012-06-01 11:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-06-25 06:35 - 2015-05-26 00:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-25 06:34 - 2015-05-31 08:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-25 06:34 - 2015-05-31 07:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-25 06:34 - 2015-05-31 07:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-25 06:34 - 2015-05-31 07:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-25 06:34 - 2015-05-31 07:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-25 06:34 - 2015-05-31 07:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-25 06:34 - 2015-05-31 07:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-25 06:34 - 2015-05-31 07:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-25 06:34 - 2015-05-31 07:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-25 06:34 - 2015-05-31 07:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-25 06:34 - 2015-05-31 07:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-25 06:34 - 2015-05-31 06:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-25 06:34 - 2015-05-31 06:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-25 06:34 - 2015-05-31 06:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-25 06:34 - 2015-05-31 06:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-25 06:34 - 2015-05-31 06:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-25 06:34 - 2015-05-31 06:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-25 06:34 - 2015-05-31 06:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-25 06:34 - 2015-05-31 06:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-25 06:34 - 2015-05-31 06:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-25 06:34 - 2015-05-31 06:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-25 06:34 - 2015-05-31 06:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-25 06:34 - 2015-05-31 06:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-25 06:34 - 2015-05-31 06:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-25 06:34 - 2015-05-31 06:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-25 06:34 - 2015-04-11 10:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-25 06:34 - 2015-02-25 10:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-25 06:34 - 2015-02-18 14:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-06-25 06:34 - 2015-02-18 14:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-25 06:32 - 2015-03-04 11:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-25 06:32 - 2015-03-04 11:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-25 06:32 - 2015-03-04 11:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-25 06:32 - 2015-03-04 11:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-25 06:32 - 2015-03-04 11:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-25 06:32 - 2015-03-04 11:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-25 06:32 - 2015-03-04 11:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-06-25 06:32 - 2015-03-04 11:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-06-25 06:32 - 2015-03-04 11:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-25 06:32 - 2015-03-04 11:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-25 06:04 - 2015-06-25 06:04 - 00002976 _____ C:\Windows\System32\Tasks\{96B35852-3F50-4A28-A954-B03FCA8218EC}
2015-06-25 06:02 - 2015-06-25 06:02 - 00002117 _____ C:\Users\David\Desktop\Microsoft Security Essentials.lnk
2015-06-25 06:00 - 2015-06-25 06:00 - 01415680 _____ (wj32) C:\Program Files\SHPK3KC5.exe
2015-06-25 06:00 - 2015-06-25 06:00 - 01415680 _____ (wj32) C:\Program Files\JNRY26AR.exe
2015-06-25 06:00 - 2015-06-25 06:00 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-25 06:00 - 2015-06-25 06:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-25 06:00 - 2015-06-25 06:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-25 05:32 - 2015-06-25 05:32 - 01415680 _____ (wj32) C:\Program Files\X2IH05I5.exe
2015-06-25 05:32 - 2015-06-25 05:32 - 01415680 _____ (wj32) C:\Program Files\FMKU159K.exe
2015-06-25 05:31 - 2015-06-25 05:31 - 01415680 _____ (wj32) C:\Program Files\CG9DKOGU.exe
2015-06-25 05:30 - 2015-06-25 05:30 - 01415680 _____ (wj32) C:\Program Files\AZIKFNFG.exe
2015-06-25 05:30 - 2015-06-25 05:30 - 01415680 _____ (wj32) C:\Program Files\48CJNRK9.exe
2015-06-25 05:27 - 2015-06-25 05:27 - 01415680 _____ (wj32) C:\Program Files\4818CJNM.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\OVZ3737T.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\L15AEUNF.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\BOK9PO4D.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\9VONCHCP.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\9GKOSZ3K.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\6BLV8IV0.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\5Y59DHO2.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\59DKOSLJ.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\3GK0ANXV.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 01415680 _____ (wj32) C:\Program Files\HR1BJT3Y.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 01415680 _____ (wj32) C:\Program Files\ER12159T.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 01415680 _____ (wj32) C:\Program Files\BLV8IS20.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 01415680 _____ (wj32) C:\Program Files\8LV8IS2S.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 01415680 _____ (wj32) C:\Program Files\VRVZ3AES.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 01415680 _____ (wj32) C:\Program Files\3W04BFJ6.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 01415680 _____ (wj32) C:\Program Files\15929AHP.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 01415680 _____ (wj32) C:\Program Files\LV8ISXAK.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 01415680 _____ (wj32) C:\Program Files\EIMKX15Y.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 01415680 _____ (wj32) C:\Program Files\CGKRKOS3.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 01415680 _____ (wj32) C:\Program Files\8CGCGKO5.exe
2015-06-24 09:48 - 2015-06-24 09:48 - 01415680 _____ (wj32) C:\Program Files\KLJH4WCB.exe
2015-06-24 09:47 - 2015-06-24 09:47 - 01415680 _____ (wj32) C:\Program Files\HR1EOY8L.exe
2015-06-23 15:11 - 2015-06-23 15:11 - 01415680 _____ (wj32) C:\Program Files\CMW6JT31.exe
2015-06-17 11:33 - 2015-06-17 11:33 - 00000000 ____D C:\Program Files (x86)\Distressed Stretch
2015-06-15 10:44 - 2015-07-01 00:59 - 00000000 ____D C:\Program Files (x86)\NetoCOUpaon
2015-06-15 10:44 - 2015-07-01 00:59 - 00000000 ____D C:\Program Files (x86)\NetioCoupon
2015-06-15 10:44 - 2015-06-15 10:44 - 00000000 ____D C:\Program Files (x86)\Color Icons for
2015-06-14 18:04 - 2015-06-28 21:08 - 00000000 ____D C:\Users\David\Desktop\uas
2015-06-14 00:28 - 2015-06-14 00:28 - 00000000 ____D C:\Users\David\AppData\Local\{5152806D-364E-452C-BE54-B0C625AAB4C7}
2015-06-10 23:06 - 2015-06-10 23:06 - 75165696 __RSH (Kareo) C:\Users\David\AppData\Roaming\obfavqufsr.exe
2015-06-10 15:44 - 2015-06-10 15:44 - 00000000 ____D C:\Users\David\AppData\Local\{0D56AB00-84F1-4EC6-B9B8-AB9BB0AF8881}
2015-06-05 17:29 - 2015-06-28 20:41 - 00000024 _____ C:\Users\David\AppData\Roaming\appdataFr25.bin
2015-06-04 16:02 - 2015-06-05 23:26 - 00000188 _____ C:\Users\David\.packettracer
2015-06-04 16:02 - 2015-06-04 16:03 - 00000000 ____D C:\Users\David\Cisco Packet Tracer 6.2sv
2015-06-04 16:00 - 2015-06-04 16:00 - 00001205 _____ C:\Users\David\Desktop\Cisco Packet Tracer Student.lnk
2015-06-04 16:00 - 2015-06-04 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer Student
2015-06-04 16:00 - 2015-06-04 16:00 - 00000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 6.2sv
2015-06-01 20:55 - 2015-07-01 10:08 - 00014870 _____ C:\Users\David\Documents\Juni.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 16:38 - 2009-07-14 11:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 16:38 - 2009-07-14 11:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 16:00 - 2013-09-02 08:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 15:57 - 2014-06-17 10:57 - 00000292 _____ C:\Windows\Tasks\Speedial.job
2015-07-01 15:53 - 2015-01-30 12:37 - 00001012 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 09:32 - 2015-01-14 23:04 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2015-07-01 09:26 - 2015-03-11 09:04 - 00002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2015-07-01 09:26 - 2015-01-06 20:24 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2015-07-01 09:26 - 2015-01-06 20:24 - 00000200 _____ C:\Windows\Tasks\AutoKMS.job
2015-07-01 09:26 - 2015-01-06 20:23 - 00078848 _____ C:\Windows\KMSEmulator.exe
2015-07-01 09:26 - 2014-07-05 10:47 - 00099969 _____ C:\Windows\AutoKMS.log
2015-07-01 09:24 - 2015-01-30 12:37 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 09:23 - 2014-07-03 19:56 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-01 09:21 - 2014-06-25 08:23 - 00186092 _____ C:\Windows\PFRO.log
2015-07-01 09:21 - 2014-06-18 18:53 - 00084758 _____ C:\Windows\setupact.log
2015-07-01 09:21 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-01 01:36 - 2011-06-23 15:43 - 01252338 _____ C:\Windows\WindowsUpdate.log
2015-07-01 01:35 - 2013-03-07 15:41 - 00000000 ____D C:\Users\David\AppData\Roaming\DMCache
2015-07-01 00:59 - 2015-04-08 13:41 - 00000000 ____D C:\ProgramData\Extreme Blocker
2015-07-01 00:59 - 2015-04-03 19:51 - 00000000 ____D C:\Program Files (x86)\Ciuvo Price Comparison
2015-07-01 00:59 - 2015-04-03 19:42 - 00000000 ____D C:\Program Files (x86)\SalePluus
2015-07-01 00:59 - 2015-04-03 19:41 - 00000000 ____D C:\ProgramData\{a5ad44da-0da2-14b8-a5ad-d44da0da1368}
2015-07-01 00:59 - 2014-12-02 15:28 - 00000000 ____D C:\Program Files (x86)\WinZipper
2015-06-30 14:23 - 2015-04-09 20:10 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDavid
2015-06-30 14:23 - 2015-04-09 20:10 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForDavid.job
2015-06-30 12:04 - 2015-04-03 19:53 - 00000000 ____D C:\Program Files (x86)\keepsbrowse
2015-06-30 11:57 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\tracing
2015-06-30 11:53 - 2013-03-11 11:19 - 00000000 ____D C:\ProgramData\Avira
2015-06-29 11:44 - 2015-04-03 19:42 - 00000000 ____D C:\ProgramData\8512343586972888826
2015-06-28 17:57 - 2014-06-17 11:57 - 00000196 _____ C:\Users\David\AppData\Roaming\WB.CFG
2015-06-27 14:31 - 2015-01-16 23:48 - 00000000 ____D C:\Users\David\Desktop\3teria
2015-06-27 13:16 - 2009-07-14 12:13 - 01021254 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-27 13:01 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-26 12:09 - 2015-04-10 21:04 - 00000132 _____ C:\Users\David\AppData\Roaming\Adobe PNG Format CC Prefs
2015-06-26 11:47 - 2015-01-14 23:04 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2015-06-26 09:47 - 2015-01-22 16:52 - 00047324 _____ C:\Windows\IE11_main.log
2015-06-26 02:48 - 2015-04-10 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2015-06-26 02:41 - 2013-03-03 15:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-26 02:40 - 2013-04-17 18:07 - 01007166 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-26 02:40 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-06-26 02:17 - 2013-09-06 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2015-06-26 02:03 - 2015-03-18 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-06-26 02:03 - 2015-03-18 12:05 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-25 14:28 - 2013-03-21 18:19 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-06-25 11:34 - 2013-03-07 19:34 - 00000000 ____D C:\Windows\pss
2015-06-25 10:45 - 2015-04-11 23:41 - 00022316 _____ C:\Windows\iis7.log
2015-06-25 10:43 - 2009-07-14 11:45 - 05143096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-25 10:39 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-06-25 10:39 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-25 10:39 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-25 07:39 - 2015-01-22 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-25 07:38 - 2015-01-22 00:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-25 07:38 - 2015-01-22 00:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-25 06:00 - 2014-01-05 08:37 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-24 11:00 - 2013-09-02 08:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 11:00 - 2013-03-03 13:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 11:00 - 2013-03-03 13:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 22:40 - 2013-03-06 14:06 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2015-06-23 06:55 - 2015-01-30 12:40 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 21:28 - 2015-04-10 18:05 - 00000000 ____D C:\Users\MSSQLFDLauncher$SQL2012
2015-06-21 16:46 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-14 09:03 - 2015-04-10 18:06 - 00000000 ____D C:\Users\MsDtsServer110
2015-06-14 03:02 - 2014-06-10 23:43 - 00000000 ____D C:\Users\David\AppData\Local\Windows Live
2015-06-13 14:14 - 2015-05-30 20:51 - 00000000 ____D C:\Users\David\Desktop\infinity challenge duet songs
2015-06-11 22:51 - 2013-05-31 18:31 - 00000000 ____D C:\Users\David\AppData\Roaming\IDM
2015-06-11 15:47 - 2014-02-04 01:17 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-06-11 15:47 - 2014-02-04 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-06-08 09:51 - 2013-08-09 12:41 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
2015-06-07 01:06 - 2015-05-25 20:48 - 00001166 _____ C:\Users\David\Desktop\IC.txt
2015-06-06 10:46 - 2014-02-08 22:03 - 00000000 ____D C:\Users\David\Desktop\BNMC
2015-06-05 11:48 - 2013-03-03 13:01 - 00111288 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-04 20:29 - 2015-04-10 18:04 - 00000000 ____D C:\Users\David\Documents\SQL Server Management Studio
2015-06-04 16:02 - 2013-03-03 12:57 - 00000000 ____D C:\Users\David
2015-06-02 11:09 - 2015-03-27 12:22 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-06-01 20:55 - 2015-05-02 16:57 - 00015216 _____ C:\Users\David\Documents\Mei.xlsx
2015-06-01 17:07 - 2013-09-06 20:20 - 00000000 ____D C:\Users\David\Documents\Visual Studio 2010

==================== Files in the root of some directories =======

2015-06-25 05:20 - 2015-06-25 05:20 - 1415680 _____ (wj32) C:\Program Files\15929AHP.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 1415680 _____ (wj32) C:\Program Files\26A3AEIA.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\3GK0ANXV.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 1415680 _____ (wj32) C:\Program Files\3W04BFJ6.exe
2015-06-25 05:27 - 2015-06-25 05:27 - 1415680 _____ (wj32) C:\Program Files\4818CJNM.exe
2015-06-25 05:30 - 2015-06-25 05:30 - 1415680 _____ (wj32) C:\Program Files\48CJNRK9.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 1415680 _____ (wj32) C:\Program Files\4BFJNJNF.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\59DKOSLJ.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\5Y59DHO2.exe
2015-06-25 11:38 - 2015-06-25 11:38 - 1415680 _____ (wj32) C:\Program Files\6AELEIMT.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\6BLV8IV0.exe
2015-06-30 10:52 - 2015-06-30 10:52 - 1415680 _____ (wj32) C:\Program Files\7BF8FJNR.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 1415680 _____ (wj32) C:\Program Files\8CGCGKO5.exe
2015-06-29 11:06 - 2015-06-29 11:06 - 1415680 _____ (wj32) C:\Program Files\8IS2FPZX.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 1415680 _____ (wj32) C:\Program Files\8LV8IS2S.exe
2015-06-30 10:52 - 2015-06-30 10:52 - 1415680 _____ (wj32) C:\Program Files\9DHLSLPT.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\9GKOSZ3K.exe
2015-06-25 11:26 - 2015-06-25 11:26 - 1415680 _____ (wj32) C:\Program Files\9MW6G2PN.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\9VONCHCP.exe
2015-06-25 05:30 - 2015-06-25 05:30 - 1415680 _____ (wj32) C:\Program Files\AZIKFNFG.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 1415680 _____ (wj32) C:\Program Files\BLV8IS20.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\BOK9PO4D.exe
2015-06-25 05:31 - 2015-06-25 05:31 - 1415680 _____ (wj32) C:\Program Files\CG9DKOGU.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 1415680 _____ (wj32) C:\Program Files\CGKRKOS3.exe
2015-06-23 15:11 - 2015-06-23 15:11 - 1415680 _____ (wj32) C:\Program Files\CMW6JT31.exe
2015-06-28 17:09 - 2015-06-28 17:09 - 1415680 _____ (wj32) C:\Program Files\E7BIMKU5.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 1415680 _____ (wj32) C:\Program Files\EIMKX15Y.exe
2015-06-27 12:58 - 2015-06-27 12:58 - 1415680 _____ (wj32) C:\Program Files\EOYBLV5Y.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 1415680 _____ (wj32) C:\Program Files\ER12159T.exe
2015-06-25 05:32 - 2015-06-25 05:32 - 1415680 _____ (wj32) C:\Program Files\FMKU159K.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 1415680 _____ (wj32) C:\Program Files\G5JKCH95.exe
2015-06-25 11:25 - 2015-06-25 11:25 - 1415680 _____ (wj32) C:\Program Files\HLSW6Z6E.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 1415680 _____ (wj32) C:\Program Files\HR1BJT3Y.exe
2015-06-24 09:47 - 2015-06-24 09:47 - 1415680 _____ (wj32) C:\Program Files\HR1EOY8L.exe
2015-06-25 10:45 - 2015-06-25 10:45 - 1415680 _____ (wj32) C:\Program Files\IMTX15C2.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 1415680 _____ (wj32) C:\Program Files\IS0AKUSN.exe
2015-06-25 06:00 - 2015-06-25 06:00 - 1415680 _____ (wj32) C:\Program Files\JNRY26AR.exe
2015-06-30 10:52 - 2015-06-30 10:52 - 1415680 _____ (wj32) C:\Program Files\JW6GK3DN.exe
2015-06-24 09:48 - 2015-06-24 09:48 - 1415680 _____ (wj32) C:\Program Files\KLJH4WCB.exe
2015-07-01 09:26 - 2015-07-01 09:26 - 1415680 _____ (wj32) C:\Program Files\KU159DKS.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\L15AEUNF.exe
2015-06-25 11:26 - 2015-06-25 11:26 - 1415680 _____ (wj32) C:\Program Files\LPTPTX12.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 1415680 _____ (wj32) C:\Program Files\LV8ISXAK.exe
2015-06-27 12:59 - 2015-06-27 12:59 - 1415680 _____ (wj32) C:\Program Files\OKOSW37O.exe
2015-06-28 17:10 - 2015-06-28 17:10 - 1415680 _____ (wj32) C:\Program Files\OSW3737F.exe
2015-06-29 11:06 - 2015-06-29 11:06 - 1415680 _____ (wj32) C:\Program Files\OSWSW07W.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 1415680 _____ (wj32) C:\Program Files\OSZ3W07L.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\OVZ3737T.exe
2015-06-25 11:39 - 2015-06-25 11:39 - 1415680 _____ (wj32) C:\Program Files\R1BOY8IV.exe
2015-06-25 06:00 - 2015-06-25 06:00 - 1415680 _____ (wj32) C:\Program Files\SHPK3KC5.exe
2015-06-25 10:38 - 2015-06-25 10:38 - 1415680 _____ (wj32) C:\Program Files\SW3704BM.exe
2015-06-28 17:09 - 2015-06-28 17:09 - 1415680 _____ (wj32) C:\Program Files\SWPW048J.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 1415680 _____ (wj32) C:\Program Files\UY5959D5.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 1415680 _____ (wj32) C:\Program Files\VRVZ3AES.exe
2015-06-25 10:44 - 2015-06-25 10:44 - 1415680 _____ (wj32) C:\Program Files\W3AHLHOD.exe
2015-06-25 05:32 - 2015-06-25 05:32 - 1415680 _____ (wj32) C:\Program Files\X2IH05I5.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 1415680 _____ (wj32) C:\Program Files\XVIG83K6.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 1415680 _____ (wj32) C:\Program Files\ZSZ37BIW.exe
2014-10-01 21:43 - 2014-04-04 20:55 - 535287324 _____ () C:\Program Files (x86)\adt-bundle-windows-x86_64-20140321.zip
2006-08-14 17:08 - 2006-08-14 17:08 - 1348242 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1079850 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1398718 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1116109 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0917318 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 4163518 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0180021 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0133991 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0087989 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0046898 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1351430 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1078532 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0183863 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0138195 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0088102 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0047018 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0703080 _____ () C:\Program Files (x86)\BDA.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1156363 _____ () C:\Program Files (x86)\BDANT.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0976020 _____ () C:\Program Files (x86)\BDAXP.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1358864 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1080344 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 15493481 _____ () C:\Program Files (x86)\DirectX.cab
2013-04-02 10:44 - 2011-09-30 14:01 - 0746688 _____ () C:\Program Files (x86)\DotaToolKit v3.2d_2.rar
2013-04-02 10:44 - 2011-01-28 19:48 - 0880609 _____ () C:\Program Files (x86)\DotaToolKit.exe
2006-08-14 17:08 - 2006-08-14 17:08 - 0074520 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2006-08-14 17:08 - 2006-08-14 17:08 - 2248984 _____ (Microsoft Corporation) C:\Program Files (x86)\dsetup32.dll
2010-10-18 02:34 - 2013-04-04 08:31 - 0001095 ___SH () C:\Program Files (x86)\DTKConfig.ini
2013-04-02 10:44 - 2010-12-08 19:07 - 0005570 ___SH () C:\Program Files (x86)\DTKItemBuild.ini
2013-04-02 10:44 - 2010-12-08 19:05 - 0007558 ___SH () C:\Program Files (x86)\DTKSkillBuild.ini
2006-08-14 17:08 - 2006-08-14 17:08 - 0041995 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 13265040 _____ () C:\Program Files (x86)\dxnt.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0484632 _____ (Microsoft Corporation) C:\Program Files (x86)\DXSETUP.exe
2006-08-14 17:08 - 2006-08-14 17:08 - 0082338 _____ () C:\Program Files (x86)\dxupdate.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1248387 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1014113 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1363684 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1085608 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0179247 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0133297 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1336890 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1065813 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0181745 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0134631 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0086925 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0046247 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2015-04-10 21:04 - 2015-06-26 12:09 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CC Prefs
2015-06-05 17:29 - 2015-06-28 20:41 - 0000024 _____ () C:\Users\David\AppData\Roaming\appdataFr25.bin
2015-04-09 22:47 - 2015-05-14 10:36 - 0000020 _____ () C:\Users\David\AppData\Roaming\appdataFr3.bin
2015-06-10 23:06 - 2015-06-10 23:06 - 75165696 __RSH (Kareo) C:\Users\David\AppData\Roaming\obfavqufsr.exe
2014-06-17 11:57 - 2015-06-28 17:57 - 0000196 _____ () C:\Users\David\AppData\Roaming\WB.CFG
2015-04-11 00:23 - 2015-04-11 00:24 - 184702896 _____ () C:\Users\David\AppData\Local\ACCCx2_9_1_474.zip.aamdownload
2015-04-11 00:23 - 2015-04-11 00:24 - 0002216 _____ () C:\Users\David\AppData\Local\ACCCx2_9_1_474.zip.aamdownload.aamd
2015-06-26 11:47 - 2015-06-26 11:47 - 0001456 _____ () C:\Users\David\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-16 23:56 - 2015-01-16 23:56 - 0000001 _____ () C:\Users\David\AppData\Local\DSI.DAT
2015-01-16 23:56 - 2015-01-16 23:56 - 0022528 _____ () C:\Users\David\AppData\Local\dsisetup35403172.exe
2013-12-11 17:19 - 2015-05-03 20:17 - 0007601 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2015-04-10 09:50 - 2015-06-12 11:40 - 0004932 _____ () C:\Users\David\AppData\Local\Temp-log.txt
2015-06-29 12:00 - 2015-06-29 12:00 - 0000000 _____ () C:\Users\David\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\David\AppData\Local\Temp\42bb54162217efda71fdf88108e80481.dll
C:\Users\David\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\David\AppData\Local\Temp\avgnt.exe
C:\Users\David\AppData\Local\Temp\cdo1173590977.dll
C:\Users\David\AppData\Local\Temp\cdo1305527100.dll
C:\Users\David\AppData\Local\Temp\cdo1503787821.dll
C:\Users\David\AppData\Local\Temp\cdo1506618427.dll
C:\Users\David\AppData\Local\Temp\cdo1553406804.dll
C:\Users\David\AppData\Local\Temp\cdo2099779554.dll
C:\Users\David\AppData\Local\Temp\cdo2120812858.dll
C:\Users\David\AppData\Local\Temp\cdo2318958718.dll
C:\Users\David\AppData\Local\Temp\cdo2513425846.dll
C:\Users\David\AppData\Local\Temp\cdo2554159057.dll
C:\Users\David\AppData\Local\Temp\cdo258423599.dll
C:\Users\David\AppData\Local\Temp\cdo2670956611.dll
C:\Users\David\AppData\Local\Temp\cdo2674462611.dll
C:\Users\David\AppData\Local\Temp\cdo2727024908.dll
C:\Users\David\AppData\Local\Temp\cdo2731991123.dll
C:\Users\David\AppData\Local\Temp\cdo2833358564.dll
C:\Users\David\AppData\Local\Temp\cdo2970217409.dll
C:\Users\David\AppData\Local\Temp\cdo3035797659.dll
C:\Users\David\AppData\Local\Temp\cdo3304090639.dll
C:\Users\David\AppData\Local\Temp\cdo3340593771.dll
C:\Users\David\AppData\Local\Temp\cdo77378844.dll
C:\Users\David\AppData\Local\Temp\cdo877757230.dll
C:\Users\David\AppData\Local\Temp\cmicname.exe
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbtp45x.dll
C:\Users\David\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\David\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\David\AppData\Local\Temp\Extract.exe
C:\Users\David\AppData\Local\Temp\IrsoDLL.dll
C:\Users\David\AppData\Local\Temp\kdqsceig.dll
C:\Users\David\AppData\Local\Temp\mpam-37520608.exe
C:\Users\David\AppData\Local\Temp\mpam-c22794f4.exe
C:\Users\David\AppData\Local\Temp\mpam-cf73a34f.exe
C:\Users\David\AppData\Local\Temp\qmtuq2yz.dll
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\David\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\David\AppData\Local\Temp\setacl.exe
C:\Users\David\AppData\Local\Temp\SP54714.exe
C:\Users\David\AppData\Local\Temp\SP55031.exe
C:\Users\David\AppData\Local\Temp\SP55152.exe
C:\Users\David\AppData\Local\Temp\SP57965.exe
C:\Users\David\AppData\Local\Temp\sp58915.exe
C:\Users\David\AppData\Local\Temp\SP59202.exe
C:\Users\David\AppData\Local\Temp\tmAss_up.exe
C:\Users\David\AppData\Local\Temp\uttD8AB.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-24 18:51

==================== End of log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by David at 2015-07-01 16:38:40
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1685673173-357443733-221515080-500 - Administrator - Disabled)
David (S-1-5-21-1685673173-357443733-221515080-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1685673173-357443733-221515080-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player Packages (HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Adobe Flash Player Packages) (Version:  - ) <==== ATTENTION
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ATI Catalyst Install Manager (HKLM\...\{127BEDB9-CFBA-91A2-BCC1-A3A21AFA02F6}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Battlefield 2 Complete Collection (HKLM-x32\...\Battlefield 2 Complete Collection_R.G._Element_Arts_is1) (Version: 1.5.3153.802.0 - R.G. Element Arts, Zerstoren)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2011.0407.736.11742 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Packet Tracer 6.2 Student (HKLM-x32\...\Cisco Packet Tracer 6.2 Student_is1) (Version:  - Cisco Systems, Inc.)
CodeBlocks (HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GDR 2218 for SQL Server 2012 (KB2716442) (64-bit) (HKLM\...\KB2716442) (Version: 11.0.2218.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{B86FB076-3531-4AF4-86CC-68CA36BFF48A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
IIS Search Engine Optimization Toolkit 1.0 (HKLM\...\{BC5929D3-9D88-4B35-8E37-CD1F2849292C}) (Version: 1.0.0731 - Microsoft Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Java™ SE Development Kit 6 Update 1 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 Update 1 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
LenovoUsbDriver 1.0.10 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.10 - Lenovo)
LINE (HKLM-x32\...\LINE) (Version: 4.0.3.367 - LINE Corporation)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{BFEF7F89-A8EF-440A-8CBF-90BE1B7DFB7A}) (Version: 15.8.8928.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{587F8B5C-D30D-4EEC-849B-FC410EA38AAF}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 RS Add-in for SharePoint  (HKLM\...\{1527F893-FB8F-45D1-8B83-488E9F5C516C}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{977887EC-1C9B-47FA-8489-88E5E7F43D5E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{03A2AE02-CBC9-4746-A376-0F7BF6AF5F39}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.001.05.00.45 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NetBeans IDE 7.2.1 (HKLM\...\nbi-nb-base-7.2.1.0.201210100934) (Version: 7.2.1 - NetBeans.org)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PointerConnector (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{869b9e4a}) (Version:  - PointerConnector) <==== ATTENTION
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Rise of Nations Gold (HKLM-x32\...\Rise of Nations Gold_is1) (Version:  - Microsoft)
SalePluus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version:  - ) <==== ATTENTION
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SQL Server 2012 Analysis Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Distributed Replay (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Master Data Services (Version: 11.0.2218.0 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 RS_SharePoint_SharedService (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
Update 4.0.2 for Microsoft .NET Framework 4 Client Profile (KB2544514) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2544514) (Version: 1 - Microsoft Corporation)
Update 4.0.2 for Microsoft .NET Framework 4 Extended (KB2544514) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2544514) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VitalSource Bookshelf (HKLM-x32\...\{ACBF0550-A317-4C22-AC93-0DDB73087412}) (Version: 6.01.0018 - Ingram Content Group)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WindowsMangerProtect20.0.0.1277 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1277 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.10 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.1 - win.rar GmbH)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.95 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812ASIA}_is1) (Version:  - Wargaming.net)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1685673173-357443733-221515080-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2009-06-11 04:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08A1113C-A2DA-4B2A-883C-44BD490449A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {107B4BE5-F490-445A-ACCE-549F256B8EEC} - System32\Tasks\PCRegistryShield_Popup => C:\Program Files (x86)\PC Registry Shield\Splash.exe <==== ATTENTION
Task: {15F7E6A4-30D5-4C0A-832D-F257AB53FFD6} - System32\Tasks\PCRegistryShield_Start => C:\Program Files (x86)\PC Registry Shield\PcRegistryShield.exe <==== ATTENTION
Task: {25938748-7616-4E43-9632-EC6A53A099FC} - System32\Tasks\{0AB6AF86-822A-4734-BABE-37E5EE267EB9} => C:\Game\Warcraft III\w3l.exe
Task: {2ECA2BD1-1A80-41F9-A26C-C4A4B55E6D47} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {2ED5F245-5710-49C0-A6F6-B29BD5023A8A} - System32\Tasks\{85BFD318-7D84-4871-A7D2-762BFF77EA25} => C:\Game\Warcraft III\w3l.exe
Task: {30DD0ACD-0013-4E52-B72A-3B98C7091978} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-06-17] (Microsoft)
Task: {55FA7F85-E46C-410E-9A45-6AAA167EF060} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-23] (CyberLink)
Task: {6B53199F-814C-4648-8FB4-6C138DB6F16D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {6BAB7E0B-06A9-43E3-901A-4F52E67D4328} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2015-01-06] ()
Task: {70DD3BEB-BE15-4BF4-8D26-FB28695BAB02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {79FF2895-84D2-46F4-9267-F299C3A8339B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {81895BEE-A4CF-46D6-934A-A111C0E4F5A3} - System32\Tasks\AppSafe => C:\Program Files (x86)\AppSafe\AppSafe.exe <==== ATTENTION
Task: {8FB05FC7-AED1-4BC0-964A-E42D85BDE710} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {97FCC845-F557-4706-8859-41F6C4775A84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {AB7553D1-A081-4A70-B7C5-14254D501212} - System32\Tasks\Speedial => C:\Users\David\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B20721BE-F0F3-47D5-9152-9B77291D750C} - System32\Tasks\HPCeeScheduleForDavid => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {B47A7F60-50F9-4475-8B2E-8DFFA4B74633} - System32\Tasks\{AD666397-DC06-4640-B0AA-42A4BBE16AFD} => C:\Game\Warcraft III\w3l.exe
Task: {D07410B1-FA85-4514-92C5-06F55E48E4E7} - System32\Tasks\{96B35852-3F50-4A28-A954-B03FCA8218EC} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30] (Microsoft Corporation)
Task: {D4D36EA5-A92B-4381-B7D6-DD7E4DC58398} - System32\Tasks\AdobeAAMUpdater-1.0-DAVIDHOHO-David => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {F482E15A-101E-47A0-8E53-C739A097BF9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-06-17] (Microsoft)
Task: {F7DF8D19-7D6B-4732-B5F0-26FA08A58452} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe [2015-01-06] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AppSafe.job => C:\Program Files (x86)\AppSafe\AppSafe.exe <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDavid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Speedial.job => C:\Users\David\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-06-17 11:33 - 2015-06-17 11:33 - 08016413 _____ () C:\Program Files (x86)\Distressed Stretch\Distressed Stretch.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-03-11 11:18 - 2011-10-18 20:49 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-01-05 19:49 - 2014-09-11 21:13 - 11021824 _____ () C:\xampp\mysql\bin\mysqld.exe
2011-01-08 07:57 - 2011-01-08 07:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-01 19:32 - 2013-04-01 19:32 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-02 15:28 - 2014-11-26 10:42 - 00612528 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll
2015-01-05 19:47 - 2014-07-17 18:18 - 00219648 _____ () C:\xampp\apache\bin\pcre.dll
2015-01-05 19:50 - 2014-11-13 08:41 - 00127488 _____ () C:\xampp\php\libpq.dll
2015-01-05 19:47 - 2014-11-13 08:41 - 00117760 _____ () C:\xampp\apache\bin\libssh2.dll
2015-04-09 00:39 - 2015-04-09 00:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67e9010a82d780d45c4fd2d359927737\IsdiInterop.ni.dll
2011-06-23 15:42 - 2011-01-13 07:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:55B41E6A

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1685673173-357443733-221515080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk => C:\Windows\pss\HDDlife.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WhatsApp.lnk => C:\Windows\pss\WhatsApp.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: cmpbcsvc => C:\Users\David\AppData\Local\Temp\clicXP32.exe
MSCONFIG\startupreg: cngaxapi => C:\Users\David\AppData\Local\Temp\cmicname.exe
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
MSCONFIG\startupreg: FDPRO-516 => C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: swg => C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6B3740EB-5D99-48F1-B0D2-53B539BCED33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3A4B2587-D697-44D1-BDAE-201688BC23FC}] => (Allow) LPort=2869
FirewallRules: [{809E009A-CE7B-4969-8990-AB43964FE3C3}] => (Allow) LPort=1900
FirewallRules: [{00D5614A-9AE8-4661-8D51-58AA18B43CDE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8B3C2753-344A-4D03-935D-71C9463C29C2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1CF0B2B8-3D1A-4DF9-99A3-2E739EB20CEB}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K13\nba2k13.exe
FirewallRules: [{B4A194DD-D351-40D5-97D5-E3A3DBC4E1C2}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K13\nba2k13.exe
FirewallRules: [{075ECCBD-73B5-492F-9A78-E2DF6962F3A1}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\cstrike-online.exe
FirewallRules: [{1F5DF9C7-81AF-470A-AF90-E01CF3A3BE5A}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\cstrike-online.exe
FirewallRules: [{BC998806-E740-403B-A806-9343D22A574D}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\NMService.exe
FirewallRules: [{A348BB80-9B62-4C94-8B8E-8745364BB51E}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\NMService.exe
FirewallRules: [{614C3048-4256-4F0C-BE16-E97F5D89F7F6}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{7D0CD4F5-8520-42AE-AAD0-A6B5D66134E0}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{A6973349-4389-4418-B8A4-7CF433B910DC}] => (Allow) C:\Users\David\Downloads\Programs\CodecPerformerSetup.exe
FirewallRules: [{0990733B-0955-464D-BA6D-AA5B1E8A4BB6}] => (Allow) C:\Users\David\Downloads\Programs\CodecPerformerSetup.exe
FirewallRules: [{5ACA60A4-8FD6-4CD8-AAE0-3225CC90C7B4}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{B06B07F3-38CE-4230-8654-4B32EA827074}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{78C78202-E329-413C-9D10-0E1BA507AFC1}] => (Allow) C:\GAMES\AuraKingdom\game.bin
FirewallRules: [{DC801EC6-260A-4370-A37E-7E171372DC82}] => (Allow) C:\GAMES\AuraKingdom\game.bin
FirewallRules: [TCP Query User{241564F6-FF73-4B71-B5EB-799C3232AE7F}C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe] => (Allow) C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe
FirewallRules: [UDP Query User{DB3F80BB-A7D0-4921-965F-0FC7211A06AB}C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe] => (Allow) C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe
FirewallRules: [TCP Query User{6A6AB493-35EC-4760-A78C-10A31DC29BD4}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{A4913ABD-DCA1-4293-8E51-E34D771EFC9D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{23F54A62-2D33-4515-AE53-F3E939BAE786}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{2988892D-CE7A-48F9-B41C-7CE19EDC82DB}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{8D91D658-2E6E-451B-BD09-F77639443AA6}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\Spark.exe
FirewallRules: [{AFB0601B-C348-449C-84B9-D230FE4E62F8}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\Spark.exe
FirewallRules: [{190113EB-035D-400E-BBC9-640DE05B4912}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\CrashUL.exe
FirewallRules: [{A5163DA0-3BAA-418D-8346-A8078A68104D}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\CrashUL.exe
FirewallRules: [TCP Query User{ED1F8A2D-2A2B-4798-BD89-34D4101BC132}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{7936885E-68BF-43DE-88F1-583DEEDE9786}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{A9225E45-8C09-4BE9-A3F3-D31625C802F2}] => (Block) C:\Program Files (x86)\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [TCP Query User{5706E12E-4B6B-4364-A277-D4757F8C6D45}C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe] => (Allow) C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe
FirewallRules: [UDP Query User{ED49BCDB-8F6D-4785-B9CE-B903DF32EFF3}C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe] => (Allow) C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe
FirewallRules: [TCP Query User{705435AC-F8B1-4067-B858-C84D34EC3109}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{7669D051-0976-4C82-A9C9-B247D327DDF8}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{87E9AF7D-6069-4B47-8C77-B9141071385E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{D0514609-3A98-4491-ACE0-22A875DC9F08}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{0033148A-C5D6-4E99-98BC-B0CE6A55A87D}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{17EC4BDA-9421-415D-9664-2B46F18D4976}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{92F5E274-3BD1-45B7-B6D5-0B70CD105DA9}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{E81FC4D9-88A6-4FA2-8CED-6CFFCC0261FD}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{8C120001-792A-4D69-8D28-081DE1C0AC57}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{D88BE0EF-6363-4605-BE19-46FF90691F42}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{DAD03EAB-1478-4202-9222-853B38F16CB0}C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{72B3BC66-9774-4502-8BB3-E13C5A63579C}C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{D25FBC46-871C-4356-9103-A73308B17BBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9AA31033-3D4D-43F9-B171-7BF0F36553B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{544CB9E2-03DD-4E62-9A2A-E3780E864A09}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{20A7AF5E-0430-4664-8E13-EEA8F1733061}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{CBD5C76A-ECBE-47B1-89C2-8069E7A8E352}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B7CF26EA-3EFC-4ADA-B9CF-ED605D399193}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{915BD1D5-9B87-4EDD-8482-9F43EC773C79}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{689A810A-EDC6-4618-B0F5-80DE851B9066}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{ACAC4C4F-4C5C-4FF0-9A52-31E7949B1DA3}C:\games\left 4 dead 2\left4dead2.exe] => (Allow) C:\games\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{25266BD3-D02C-47D5-B623-71B833884EF6}C:\games\left 4 dead 2\left4dead2.exe] => (Allow) C:\games\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{D92F72F5-3D5F-4060-A95B-75140A595086}C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe] => (Allow) C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe
FirewallRules: [UDP Query User{23871980-9305-4EB9-949C-BDA231E5054F}C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe] => (Allow) C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe
FirewallRules: [{93765379-A439-4FE3-98DB-B13BFCA5F247}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{00C7B376-0E75-4506-AB6F-F18BDF289FF6}] => (Allow) C:\GAMES\Special Force 2\SpecialForce2\Binaries\Win32\sf2.exe
FirewallRules: [{0B144DB6-B19F-4B07-B58C-FEABDCE9077A}] => (Allow) C:\GAMES\Special Force 2\SpecialForce2\Binaries\Win32\sf2.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2015 02:58:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mpc-hc.exe version 1.5.3.3752 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7b8

Start Time: 01d0b3d25a9ec63e

Termination Time: 33

Application Path: C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe

Report Id: 02bed1f9-1fc7-11e5-ae3f-cc52afa0a36e

Error: (07/01/2015 09:25:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: An error occurred while writing a trace event to the file, \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc.

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: An error occurred while writing a trace event to the file, \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc.

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: An error occurred while writing a trace event to the file, \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc.

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: An error occurred while writing a trace event to the file, \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc.

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: An error occurred while writing a trace event to the file, \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc.

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: An error occurred while writing a trace event to the file, \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc.

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: An error occurred while writing a trace event to the file, \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc.

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: An error occurred while writing a trace event to the file, \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc.


System errors:
=============
Error: (07/01/2015 09:27:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (07/01/2015 09:26:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (07/01/2015 09:26:31 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/01/2015 09:26:31 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/01/2015 09:26:23 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Avira Scheduler service, but this action failed with the following error:
%%1058

Error: (07/01/2015 09:26:23 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Avira Real-Time Protection service, but this action failed with the following error:
%%1058

Error: (07/01/2015 09:26:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/01/2015 09:26:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Real-Time Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/01/2015 09:26:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (07/01/2015 09:26:21 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5


Microsoft Office:
=========================
Error: (07/01/2015 02:58:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mpc-hc.exe1.5.3.37527b801d0b3d25a9ec63e33C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe02bed1f9-1fc7-11e5-ae3f-cc52afa0a36e

Error: (07/01/2015 09:25:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc

Error: (06/30/2015 00:59:51 PM) (Source: MSOLAP$SQL2012) (EventID: 11) (User: )
Description: \\?\C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\Log\FlightRecorderCurrent.trc


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 65%
Total physical RAM: 4043.86 MB
Available physical RAM: 1396.16 MB
Total Pagefile: 8085.93 MB
Available Pagefile: 4900.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.51 GB) (Free:12.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (David) (Fixed) (Total:220.53 GB) (Free:10.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B45026AF)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=13.4 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by davidhoho, 01 July 2015 - 06:47 AM.

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Welcome to the Board!

 

Hang on while I have a look.


  • 0

#3
davidhoho

davidhoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Welcome to the Board!

 

Hang on while I have a look.

 

okay, thanks for your help


  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Yes, you have a lot going on there. Let's start here and see how this helps.

 

51a612a8b27e2-Zoek.png Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
     

createsrpoint;
chrdefaults;
iedefaults'
FFdefaults;
fakechrprofiles;delete
shortcutfix;
autoclean;
resethosts;
emptyalltemp;

 

  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.


  • 0

#5
davidhoho

davidhoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Yes, you have a lot going on there. Let's start here and see how this helps.

 

51a612a8b27e2-Zoek.png Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
     

createsrpoint;
chrdefaults;
iedefaults'
FFdefaults;
fakechrprofiles;delete
shortcutfix;
autoclean;
resethosts;
emptyalltemp;

 

  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Hy Biscuithd, i already follow your instruction by doing the scan with zoek. it took a long time in --- Create Backups 22:48:04,77 part (Almost 2 hours right now). Maybe because my hard drive is quite full. I am going out of town for the next three days. So please don't close this thread, i will do your instruction again when i am back and post the zoek-results logfile as soon as possible.

Thank you


Edited by davidhoho, 02 July 2015 - 11:30 AM.

  • 0

#6
davidhoho

davidhoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here its finished

 

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by David on 03/07/2015 at  0:33:55,07.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-07-02-154804.log    12492 bytes

==== System Restore Info ======================

03/07/2015 0:34:35 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
 
# localhost name resolution is handled within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\prefs.js:
user_pref("browser.startup.homepage", "about:home");

Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vw701zGC.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vw701zGC.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\David\AppData\Roaming\Mozilla\FirefoxOLD\Profiles\aribhaky.default-1421422906097\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\David\AppData\Roaming\Mozilla\FirefoxOLD\Profiles\aribhaky.default-1421422906097\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_072015_0049_.backup

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vw701zGC.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_072015_0049_.backup

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\FirefoxOLD\Profiles\aribhaky.default-1421422906097

---- FireFox user.js and prefs.js backups ----

user_072015_0049_.backup
prefs_072015_0049_.backup

==== Deleting Files \ Folders ======================

"C:\Users\David\AppData\Roaming\Mozilla\FirefoxOLD\Profiles\aribhaky.default-1421422906097\searchplugins\Vosteran.xml" deleted
"C:\PROGRA~2\WinZipper\eshellctx64.dll" deleted
"C:\PROGRA~2\Distressed Stretch\Distressed Stretch.exe" deleted
"C:\PROGRA~2\WinZipper\eshellctx64.dll" deleted
"C:\PROGRA~2\WinZipper" not deleted
"C:\PROGRA~2\Distressed Stretch" not deleted
"C:\PROGRA~2\WinZipper" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\vw701zGC.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\FirefoxOLD\Profiles\aribhaky.default-1421422906097
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Users\David\AppData\Roaming\IDM\idmmzcc5" [08/08/2014 16:09]

==== Firefox Extensions ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237
- Ant Video Downloader - %ProfilePath%\extensions\[email protected]
- Download YouTube Videos as MP4 - %ProfilePath%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
- Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237
855B79451ECF62602F20EB4D5C71F99B    - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll -    Shockwave for Director / Shockwave for Director
2820FF3A306D6AEB8BFBBB753BD83EBE    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll -    Shockwave Flash
1C039FEC033BACCD1E7EABDC677D09CE    - C:\Users\David\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll -    Microsoft Lync Web App Plug-in
1C039FEC033BACCD1E7EABDC677D09CE    - C:\Users\David\AppData\Roaming\Mozilla\plugins\npLWAPlugin15.8.dll -    Microsoft Lync Web App Plug-in


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.130

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
jeaohhlajejodfjadcponpnjgkiikocn - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[08/07/2014 14:48]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]

IDM Integration Module - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn

==== Chromium Startpages ======================

C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
443":{"network_stats":{"srtt":330724},"supports_spdy":true},"tools.google.com:80":{"alternative_service":[{"port":80,"probability":0.02,"protocol_str":"quic"}]},"tpc.googlesyndication.com:443":{"network_stats":{"srtt":143506},"supports_spdy":true},"tpc.googlesyndication.com:80":{"network_stats":{"srtt":256710}},"translate.google.com:80":{"network_stats":{"srtt":24774}},"translate.googleapis.com:443":{"network_stats":{"srtt":311821},"supports_spdy":true},"tresnabuana.files.wordpress.com:443":{"supports_spdy":true},"tresnabuana.wordpress.com:443":{"supports_spdy":true},"twitter.com:443":{"supports_spdy":true},"upload.wikimedia.org:443":{"supports_spdy":true},"waroong.net:443":{"supports_spdy":true},"winnerican.org:443":{"supports_spdy":true},"winnering.info:443":{"supports_spdy":true},"winnering.org:443":{"supports_spdy":true},"www-fc-opensocial.googleusercontent.com:443":{"network_stats":{"srtt":430131}},"www.4saleplay.com:443":{"supports_spdy":true},"www.barumenikah.blogspot.com:80":{"alternative_service":[{"port":80,"probability":0.5,"protocol_str":"quic"}]},"www.blogblog.com:80":{"network_stats":{"srtt":35077}},"www.blogger.com:443":{"network_stats":{"srtt":455292},"supports_spdy":true},"www.blogger.com:80":{"network_stats":{"srtt":322073}},"www.facebook.com:443":{"supports_spdy":true},"www.fineartmom.com:80":{"alternative_service":[{"port":80,"probability":0.5,"protocol_str":"quic"}]},"www.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":0.08,"protocol_str":"quic"}],"supports_spdy":true},"www.google-analytics.com:80":{"network_stats":{"srtt":31191}},"www.google.co.id:443":{"network_stats":{"srtt":223635},"supports_spdy":true},"www.google.co.id:80":{"network_stats":{"srtt":263767}},"www.google.com:443":{"network_stats":{"srtt":622592},"supports_spdy":true},"www.google.com:80":{"network_stats":{"srtt":33087}},"www.googleadservices.com:443":{"supports_spdy":true},"www.googleadservices.com:80":{"network_stats":{"srtt":125273}},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":22259},"supports_spdy":true},"www.googletagmanager.com:80":{"network_stats":{"srtt":176527}},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":61974},"supports_spdy":true},"www.googletagservices.com:80":{"network_stats":{"srtt":207172}},"www.gstatic.com:443":{"network_stats":{"srtt":110612},"supports_spdy":true},"www.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.5,"protocol_str":"quic"}],"network_stats":{"srtt":8318}},"www.kaskus.co.id:443":{"supports_spdy":true},"www.lintas.me:443":{"supports_spdy":true},"www.rajawow.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.wealthyslots.com:443":{"supports_spdy":true},"www.yahoo.com:443":{"supports_spdy":true},"www.youtube-nocookie.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":57277},"supports_spdy":true},"www.youtube.com:443":{"network_stats":{"srtt":522153},"supports_spdy":true},"www.youtube.com:80":{"network_stats":{"srtt":32997}},"www1.blogblog.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www2.blogblog.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":33718}},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":57078},"supports_spdy":true}},"supports_quic":{"address":"192.168.0.105","used_quic":true},"version":3}},"ntp":{"pref_version":3,"shown_sections":1,"web_resource_cache_update":"1422595992.246505","web_resource_server":"https://clients2.goo...e,"name":"Firstuser","per_host_zoom_levels":{}},"protection":{"macs":{}},"safebrowsing":{"extended_reporting_enabled":false},"selectfile":{"last_directory":"D:\\PRIVATE\\COLLEGE\\Certificate"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13072545222727876"},"state":1,"sync_promo":{"startup_count":10},"tabs":{"use_vertical_tabs":false},"translate_accepted_count":{"en":0,"id":0,"ms":0,"th":0},"translate_blocked_languages":["en","ms"],"translate_denied_count":{"en":3,"id":3,"ms":1,"th":1},"translate_language_blacklist":["en","ms"],"translate_last_denied_time":1.42561e+12,"translate_too_often_denied":true,"translate_whitelists":{},"webkit":{"webprefs":{"allow_running_insecure_content":true,"inspector_settings":{"lastActivePanel":"elements"}}}}
5DBD3549","aohghmighlieiainnegkcijnfilokake":"7807F9136EE04E1C085DF90510A70CB21769F1499538F712B96B7B2724EDEDB9","apdfllckaahabafndbhieahigkjlhalf":"556DE32B0B6AC8221BD9E9B69F044981A25A5DF6C0AE9CA605CCCC2A56FECD5B","bakijjialdiiboeaknfpmflphhmljfkd":"1ABFD7FC20B271D2787E8B4B92ECFE7948D772AB3AE07C4701238DF56A8CC671","bcmfcmnnfajkaodbiimljgjngkdcomkd":"78CE4914B83D22562D3AEA748E8D4A5087EB6682142867162198349D7B3D76C0","bdbpkoeofkmglgejkgoihmmplddbplhk":"6EF1EDB4577B959598100876835543BA97893D69CE6D76A62DA0623E2794955D","bepbmhgboaologfdajaanbcjmnhjmhfn":"BD7BC0A8DDBFED772641830D8C29335A08BF960BB0031A2A5A20DFC13C97FEF1","bfchgcbmheebfgccmphpabmjmiphgafa":"BD9F305A8B90D7986FFEDA734BA42516719CDD2924CC92E28E8A0FD0186D8475","bibclkcoilbnbnppanidhimphmfbjaab":"38B9C24EC342A53DFF6C61B754C64CDF3B78D03CF38C19F5EADD970EA903A2AD","blpcfgokakmgnkcojhhkbfbldkacnbeo":"6B950F976A3E621B22B49BB40287BB65E65CD2BFEF9C647B5D638B96B0687E51","coobgpohoikkiipiblmjeljniedjpjpf":"979157495C6D939306C6C96EA590640ED6D5775FE15F3871B07D803C3B519566","ddiblodcpaaieoopolanaoecbhicgjfo":"0B7C1ED161CCADD3E43EC206610107BDBAFB2FF9A7EF92869E94C90ABB5F8A4F","dlggapfljcnbmajohkhhapaoajopbncm":"DEBC1016141036320440F787238DAF9F3C151032991ED5F4DC0ED27504881BF3","dnhpdliibojhegemfjheidglijccjfmc":"00980CC69067175D87B5D9B6CE72C4DE79E9B1231DA23506B419C74447232349","edgoajlnpnfkpnlcmnoeapkdlfokmdhh":"86CF9C327A379F3FAE3262C96B019DC6365E58A47264E49E2AE26924BA8BB82D","eemcgdkfndhakfknompkggombfjjjeno":"400386D1FC3B0F43D3871624E300C0D381582909C4ABABE054E4A71F2D02CA02","ennkphjdgehloodpbhlhldgbnhmacadg":"468A3F6C59CCA5B73BCB62F01D3F6C7DF71A035E714C15CFA4ACFECEEA5B613A","felcaaldnbdncclmgdcncolpebgiejap":"40D5243F229851D9A5F84FCA10643EA8935A810F3736B57E7E1425BF6768A330","fmgncofpadimjlpmndcpcfiilplihmop":"569763ED98E027435DAC9F7CFD4470DAF32C1BE3FAEAAA3527739B89A32557CF","gdbfnafnalfjconpgenohfidcaeibkoc":"01F3746DA5AADC70EEB14FE83EE9B8F420D94AEFF1FA94CED9B20C5726211177","geklbcigmpeljogplgbgnakkbajkkmbb":"78CE39EE10A34810CE6717F7ACE030D403872A25D07F8798121C0645230D6F78","gfdkimpbcpahaombhbimeihdjnejgicl":"631A380601C044CF4AAFF533D6475608B4AF4BA21046B42B0B5E38E32035C79D","ginepjojjbmfbfiibfdebddmbkjmgfle":"DEEE98BF19D8AF5F4E68A4A467140720A1AD2025803D21B0FC09344B8925EBFA","hgnpdbanhfmmdgeogllhocdajiphlkgi":"523DDAD4A97832D1FD749CEABF6EE23CE0A52D30F2FD2C2C2E1926A6C28A69A9","ibgbdgngjflpkahkoabmiijlaggkinaj":"977986E713F89CC0422B8F80FBA3BB710797E73B45C65E9C3D674568B11440FA","jeaohhlajejodfjadcponpnjgkiikocn":"2917953ABD39D0ABA4D1289D35BA5E19A7BB08AC0777684B207BB5E7274F2CA4","kmendfapggjehodndflmmgagdbamhnfd":"CC1A786F4E0E6A318658CA1BD588D9EE8E539A8D38F3678E090323C710CE8E5D","lojpenhmoajbiciapkjkiekmobleogjc":"94506AF64BA7D2AB9DD22AB419CBFEC321933BDA407AD2E40F994EFF43BDDBB6","mfehgcgbbipciphmccgaenjidiccnmng":"6A8398872909DAE6E1B6A3C6975651FCBB2EAC118A37E471971A77CD956EAE60","mfffpogegjflfpflabcdkioaeobkgjik":"83D2D0BAC351AA3836A385BE57234CBAB671B82AE90A736E7E28EDB2F6A188CC","mgndgikekgjfcpckkfioiadnlibdjbkf":"747CA31063A75497A5D974F036D12E3426626E5EC6392F8F0CC4D642A4DD6FEE","mhjfbmdgcfjbbpaeojofohoefgiehjai":"8AD8D1E62F27A8E82138F8F27277D4B118FE9BFC54E9861EBAC72050BE56421E","nbpagnldghgfoolbancepceaanlmhfmd":"481C10C72A71F1E533F31D2B3AE092E179D6938EC556A2B11EDD6DCABCA912B0","neajdppkdcdipfabeoofebfddakdcjhd":"49F26EB6EA26404483A12EEC3B8C960E15708CB6490DAFBCEABF641286AA38DA","nkeimhogjdpnpccoofpliimaahmaaome":"108AFC6026A74C28928F198D2D6F4D2418C947C013CF96BF88FFFB35065B283E","nmbfljkmcghmakofbhhgemjhboabdkcn":"63F66989CDA1286C24C1DA422219A857434579F9C05ABE0CF9DB7E9305CCE10B","nmmhkkegccagdldgiimedpiccmgmieda":"1A870C00E1E4F6F990A30D11288BFAAD18DB4B7B4FB2B8A620A4A1BAF9A6857D","noajmlkipclmeolfcnflkjhijkigpfjh":"8F68CFE377D873B90F70893A8FF57A2BEAC0DB4BFACAC211E56DFC82AD741BAD","ogminpmldncgcmokldnmmapddoccmhfl":"A443ACDEEC2D76CBE81D8A6AFCE58D043728465D64C093928CE52912B4ADB531","oienjamfkkgodanlopcoccgeciiabpbf":"982E198D00B1A144C9197622F75625FB49E0F17FE79E3F018065EF43D92DB812","oilkkkefbalmbfppgjmgjoefbclebkce":"A500D984F2FD26719B89706645D7B6BF7F93049BA8AB3549462466B3222B4753","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"82FFA023F7472E2BD97E2329BF4E32DC0D81372FE34AB849078D37B35028E734","pgmjaihnmedpcdkjcgigocogcbffgkbn":"87B4A3B10141A3EE29CD52FD1384133A316EFCD6C12210B0EA210DA1D582DDFC","pjkljhegncpnkpknbcohdijeoejaedia":"F5E1FA92EDDDAFDCA4379AC71EB7755AED05F926DE8EA27E8FE187F698301430"}},"google":{"services":{"last_username":"32A287AEE36E35AD04B9D0A73CF6943961D880E66A71BBDB82872987841CE2FE","username":"01B00867C4F7CCEDADF06787ED1FCE9E115665D6A68B3B00076175DC100C027E"}},"homepage":"01EE608E3093A385EDD5CB0CA6102608228AA562996399159E513D57F8840ADB","homepage_is_newtabpage":"B3F4CFC9FCA34372C9CF273E02843B8F4E5BEE2570A3DED54D8231ABCA9ACF4A","pinned_tabs":"1CD111BECD4775B18B6662555D44C9799E527718F4F82261140A4934C7D5E341","prefs":{"preference_reset_time":"D776FBD2A373356497FC4886753BC4D39F6E53302C9C9E73D4337BFCEA8479FF"},"profile":{"reset_prompt_memento":"9DA1D7DC3F56E546808D9B43A111194F1B40013F3044E86E891A9542E8A6CAAB"},"safebrowsing":{"incidents_sent":"E85DC3A07C816E12E4116377C31A1CC72FC0603477F6353398A22BB0E2F28AF7"},"search_provider_overrides":"400ACE550F4C52EFC66FA0B462EF3D0BD2F043CC6738CF8B397E62313541F60D","session":{"restore_on_startup":"9828ADEEA1A58EDCAA3419956DF383793A88BE2973174694B075C474E8F639EC","startup_urls":"597AE1FC3690D694E4FB0FE4813A522329C255C614FDD66598D3C850438C33D5"},"software_reporter":{"prompt_reason":"09DCB5C77198FE9121DF0131F1A8B7846CF2B36971F4467E15216824788270D2","prompt_seed":"60640370121B7C031A5C8749C590D4B43DA5013EF6F86725FE2C5A459CD702D4","prompt_version":"7939286FD8811A7C934FD31A2261A739146260C58031A8F280D0BE1216628B59"},"sync":{"remaining_rollback_tries":"BF28113D728B0482C4CFF99B97F2E84FEC9994983D83C5BAE915A3FFF5E757CB"}},"super_mac":"36043CEF6BA5EE28BBF270DA0D400F35F2F92687C2152EEDD9D57EA63D99FB31"},"session":{"startup_urls":["http://websearch.coo...ion":"3.21.0"}}


==== Chromium Fix ======================

C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.luckyleap.net_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searches3.globososo.com_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searches3.globososo.com_0.localstorage-journal deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.best-deals-products.com_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.best-deals-products.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certif...2E0943B8A17&q="
"Search Bar"="http://search.certif...2E0943B8A17&q="
"Search Page"="http://search.certif...2E0943B8A17&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.certif...2E0943B8A17&q="
"Search Bar"="http://search.certif...2E0943B8A17&q="
"Search Page"="http://search.certif...2E0943B8A17&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certif...0943B8A17&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certif...0943B8A17&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.certif...0943B8A17&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.certif...0943B8A17&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="www.google.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
"newtab"="about:tabs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
"newtab"="about:tabs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certif...2E0943B8A17&q="
"Search Bar"="http://search.certif...2E0943B8A17&q="
"Search Page"="http://search.certif...2E0943B8A17&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://search.certif...2E0943B8A17&q="
"Search Bar"="http://search.certif...2E0943B8A17&q="
"Search Page"="http://search.certif...2E0943B8A17&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://www.google.com/"
"Search Bar"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://www.google.com/"
"Search Bar"="http://www.google.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://www.google.com/"
"Search Bar"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Start Page"="http://www.msn.com/?pc=MSSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.co...sults.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Search Bar"="http://go.microsoft..../?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{31090377-0740-419E-BEFC-A56E50500D5B} Google  Url="http://www.google.co...e7&rlz=1I7RNWM"
{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing  Url="http://www.bing.com/...MSSEDF&pc=MSSE"
{d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia  Url="http://en.wikipedia....={searchTerms}"
{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\chromepreferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences.acp was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data.acp was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully
HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully
HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\David\Desktop\abcd - Shortcut.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\abcd.exe
C:\Users\David\Desktop\Adobe Photoshop CC (64 Bit).lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CC (64 Bit)\Photoshop.exe
C:\Users\David\Desktop\BF2 - Shortcut.lnk - C:\Program Files (x86)\R.G. Element Arts\Battlefield 2 Complete Collection\BF2.exe
C:\Users\David\Desktop\Cisco Packet Tracer Student.lnk - C:\Program Files (x86)\Cisco Packet Tracer 6.2sv\bin\PacketTracer6.exe
C:\Users\David\Desktop\CodeBlocks.lnk - C:\Program Files (x86)\CodeBlocks\codeblocks.exe
C:\Users\David\Desktop\COLLEGE - Shortcut.lnk - D:\PRIVATE\COLLEGE
C:\Users\David\Desktop\Counter Strike 1.6 No Steam.lnk - C:\Program Files (x86)\Counter-Strike 1.6\hl.exe -nomaster -game cstrike
C:\Users\David\Desktop\DFUBG - Shortcut.lnk - C:\GAMES\Special Force 2\SpecialForce2\DFUBG.exe
C:\Users\David\Desktop\eclipse - Shortcut.lnk - C:\Program Files (x86)\eclipse\eclipse.exe
C:\Users\David\Desktop\FreeImageConvertAndResize - Shortcut.lnk - C:\Program Files (x86)\Free Image Convert and Resize\FreeImageConvertAndResize.exe
C:\Users\David\Desktop\Internet Download Manager.lnk - C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Users\David\Desktop\left4dead2 - Shortcut.lnk - C:\GAMES\Left 4 Dead 2\left4dead2.exe
C:\Users\David\Desktop\Macromedia Dreamweaver 8.lnk - C:\Windows\Installer\{0837A661-FEC3-48B3-876C-91E7D32048A9}\DWARPPRODUCTICON.exe
C:\Users\David\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\David\Desktop\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe
C:\Users\David\Desktop\Microsoft Visual C++ 2010 Express.lnk - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\VCExpress.exe
C:\Users\David\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\David\Desktop\NFS11 - Shortcut.lnk - C:\GAMES\NeedForSpeed Hot Persuit\Need for Speed™ Hot Pursuit\NFS11.exe
C:\Users\David\Desktop\SQL Server Management Studio.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe
C:\Users\David\Desktop\sublime text.lnk - C:\Program Files (x86)\Sublime Text Build 3047 x64\sublime_text.exe
C:\Users\David\Desktop\VitalSource Bookshelf.lnk - C:\Windows\Installer\{ACBF0550-A317-4C22-AC93-0DDB73087412}\Bookshelf.exe_9EE4656FD32849489373E6590C1F65B8.exe
C:\Users\David\Desktop\w3l - Shortcut.lnk - C:\GAMES\Warcraft III\w3l.exe
C:\Users\David\Desktop\XAMPP Control Panel.lnk - C:\xampp\xampp-control.exe
C:\Users\David\Desktop\µTorrent.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Freemake Video Converter.lnk - C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\LINE.lnk - C:\Program Files (x86)\Naver\LINE\Line.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\World of Tanks.lnk - C:\GAMES\World_of_Tanks\WoTLauncher.exe

==== shortcuts in Users Start Menu ======================

C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools\AVD Manager.lnk - C:\Users\David\AppData\Local\Android\android-sdk\AVD Manager.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools\SDK Manager.lnk - C:\Users\David\AppData\Local\Android\android-sdk\SDK Manager.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools\Uninstall Android SDK Tools.lnk - C:\Users\David\AppData\Local\Android\android-sdk\uninstall.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d.lnk - C:\Users\David\AppData\Roaming\obfavqufsr.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk - C:\Program Files (x86)\Naver\LINE\Line.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk - C:\Program Files (x86)\Microsoft\Web Platform Installer\WebPlatformInstaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\IIS Manager.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio\Android Studio.lnk - C:\Program Files\Android\Android Studio\bin\studio64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer Student\Cisco Packet Tracer Help.lnk - C:\Program Files (x86)\Cisco Packet Tracer 6.2sv\help\default\index.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer Student\Cisco Packet Tracer Student.lnk - C:\Program Files (x86)\Cisco Packet Tracer 6.2sv\bin\PacketTracer6.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer Student\Qt Linguist.lnk - C:\Program Files (x86)\Cisco Packet Tracer 6.2sv\bin\linguist.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer Student\Saves.lnk - C:\Program Files (x86)\Cisco Packet Tracer 6.2sv\saves
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer Student\Uninstall Cisco Packet Tracer Student.lnk - C:\Program Files (x86)\Cisco Packet Tracer 6.2sv\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\Change skin.lnk - C:\Program Files (x86)\FreeArc\bin\gtk2_prefs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\FreeArc.lnk - C:\Program Files (x86)\FreeArc\bin\FreeArc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\Uninstall.lnk - C:\Program Files (x86)\FreeArc\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\Website.lnk - C:\Program Files (x86)\FreeArc\FreeArc.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\Documentation\FreeArc command line.lnk - C:\Program Files (x86)\FreeArc\Documentation\FreeArc036-eng.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\Documentation\FreeArc GUI.lnk - C:\Program Files (x86)\FreeArc\Documentation\FreeArc-GUI-Eng.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\Documentation\License.lnk - C:\Program Files (x86)\FreeArc\License\License.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\Documentation\What's new.lnk - C:\Program Files (x86)\FreeArc\Documentation\whatsnew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\Documentation (rus)\FreeArc command line.lnk - C:\Program Files (x86)\FreeArc\Documentation\FreeArc040-rus.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\Documentation (rus)\FreeArc GUI.lnk - C:\Program Files (x86)\FreeArc\Documentation\FreeArc-GUI-Rus.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc\Documentation (rus)\What's new.lnk - C:\Program Files (x86)\FreeArc\Documentation\whatsnew-rus.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 7.0 Extensions\Search Engine Optimization (SEO) Toolkit 1.0.lnk - C:\Windows\System32\inetsrv\InetMgr.exe connect:localhost #SEO#
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk - C:\Program Files (x86)\Java\jdk1.7.0_79\bin\jmc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE\LINE Uninstall.lnk - C:\Program Files (x86)\Naver\LINE\LineUnInst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE\LINE.lnk - C:\Program Files (x86)\Naver\LINE\Line.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008\Configuration Tools\SQL Server Installation Center (64-bit).lnk - C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\LandingPage.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Import and Export Data (32-bit).lnk - C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\DTSWizard.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Import and Export Data (64-bit).lnk - C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\DTSWizard.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\SQL Server Data Tools.lnk - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\SQL Server Management Studio.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Analysis Services\Deployment Wizard.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Microsoft.AnalysisServices.Deployment.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Configuration Tools\Reporting Services Configuration Manager.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\RSConfigTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Configuration Tools\SQL Server Configuration Manager.lnk - C:\Windows\SysWOW64\mmc.exe /32 C:\Windows\SysWOW64\SQLServerManager11.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Configuration Tools\SQL Server Error and Usage Reporting.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\Shared\SqlWtsn.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Data Quality Services\Data Quality Client.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\DQ\DataQualityServices.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Data Quality Services\Data Quality Server Installer.lnk - C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\DQSInstaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Documentation & Community\Community Projects & Samples.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Documentation & Community\Manage Help Settings.lnk - C:\Program Files (x86)\Microsoft Help Viewer\v1.0\HelpLibManager.exe /product SQLServer /version 110 /locale en-US /brandingPackage SQLServerHelpBranding.mshc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Documentation & Community\Resource Center.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Documentation & Community\SQL Server Documentation.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Integration Services\Data Profile Viewer.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\DataProfileViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Integration Services\Deployment Wizard.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\ISDeploymentWizard.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Integration Services\Execute Package Utility.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\DTExecUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Integration Services\Project Conversion Wizard.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\ISProjectWizard.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Master Data Services\Master Data Services Configuration Manager.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\Master Data Services\Configuration\MDSConfigTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Performance Tools\Database Engine Tuning Advisor.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\DTASHELL.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Performance Tools\SQL Server Profiler.lnk - C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\PROFILER.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010\Microsoft Visual Studio 2010.lnk - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express\Microsoft Visual C++ 2010 Express.lnk - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\VCExpress.exe

==== shortcuts in Quick Launch ======================

C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CodeBlocks.lnk - C:\Program Files (x86)\CodeBlocks\codeblocks.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeArc.lnk - C:\Program Files (x86)\FreeArc\bin\FreeArc.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.key-find....54HA397EHA397EX
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find....54HA397EHA397EX
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Visual C++ 2010 Express.lnk - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\VCExpress.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -  
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VitalSource Bookshelf.lnk - C:\Windows\Installer\{ACBF0550-A317-4C22-AC93-0DDB73087412}\Bookshelf.exe_9EE4656FD32849489373E6590C1F65B8.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\MsDtsServer110\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\MsDtsServer110\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\MSOLAP$SQL2012\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\MSOLAP$SQL2012\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\MSSQL$SQL2012\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\MSSQL$SQL2012\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\MSSQLFDLauncher$SQL2012\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\MSSQLFDLauncher$SQL2012\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\ReportServer$SQL2012\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\ReportServer$SQL2012\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== shortcuts After Repair ======================

C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinZipper deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B696F285-F54E-2524-58B1-E06A70ABE6BE} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmpbcsvc deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cngaxapi deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FDPRO-516 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\David\AppData\Local\Mozilla\Firefox\Profiles\291lqxa4.default-1418391435005\cache2 emptied successfully
C:\Users\David\AppData\Local\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=15825 folders=3119 5130457442 bytes)

==== Empty Temp Folders ======================

C:\Users\David\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\MsDtsServer110\AppData\Local\Temp emptied successfully
C:\Users\MSOLAP$SQL2012\AppData\Local\Temp emptied successfully
C:\Users\MSSQL$SQL2012\AppData\Local\Temp emptied successfully
C:\Users\MSSQLFDLauncher$SQL2012\AppData\Local\Temp emptied successfully
C:\Users\ReportServer$SQL2012\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\PROGRA~2\WinZipper"  not found
"C:\PROGRA~2\Distressed Stretch"  not found
"C:\PROGRA~2\WinZipper"  not found

==== EOF on 03/07/2015 at  1:02:50,95 ======================
 

 

I will follow your next instruction when i am back on Sunday (+7 GMT)

Thanks you


  • 0

#7
davidhoho

davidhoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello BiscuitHd, i am back. Can you tell me what I should do next?


  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Sorry, long Holiday weekend for me. However, I'm back now.

 

Let's have a look with FRST again and see how things look.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


  • 0

#9
davidhoho

davidhoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

It's okay, i have mine too. hahhaa

 

Here is the result

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by David at 2015-07-06 21:25:20
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1685673173-357443733-221515080-500 - Administrator - Disabled)
David (S-1-5-21-1685673173-357443733-221515080-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1685673173-357443733-221515080-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player Packages (HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Adobe Flash Player Packages) (Version:  - ) <==== ATTENTION
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ATI Catalyst Install Manager (HKLM\...\{127BEDB9-CFBA-91A2-BCC1-A3A21AFA02F6}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Battlefield 2 Complete Collection (HKLM-x32\...\Battlefield 2 Complete Collection_R.G._Element_Arts_is1) (Version: 1.5.3153.802.0 - R.G. Element Arts, Zerstoren)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2011.0407.736.11742 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Packet Tracer 6.2 Student (HKLM-x32\...\Cisco Packet Tracer 6.2 Student_is1) (Version:  - Cisco Systems, Inc.)
CodeBlocks (HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GDR 2218 for SQL Server 2012 (KB2716442) (64-bit) (HKLM\...\KB2716442) (Version: 11.0.2218.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{B86FB076-3531-4AF4-86CC-68CA36BFF48A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
IIS Search Engine Optimization Toolkit 1.0 (HKLM\...\{BC5929D3-9D88-4B35-8E37-CD1F2849292C}) (Version: 1.0.0731 - Microsoft Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Java™ SE Development Kit 6 Update 1 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 Update 1 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
LenovoUsbDriver 1.0.10 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.10 - Lenovo)
LINE (HKLM-x32\...\LINE) (Version: 4.0.3.367 - LINE Corporation)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{BFEF7F89-A8EF-440A-8CBF-90BE1B7DFB7A}) (Version: 15.8.8928.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{587F8B5C-D30D-4EEC-849B-FC410EA38AAF}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 RS Add-in for SharePoint  (HKLM\...\{1527F893-FB8F-45D1-8B83-488E9F5C516C}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{977887EC-1C9B-47FA-8489-88E5E7F43D5E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{03A2AE02-CBC9-4746-A376-0F7BF6AF5F39}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.001.05.00.45 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NetBeans IDE 7.2.1 (HKLM\...\nbi-nb-base-7.2.1.0.201210100934) (Version: 7.2.1 - NetBeans.org)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Rise of Nations Gold (HKLM-x32\...\Rise of Nations Gold_is1) (Version:  - Microsoft)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SQL Server 2012 Analysis Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Distributed Replay (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Master Data Services (Version: 11.0.2218.0 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 RS_SharePoint_SharedService (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
Update 4.0.2 for Microsoft .NET Framework 4 Client Profile (KB2544514) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2544514) (Version: 1 - Microsoft Corporation)
Update 4.0.2 for Microsoft .NET Framework 4 Extended (KB2544514) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2544514) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VitalSource Bookshelf (HKLM-x32\...\{ACBF0550-A317-4C22-AC93-0DDB73087412}) (Version: 6.01.0018 - Ingram Content Group)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.10 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.1 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812ASIA}_is1) (Version:  - Wargaming.net)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1685673173-357443733-221515080-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points =========================

02-07-2015 22:30:10 zoek.exe restore point
03-07-2015 00:34:24 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2015-07-03 00:35 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08A1113C-A2DA-4B2A-883C-44BD490449A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {107B4BE5-F490-445A-ACCE-549F256B8EEC} - System32\Tasks\PCRegistryShield_Popup => C:\Program Files (x86)\PC Registry Shield\Splash.exe <==== ATTENTION
Task: {15F7E6A4-30D5-4C0A-832D-F257AB53FFD6} - System32\Tasks\PCRegistryShield_Start => C:\Program Files (x86)\PC Registry Shield\PcRegistryShield.exe <==== ATTENTION
Task: {25938748-7616-4E43-9632-EC6A53A099FC} - System32\Tasks\{0AB6AF86-822A-4734-BABE-37E5EE267EB9} => C:\Game\Warcraft III\w3l.exe
Task: {2ECA2BD1-1A80-41F9-A26C-C4A4B55E6D47} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {2ED5F245-5710-49C0-A6F6-B29BD5023A8A} - System32\Tasks\{85BFD318-7D84-4871-A7D2-762BFF77EA25} => C:\Game\Warcraft III\w3l.exe
Task: {30DD0ACD-0013-4E52-B72A-3B98C7091978} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-06-30] (Microsoft)
Task: {55FA7F85-E46C-410E-9A45-6AAA167EF060} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-23] (CyberLink)
Task: {6B53199F-814C-4648-8FB4-6C138DB6F16D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {6BAB7E0B-06A9-43E3-901A-4F52E67D4328} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {70DD3BEB-BE15-4BF4-8D26-FB28695BAB02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {79FF2895-84D2-46F4-9267-F299C3A8339B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {8FB05FC7-AED1-4BC0-964A-E42D85BDE710} - \LaunchSignup No Task File <==== ATTENTION
Task: {97FCC845-F557-4706-8859-41F6C4775A84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {B20721BE-F0F3-47D5-9152-9B77291D750C} - System32\Tasks\HPCeeScheduleForDavid => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {B47A7F60-50F9-4475-8B2E-8DFFA4B74633} - System32\Tasks\{AD666397-DC06-4640-B0AA-42A4BBE16AFD} => C:\Game\Warcraft III\w3l.exe
Task: {D07410B1-FA85-4514-92C5-06F55E48E4E7} - System32\Tasks\{96B35852-3F50-4A28-A954-B03FCA8218EC} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30] (Microsoft Corporation)
Task: {D4D36EA5-A92B-4381-B7D6-DD7E4DC58398} - System32\Tasks\AdobeAAMUpdater-1.0-DAVIDHOHO-David => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {F482E15A-101E-47A0-8E53-C739A097BF9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-06-30] (Microsoft)
Task: {F7DF8D19-7D6B-4732-B5F0-26FA08A58452} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDavid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-01-08 07:57 - 2011-01-08 07:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-05 19:49 - 2014-09-11 21:13 - 11021824 _____ () C:\xampp\mysql\bin\mysqld.exe
2013-04-01 19:32 - 2013-04-01 19:32 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-05 19:47 - 2014-07-17 18:18 - 00219648 _____ () C:\xampp\apache\bin\pcre.dll
2015-01-05 19:50 - 2014-11-13 08:41 - 00127488 _____ () C:\xampp\php\libpq.dll
2015-01-05 19:47 - 2014-11-13 08:41 - 00117760 _____ () C:\xampp\apache\bin\libssh2.dll
2015-06-10 15:35 - 2015-06-10 15:35 - 03129368 _____ () C:\Program Files (x86)\Naver\LINE\ampkit_windows.dll
2015-06-10 09:57 - 2015-06-10 09:57 - 00123928 _____ () C:\Program Files (x86)\Naver\LINE\PlayerHelper.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-09 00:39 - 2015-04-09 00:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67e9010a82d780d45c4fd2d359927737\IsdiInterop.ni.dll
2011-06-23 15:42 - 2011-01-13 07:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-03-07 15:39 - 2009-01-19 00:15 - 00344064 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\mmmpcdmx.ax
2013-03-07 15:39 - 2011-11-22 08:10 - 00958743 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-53.dll
2013-03-07 15:39 - 2011-11-22 08:10 - 06245122 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-53.dll
2013-03-07 15:39 - 2011-11-22 08:10 - 00197872 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll
2013-03-07 15:39 - 2011-11-22 08:10 - 00162816 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\libbluray.dll
2013-03-07 15:39 - 2012-04-09 00:40 - 03470848 _____ () C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax
2013-03-07 15:39 - 2011-11-22 08:10 - 00337369 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
2013-03-07 15:39 - 2011-11-22 08:10 - 00127340 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avfilter-lav-2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:55B41E6A

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1685673173-357443733-221515080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk => C:\Windows\pss\HDDlife.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WhatsApp.lnk => C:\Windows\pss\WhatsApp.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6B3740EB-5D99-48F1-B0D2-53B539BCED33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3A4B2587-D697-44D1-BDAE-201688BC23FC}] => (Allow) LPort=2869
FirewallRules: [{809E009A-CE7B-4969-8990-AB43964FE3C3}] => (Allow) LPort=1900
FirewallRules: [{00D5614A-9AE8-4661-8D51-58AA18B43CDE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8B3C2753-344A-4D03-935D-71C9463C29C2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1CF0B2B8-3D1A-4DF9-99A3-2E739EB20CEB}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K13\nba2k13.exe
FirewallRules: [{B4A194DD-D351-40D5-97D5-E3A3DBC4E1C2}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K13\nba2k13.exe
FirewallRules: [{075ECCBD-73B5-492F-9A78-E2DF6962F3A1}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\cstrike-online.exe
FirewallRules: [{1F5DF9C7-81AF-470A-AF90-E01CF3A3BE5A}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\cstrike-online.exe
FirewallRules: [{BC998806-E740-403B-A806-9343D22A574D}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\NMService.exe
FirewallRules: [{A348BB80-9B62-4C94-8B8E-8745364BB51E}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\NMService.exe
FirewallRules: [{614C3048-4256-4F0C-BE16-E97F5D89F7F6}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{7D0CD4F5-8520-42AE-AAD0-A6B5D66134E0}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{A6973349-4389-4418-B8A4-7CF433B910DC}] => (Allow) C:\Users\David\Downloads\Programs\CodecPerformerSetup.exe
FirewallRules: [{0990733B-0955-464D-BA6D-AA5B1E8A4BB6}] => (Allow) C:\Users\David\Downloads\Programs\CodecPerformerSetup.exe
FirewallRules: [{5ACA60A4-8FD6-4CD8-AAE0-3225CC90C7B4}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{B06B07F3-38CE-4230-8654-4B32EA827074}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{78C78202-E329-413C-9D10-0E1BA507AFC1}] => (Allow) C:\GAMES\AuraKingdom\game.bin
FirewallRules: [{DC801EC6-260A-4370-A37E-7E171372DC82}] => (Allow) C:\GAMES\AuraKingdom\game.bin
FirewallRules: [TCP Query User{241564F6-FF73-4B71-B5EB-799C3232AE7F}C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe] => (Allow) C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe
FirewallRules: [UDP Query User{DB3F80BB-A7D0-4921-965F-0FC7211A06AB}C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe] => (Allow) C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe
FirewallRules: [TCP Query User{6A6AB493-35EC-4760-A78C-10A31DC29BD4}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{A4913ABD-DCA1-4293-8E51-E34D771EFC9D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{23F54A62-2D33-4515-AE53-F3E939BAE786}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{2988892D-CE7A-48F9-B41C-7CE19EDC82DB}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{8D91D658-2E6E-451B-BD09-F77639443AA6}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\Spark.exe
FirewallRules: [{AFB0601B-C348-449C-84B9-D230FE4E62F8}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\Spark.exe
FirewallRules: [{190113EB-035D-400E-BBC9-640DE05B4912}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\CrashUL.exe
FirewallRules: [{A5163DA0-3BAA-418D-8346-A8078A68104D}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\CrashUL.exe
FirewallRules: [TCP Query User{ED1F8A2D-2A2B-4798-BD89-34D4101BC132}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{7936885E-68BF-43DE-88F1-583DEEDE9786}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{A9225E45-8C09-4BE9-A3F3-D31625C802F2}] => (Block) C:\Program Files (x86)\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [TCP Query User{5706E12E-4B6B-4364-A277-D4757F8C6D45}C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe] => (Allow) C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe
FirewallRules: [UDP Query User{ED49BCDB-8F6D-4785-B9CE-B903DF32EFF3}C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe] => (Allow) C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe
FirewallRules: [TCP Query User{705435AC-F8B1-4067-B858-C84D34EC3109}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{7669D051-0976-4C82-A9C9-B247D327DDF8}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{87E9AF7D-6069-4B47-8C77-B9141071385E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{D0514609-3A98-4491-ACE0-22A875DC9F08}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{0033148A-C5D6-4E99-98BC-B0CE6A55A87D}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{17EC4BDA-9421-415D-9664-2B46F18D4976}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{92F5E274-3BD1-45B7-B6D5-0B70CD105DA9}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{E81FC4D9-88A6-4FA2-8CED-6CFFCC0261FD}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{8C120001-792A-4D69-8D28-081DE1C0AC57}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{D88BE0EF-6363-4605-BE19-46FF90691F42}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{DAD03EAB-1478-4202-9222-853B38F16CB0}C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{72B3BC66-9774-4502-8BB3-E13C5A63579C}C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{D25FBC46-871C-4356-9103-A73308B17BBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9AA31033-3D4D-43F9-B171-7BF0F36553B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{544CB9E2-03DD-4E62-9A2A-E3780E864A09}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{20A7AF5E-0430-4664-8E13-EEA8F1733061}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{CBD5C76A-ECBE-47B1-89C2-8069E7A8E352}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B7CF26EA-3EFC-4ADA-B9CF-ED605D399193}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{915BD1D5-9B87-4EDD-8482-9F43EC773C79}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{689A810A-EDC6-4618-B0F5-80DE851B9066}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{ACAC4C4F-4C5C-4FF0-9A52-31E7949B1DA3}C:\games\left 4 dead 2\left4dead2.exe] => (Allow) C:\games\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{25266BD3-D02C-47D5-B623-71B833884EF6}C:\games\left 4 dead 2\left4dead2.exe] => (Allow) C:\games\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{D92F72F5-3D5F-4060-A95B-75140A595086}C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe] => (Allow) C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe
FirewallRules: [UDP Query User{23871980-9305-4EB9-949C-BDA231E5054F}C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe] => (Allow) C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe
FirewallRules: [{93765379-A439-4FE3-98DB-B13BFCA5F247}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{57849398-5074-43B4-BCC6-F48B7B0021ED}C:\games\warcraft iii\war3.exe] => (Allow) C:\games\warcraft iii\war3.exe
FirewallRules: [UDP Query User{242D870D-CCC6-4B1E-BCBE-CB5330CEB097}C:\games\warcraft iii\war3.exe] => (Allow) C:\games\warcraft iii\war3.exe
FirewallRules: [{77A76879-AC1F-49B5-B3FF-C668F4289E93}] => (Allow) C:\GAMES\Special Force 2\SpecialForce2\Binaries\Win32\sf2.exe
FirewallRules: [{CE5D343F-C36F-4131-9A31-04EEFA967655}] => (Allow) C:\GAMES\Special Force 2\SpecialForce2\Binaries\Win32\sf2.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2015 00:30:22 PM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012) cannot connect to the report server database.

Error: (07/06/2015 00:29:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2015 09:57:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 37.0.2.5583 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1288

Start Time: 01d0b6f9aa914cbd

Termination Time: 9

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 1dcaeb33-2326-11e5-8c00-cc52afa0a36e

Error: (07/05/2015 03:08:23 PM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012) cannot connect to the report server database.

Error: (07/05/2015 03:07:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 01:02:31 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012) cannot connect to the report server database.

Error: (07/03/2015 01:01:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 00:34:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007ff0017302d
Faulting process id: 0x12dc
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3

Error: (07/03/2015 00:34:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])

Error: (07/03/2015 00:34:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service WinZiper service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (07/06/2015 06:03:32 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2CBC345F-5772-44D4-B02F-07018B0000FF}.
The backup browser is stopping.

Error: (07/06/2015 00:31:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (07/06/2015 00:30:48 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/06/2015 00:30:48 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/06/2015 00:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (07/06/2015 00:30:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (07/06/2015 00:30:23 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/06/2015 00:30:23 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/06/2015 00:29:25 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/06/2015 00:29:25 PM) (Source: W3SVC) (EventID: 1004) (User: )
Description: The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://*:80/ for site 1. The site has been disabled. The data field contains the error number.


Microsoft Office:
=========================
Error: (07/06/2015 00:30:22 PM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012)

Error: (07/06/2015 00:29:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2015 09:57:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe37.0.2.5583128801d0b6f9aa914cbd9C:\Program Files (x86)\Mozilla Firefox\firefox.exe1dcaeb33-2326-11e5-8c00-cc52afa0a36e

Error: (07/05/2015 03:08:23 PM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012)

Error: (07/05/2015 03:07:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 01:02:31 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012)

Error: (07/03/2015 01:01:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 00:34:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DaS_21.exe2.1.0.4540c90b2unknown0.0.0.000000000c0000005000007ff0017302d12dc01d0b4ed5e21f1e9C:\Users\David\AppData\Local\Temp\DaS_21.exeunknown9ef1c5b3-20e0-11e5-be3c-cc52afa0a36e

Error: (07/03/2015 00:34:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at DriverAndServicesOut.GetProcess.GetPathName(System.String)
   at DriverAndServicesOut.GetProcess.GetAllServices(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])

Error: (07/03/2015 00:34:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinZiper service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 62%
Total physical RAM: 4043.86 MB
Available physical RAM: 1499.78 MB
Total Virtual: 8085.93 MB
Available Virtual: 4057.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.51 GB) (Free:13.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (David) (Fixed) (Total:220.53 GB) (Free:10.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B45026AF)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=13.4 GB) - (Type=07 NTFS)

==================== End of log ============================

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by David (administrator) on DAVIDHOHO on 06-07-2015 21:23:43
Running from C:\Users\David\Desktop
Loaded Profiles: David & MsDtsServer110 & MSSQLFDLauncher$SQL2012 & MSOLAP$SQL2012 & ReportServer$SQL2012 & MSSQL$SQL2012 (Available Profiles: David & MsDtsServer110 & MSSQLFDLauncher$SQL2012 & MSOLAP$SQL2012 & ReportServer$SQL2012 & MSSQL$SQL2012)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\bin\msmdsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe
() C:\xampp\mysql\bin\mysqld.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.SQL2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Users\David\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdhost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(MPC-HC Team) C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
(Farbar) C:\Users\David\Desktop\FRST64_2.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-30] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [13491224 2015-06-10] (LINE Corporation)
HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3417496 2011-08-31] (Tonec Inc.)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d.lnk [2015-06-10]
ShortcutTarget: d.lnk -> C:\Users\David\AppData\Roaming\obfavqufsr.exe (No File)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2011-05-30] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{075D9B8C-0025-4FC3-B6CF-A58F1C996B6E}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1B86BCA7-6621-4E16-9860-B4B15399D217}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CBC345F-5772-44D4-B02F-07018B0000FF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{356C5CBD-3163-44AE-A8D8-E98B1DF5B446}: [NameServer] 10.0.28.18 10.0.28.3
Tcpip\..\Interfaces\{521BB429-17C4-4E6C-BE52-42869AC3D700}: [NameServer] 10.0.28.18 10.0.28.3
Tcpip\..\Interfaces\{7DE099D1-FF3E-4FE4-AADC-4C14A4C2ABF0}: [NameServer] 192.168.130.28 0.0.0.0
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-15] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1685673173-357443733-221515080-1000: LWAPlugin15.8 -> C:\Users\David\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2014-11-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2014-11-13] (Microsoft Corporation)
FF Extension: Ant Video Downloader - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\Extensions\[email protected] [2015-05-29]
FF Extension: Download YouTube Videos as MP4 - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-05-18]
FF Extension: Adblock Edge - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-06-28]
FF HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\David\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\David\AppData\Roaming\IDM\idmmzcc5 [2014-08-08]
FF HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\David\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-30]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-30]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-30]
CHR Extension: (IDM Integration Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-1685673173-357443733-221515080-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2014-07-17] (Apache Software Foundation) [File not signed]
S2 FileZilla Server; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-19] (Realsil Microelectronics Inc.) [File not signed]
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218040 2012-06-12] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSOLAP$SQL2012; C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
R2 MSSQL$SQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [11021824 2014-09-11] () [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-01] ()
R2 ReportServer$SQL2012; C:\Program Files\Microsoft SQL Server\MSRS11.SQL2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348632 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S3 SQLAgent$SQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation)
R2 VSSS; C:\Users\David\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [98107264 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 AntiVirMailService; "C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe" [X]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\Antivirus\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\Antivirus\avguard.exe" [X]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe" [X]
S2 Distressed Stretch; "C:\Program Files (x86)\Distressed Stretch\Distressed Stretch.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 plkusbser; C:\Windows\System32\DRIVERS\plkusbser.sys [113664 2008-01-23] (QUALCOMM Incorporated)
R1 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 esyvrrjc; \??\C:\Windows\system32\drivers\esyvrrjc.sys [X]
S3 hxsyol; \??\C:\GAMES\AuraKingdom\avital\hxsy64.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S1 kvbqyqvg; \??\C:\Windows\system32\drivers\kvbqyqvg.sys [X]
S1 ojqlethn; \??\C:\Windows\system32\drivers\ojqlethn.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Spring64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 21:22 - 2015-07-06 21:22 - 02112512 _____ (Farbar) C:\Users\David\Desktop\FRST64_2.exe
2015-07-06 13:40 - 2015-07-06 13:40 - 00352768 _____ C:\Users\David\Desktop\bnmc expo.fla
2015-07-06 13:31 - 2015-07-06 13:31 - 00864285 _____ C:\Users\David\Desktop\Presentation-BNMC.pptx
2015-07-06 12:30 - 2015-07-06 12:30 - 01415680 _____ (wj32) C:\Program Files\LY8IS5FD.exe
2015-07-06 12:29 - 2015-07-06 12:29 - 01415680 _____ (wj32) C:\Program Files\PZCMW6J9.exe
2015-07-06 12:29 - 2015-07-06 12:29 - 01415680 _____ (wj32) C:\Program Files\NRY2VZ6V.exe
2015-07-05 21:50 - 2015-07-05 21:50 - 00000000 ____D C:\Users\David\Desktop\PJJ ANGKATAN 15-2
2015-07-05 15:08 - 2015-07-05 15:08 - 01415680 _____ (wj32) C:\Program Files\1EOY8LV5.exe
2015-07-05 15:07 - 2015-07-05 15:07 - 01415680 _____ (wj32) C:\Program Files\IX047MKJ.exe
2015-07-05 15:07 - 2015-07-05 15:07 - 01415680 _____ (wj32) C:\Program Files\GK0ANX75.exe
2015-07-05 15:07 - 2015-07-05 15:07 - 01415680 _____ (wj32) C:\Program Files\0FIMP480.exe
2015-07-03 01:03 - 2015-07-03 01:03 - 01415680 _____ (wj32) C:\Program Files\U15Y29D2.exe
2015-07-03 01:02 - 2015-07-03 01:02 - 01415680 _____ (wj32) C:\Program Files\Z9JW6JTG.exe
2015-07-03 01:02 - 2015-07-03 01:02 - 01415680 _____ (wj32) C:\Program Files\DHOSZVZR.exe
2015-07-03 01:02 - 2015-07-03 01:02 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
2015-07-03 00:57 - 2015-07-03 00:33 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-02 22:30 - 2015-07-03 01:02 - 00055147 _____ C:\zoek-results.log
2015-07-02 22:23 - 2015-07-03 00:51 - 00000000 ____D C:\zoek_backup
2015-07-02 22:21 - 2015-07-02 22:21 - 01308672 _____ C:\Users\David\Desktop\zoek.exe
2015-07-02 09:28 - 2015-07-02 09:28 - 01415680 _____ (wj32) C:\Program Files\HAHLSW3V.exe
2015-07-02 09:28 - 2015-07-02 09:28 - 01415680 _____ (wj32) C:\Program Files\AHLEIPTI.exe
2015-07-02 09:28 - 2015-07-02 09:28 - 01415680 _____ (wj32) C:\Program Files\8FJCGNRG.exe
2015-07-02 09:28 - 2015-07-02 09:28 - 01415680 _____ (wj32) C:\Program Files\7B4BFJN4.exe
2015-07-02 09:27 - 2015-07-02 09:27 - 01415680 _____ (wj32) C:\Program Files\OSZ37B7W.exe
2015-07-02 09:27 - 2015-07-02 09:27 - 01415680 _____ (wj32) C:\Program Files\IS2FPZ9W.exe
2015-07-02 09:27 - 2015-07-02 09:27 - 01415680 _____ (wj32) C:\Program Files\3BLY8ISK.exe
2015-07-01 21:18 - 2015-07-01 21:18 - 00001044 _____ C:\Users\David\Desktop\w3l - Shortcut.lnk
2015-07-01 19:41 - 2015-07-01 19:41 - 01415680 _____ (wj32) C:\Program Files\GT3GK3G6.exe
2015-07-01 19:38 - 2015-07-01 19:39 - 00262144 _____ C:\Windows\Minidump\070115-40778-01.dmp
2015-07-01 19:33 - 2015-07-01 19:33 - 02244096 _____ C:\Users\David\Desktop\AdwCleaner.exe
2015-07-01 19:16 - 2015-07-01 19:16 - 01415680 _____ (wj32) C:\Program Files\N9K9P6JI.exe
2015-07-01 19:15 - 2015-07-01 19:15 - 01415680 _____ (wj32) C:\Program Files\LPIPTX1T.exe
2015-07-01 19:15 - 2015-07-01 19:15 - 01415680 _____ (wj32) C:\Program Files\07BIBFJ0.exe
2015-07-01 17:42 - 2015-07-01 17:42 - 00001541 _____ C:\Users\David\Desktop\abcd - Shortcut.lnk
2015-07-01 17:40 - 2015-07-01 19:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-01 17:40 - 2015-07-01 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-01 17:30 - 2015-07-01 17:30 - 01415680 _____ (wj32) C:\Program Files\DEC7RG8G.exe
2015-07-01 17:29 - 2015-07-01 17:29 - 01415680 _____ (wj32) C:\Program Files\Z3707BFK.exe
2015-07-01 17:29 - 2015-07-01 17:29 - 01415680 _____ (wj32) C:\Program Files\KU4HMW64.exe
2015-07-01 17:29 - 2015-07-01 17:29 - 01415680 _____ (wj32) C:\Program Files\37BIBFJB.exe
2015-07-01 17:25 - 2015-07-01 17:26 - 00262144 _____ C:\Windows\Minidump\070115-37221-01.dmp
2015-07-01 16:37 - 2015-07-06 21:24 - 00026121 _____ C:\Users\David\Desktop\FRST.txt
2015-07-01 16:37 - 2015-07-06 21:23 - 00000000 ____D C:\FRST
2015-07-01 16:35 - 2015-07-01 16:36 - 02112512 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-07-01 16:35 - 2015-07-01 16:36 - 01636352 _____ (Farbar) C:\Users\David\Desktop\FRST.exe
2015-07-01 16:17 - 2015-07-03 04:05 - 00000000 _____ C:\dfu.log
2015-07-01 10:08 - 2015-07-06 20:17 - 00014364 _____ C:\Users\David\Documents\Juli.xlsx
2015-07-01 09:26 - 2015-07-01 09:26 - 01415680 _____ (wj32) C:\Program Files\KU159DKS.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 01415680 _____ (wj32) C:\Program Files\ZSZ37BIW.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 01415680 _____ (wj32) C:\Program Files\OSZ3W07L.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 01415680 _____ (wj32) C:\Program Files\IS0AKUSN.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 01415680 _____ (wj32) C:\Program Files\G5JKCH95.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 01415680 _____ (wj32) C:\Program Files\4BFJNJNF.exe
2015-06-30 15:21 - 2015-07-01 01:14 - 00036864 _____ C:\Users\David\Desktop\SE Rev1.xls
2015-06-30 10:52 - 2015-06-30 10:52 - 01415680 _____ (wj32) C:\Program Files\JW6GK3DN.exe
2015-06-30 10:52 - 2015-06-30 10:52 - 01415680 _____ (wj32) C:\Program Files\9DHLSLPT.exe
2015-06-30 10:52 - 2015-06-30 10:52 - 01415680 _____ (wj32) C:\Program Files\7BF8FJNR.exe
2015-06-29 12:00 - 2015-06-29 12:00 - 00000000 _____ C:\Users\David\AppData\Local\Temp.dat
2015-06-29 11:06 - 2015-06-29 11:06 - 01415680 _____ (wj32) C:\Program Files\OSWSW07W.exe
2015-06-29 11:06 - 2015-06-29 11:06 - 01415680 _____ (wj32) C:\Program Files\8IS2FPZX.exe
2015-06-28 17:10 - 2015-06-28 17:10 - 01415680 _____ (wj32) C:\Program Files\OSW3737F.exe
2015-06-28 17:09 - 2015-06-28 17:09 - 01415680 _____ (wj32) C:\Program Files\SWPW048J.exe
2015-06-28 17:09 - 2015-06-28 17:09 - 01415680 _____ (wj32) C:\Program Files\E7BIMKU5.exe
2015-06-27 15:33 - 2015-06-27 15:35 - 00000000 ____D C:\Windows\rescache
2015-06-27 12:59 - 2015-06-27 12:59 - 01415680 _____ (wj32) C:\Program Files\OKOSW37O.exe
2015-06-27 12:58 - 2015-06-27 12:58 - 01415680 _____ (wj32) C:\Program Files\EOYBLV5Y.exe
2015-06-27 01:05 - 2015-06-30 22:28 - 00008832 _____ C:\Users\David\Desktop\Book1.xlsx
2015-06-26 17:28 - 2015-06-26 17:28 - 01415680 _____ (wj32) C:\Program Files\XVIG83K6.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 01415680 _____ (wj32) C:\Program Files\UY5959D5.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 01415680 _____ (wj32) C:\Program Files\26A3AEIA.exe
2015-06-26 11:47 - 2015-06-26 11:47 - 00001456 _____ C:\Users\David\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-26 09:24 - 2015-06-26 09:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-26 09:24 - 2015-06-26 09:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-26 02:12 - 2012-02-11 15:43 - 00253016 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL
2015-06-25 11:39 - 2015-06-25 11:39 - 01415680 _____ (wj32) C:\Program Files\R1BOY8IV.exe
2015-06-25 11:38 - 2015-06-25 11:38 - 01415680 _____ (wj32) C:\Program Files\6AELEIMT.exe
2015-06-25 11:26 - 2015-06-25 11:26 - 01415680 _____ (wj32) C:\Program Files\LPTPTX12.exe
2015-06-25 11:26 - 2015-06-25 11:26 - 01415680 _____ (wj32) C:\Program Files\9MW6G2PN.exe
2015-06-25 11:25 - 2015-06-25 11:25 - 01415680 _____ (wj32) C:\Program Files\HLSW6Z6E.exe
2015-06-25 11:00 - 2015-04-18 10:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-25 11:00 - 2015-04-18 09:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-25 10:59 - 2015-05-26 01:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-25 10:59 - 2015-05-26 01:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-25 10:59 - 2015-05-26 01:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-25 10:59 - 2015-05-26 01:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-25 10:59 - 2015-05-26 01:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-25 10:59 - 2015-05-26 01:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-25 10:59 - 2015-05-26 01:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-25 10:59 - 2015-05-26 01:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-25 10:59 - 2015-05-26 01:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-25 10:59 - 2015-05-26 00:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-25 10:59 - 2015-05-26 00:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-25 10:59 - 2015-05-26 00:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-25 10:59 - 2015-05-26 00:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-25 10:59 - 2015-05-26 00:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-25 10:59 - 2015-05-26 00:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-25 10:59 - 2015-05-25 23:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-25 10:59 - 2015-05-25 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-25 10:59 - 2015-05-25 23:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-25 10:59 - 2015-05-25 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-25 10:59 - 2015-05-25 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-25 10:59 - 2015-05-25 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-25 10:59 - 2015-04-30 01:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-25 10:59 - 2015-04-30 01:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-25 10:59 - 2015-04-30 01:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-25 10:59 - 2015-04-30 01:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-25 10:59 - 2015-04-30 01:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-25 10:59 - 2015-04-30 01:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-25 10:59 - 2015-04-30 01:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-25 10:59 - 2015-04-30 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-25 10:59 - 2015-04-30 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-25 10:59 - 2015-04-30 01:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-25 10:45 - 2015-06-25 10:45 - 01415680 _____ (wj32) C:\Program Files\IMTX15C2.exe
2015-06-25 10:44 - 2015-06-25 10:44 - 01415680 _____ (wj32) C:\Program Files\W3AHLHOD.exe
2015-06-25 10:38 - 2015-06-25 10:38 - 01415680 _____ (wj32) C:\Program Files\SW3704BM.exe
2015-06-25 07:40 - 2015-05-01 20:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-25 07:40 - 2015-05-01 20:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-25 07:13 - 2015-01-09 10:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-25 07:13 - 2015-01-09 10:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-25 07:13 - 2015-01-09 10:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-25 07:13 - 2015-01-09 09:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-06-25 06:38 - 2015-04-13 10:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-25 06:37 - 2015-05-23 01:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-25 06:37 - 2015-05-23 01:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-25 06:37 - 2015-05-21 20:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-25 06:37 - 2015-01-28 06:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-06-25 06:36 - 2015-04-25 01:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-25 06:36 - 2015-04-25 00:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-25 06:36 - 2015-04-20 10:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-25 06:36 - 2015-04-20 10:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-25 06:36 - 2015-04-20 09:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-25 06:36 - 2015-04-08 10:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-25 06:36 - 2015-04-08 10:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-25 06:36 - 2015-03-25 10:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-25 06:36 - 2015-03-25 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-25 06:36 - 2015-03-25 10:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-25 06:36 - 2015-03-25 10:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-25 06:36 - 2015-03-10 10:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-25 06:36 - 2015-03-10 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-25 06:36 - 2015-03-10 10:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-06-25 06:36 - 2015-03-10 10:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-06-25 06:36 - 2015-03-05 12:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-25 06:36 - 2015-03-05 11:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-06-25 06:36 - 2015-01-29 10:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-25 06:36 - 2015-01-29 10:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-25 06:36 - 2012-06-01 12:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-06-25 06:36 - 2012-06-01 12:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-06-25 06:36 - 2012-06-01 12:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-06-25 06:36 - 2012-06-01 12:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-06-25 06:36 - 2012-06-01 12:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-06-25 06:36 - 2012-06-01 12:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-06-25 06:36 - 2012-06-01 11:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-06-25 06:36 - 2012-06-01 11:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-06-25 06:36 - 2012-06-01 11:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-06-25 06:36 - 2012-06-01 11:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-06-25 06:36 - 2012-06-01 11:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-06-25 06:36 - 2012-06-01 11:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-06-25 06:35 - 2015-05-26 00:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-25 06:34 - 2015-05-31 08:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-25 06:34 - 2015-05-31 07:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-25 06:34 - 2015-05-31 07:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-25 06:34 - 2015-05-31 07:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-25 06:34 - 2015-05-31 07:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-25 06:34 - 2015-05-31 07:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-25 06:34 - 2015-05-31 07:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-25 06:34 - 2015-05-31 07:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-25 06:34 - 2015-05-31 07:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-25 06:34 - 2015-05-31 07:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-25 06:34 - 2015-05-31 07:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-25 06:34 - 2015-05-31 06:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-25 06:34 - 2015-05-31 06:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-25 06:34 - 2015-05-31 06:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-25 06:34 - 2015-05-31 06:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-25 06:34 - 2015-05-31 06:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-25 06:34 - 2015-05-31 06:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-25 06:34 - 2015-05-31 06:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-25 06:34 - 2015-05-31 06:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-25 06:34 - 2015-05-31 06:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-25 06:34 - 2015-05-31 06:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-25 06:34 - 2015-05-31 06:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-25 06:34 - 2015-05-31 06:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-25 06:34 - 2015-05-31 06:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-25 06:34 - 2015-05-31 06:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-25 06:34 - 2015-04-11 10:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-25 06:34 - 2015-02-25 10:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-25 06:34 - 2015-02-18 14:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-06-25 06:34 - 2015-02-18 14:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-25 06:32 - 2015-03-04 11:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-25 06:32 - 2015-03-04 11:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-25 06:32 - 2015-03-04 11:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-25 06:32 - 2015-03-04 11:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-25 06:32 - 2015-03-04 11:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-25 06:32 - 2015-03-04 11:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-25 06:32 - 2015-03-04 11:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-06-25 06:32 - 2015-03-04 11:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-06-25 06:32 - 2015-03-04 11:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-25 06:32 - 2015-03-04 11:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-25 06:04 - 2015-06-25 06:04 - 00002976 _____ C:\Windows\System32\Tasks\{96B35852-3F50-4A28-A954-B03FCA8218EC}
2015-06-25 06:02 - 2015-06-25 06:02 - 00002117 _____ C:\Users\David\Desktop\Microsoft Security Essentials.lnk
2015-06-25 06:00 - 2015-06-25 06:00 - 01415680 _____ (wj32) C:\Program Files\SHPK3KC5.exe
2015-06-25 06:00 - 2015-06-25 06:00 - 01415680 _____ (wj32) C:\Program Files\JNRY26AR.exe
2015-06-25 06:00 - 2015-06-25 06:00 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-25 06:00 - 2015-06-25 06:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-25 06:00 - 2015-06-25 06:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-25 05:32 - 2015-06-25 05:32 - 01415680 _____ (wj32) C:\Program Files\X2IH05I5.exe
2015-06-25 05:32 - 2015-06-25 05:32 - 01415680 _____ (wj32) C:\Program Files\FMKU159K.exe
2015-06-25 05:31 - 2015-06-25 05:31 - 01415680 _____ (wj32) C:\Program Files\CG9DKOGU.exe
2015-06-25 05:30 - 2015-06-25 05:30 - 01415680 _____ (wj32) C:\Program Files\AZIKFNFG.exe
2015-06-25 05:30 - 2015-06-25 05:30 - 01415680 _____ (wj32) C:\Program Files\48CJNRK9.exe
2015-06-25 05:27 - 2015-06-25 05:27 - 01415680 _____ (wj32) C:\Program Files\4818CJNM.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\OVZ3737T.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\L15AEUNF.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\BOK9PO4D.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\9VONCHCP.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\9GKOSZ3K.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\6BLV8IV0.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\5Y59DHO2.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\59DKOSLJ.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 01415680 _____ (wj32) C:\Program Files\3GK0ANXV.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 01415680 _____ (wj32) C:\Program Files\HR1BJT3Y.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 01415680 _____ (wj32) C:\Program Files\ER12159T.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 01415680 _____ (wj32) C:\Program Files\BLV8IS20.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 01415680 _____ (wj32) C:\Program Files\8LV8IS2S.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 01415680 _____ (wj32) C:\Program Files\VRVZ3AES.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 01415680 _____ (wj32) C:\Program Files\3W04BFJ6.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 01415680 _____ (wj32) C:\Program Files\15929AHP.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 01415680 _____ (wj32) C:\Program Files\LV8ISXAK.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 01415680 _____ (wj32) C:\Program Files\EIMKX15Y.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 01415680 _____ (wj32) C:\Program Files\CGKRKOS3.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 01415680 _____ (wj32) C:\Program Files\8CGCGKO5.exe
2015-06-24 09:48 - 2015-06-24 09:48 - 01415680 _____ (wj32) C:\Program Files\KLJH4WCB.exe
2015-06-24 09:47 - 2015-06-24 09:47 - 01415680 _____ (wj32) C:\Program Files\HR1EOY8L.exe
2015-06-23 15:11 - 2015-06-23 15:11 - 01415680 _____ (wj32) C:\Program Files\CMW6JT31.exe
2015-06-14 18:04 - 2015-07-01 19:54 - 00000000 ____D C:\Users\David\Desktop\uas

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 21:00 - 2013-09-02 08:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-06 20:53 - 2015-01-30 12:37 - 00001012 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-06 20:45 - 2011-06-23 15:43 - 01521309 _____ C:\Windows\WindowsUpdate.log
2015-07-06 17:30 - 2015-01-06 20:24 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2015-07-06 12:37 - 2015-01-14 23:04 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2015-07-06 12:36 - 2009-07-14 11:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-06 12:36 - 2009-07-14 11:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-06 12:28 - 2015-01-30 12:37 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-06 12:28 - 2014-07-03 19:56 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-06 12:27 - 2015-01-06 20:24 - 00000200 _____ C:\Windows\Tasks\AutoKMS.job
2015-07-06 12:27 - 2014-06-18 18:53 - 00085150 _____ C:\Windows\setupact.log
2015-07-06 12:27 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-05 21:58 - 2013-03-07 15:41 - 00000000 ____D C:\Users\David\AppData\Roaming\DMCache
2015-07-05 21:48 - 2009-07-14 12:13 - 01021254 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 20:23 - 2015-04-09 20:10 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDavid
2015-07-05 20:23 - 2015-04-09 20:10 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForDavid.job
2015-07-03 01:02 - 2015-04-10 18:05 - 00000000 ____D C:\Users\MSSQLFDLauncher$SQL2012
2015-07-03 01:01 - 2013-05-31 22:33 - 00000008 __RSH C:\Users\David\ntuser.pol
2015-07-03 01:01 - 2013-03-03 12:57 - 00000000 ____D C:\Users\David
2015-07-03 00:59 - 2014-06-25 08:23 - 00519420 _____ C:\Windows\PFRO.log
2015-07-03 00:34 - 2013-03-06 14:06 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2015-07-02 22:58 - 2015-04-21 10:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-02 22:58 - 2014-11-12 20:13 - 00000000 ____D C:\Users\David\AppData\Roaming\Fighters
2015-07-02 22:58 - 2014-11-12 20:13 - 00000000 ____D C:\ProgramData\Fighters
2015-07-02 22:58 - 2009-07-14 10:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-02 22:58 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-02 14:38 - 2013-03-21 18:19 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-01 19:38 - 2013-12-03 09:02 - 00000000 ____D C:\Windows\Minidump
2015-07-01 19:38 - 2013-03-11 11:19 - 00000000 ____D C:\ProgramData\Avira
2015-07-01 19:37 - 2015-01-16 23:44 - 00000000 ____D C:\AdwCleaner
2015-07-01 19:11 - 2013-03-08 18:36 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-01 18:04 - 2015-01-16 23:48 - 00000000 ____D C:\Users\David\Desktop\3teria
2015-07-01 17:30 - 2015-03-11 09:04 - 00002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2015-07-01 17:30 - 2014-07-05 10:47 - 00100296 _____ C:\Windows\AutoKMS.log
2015-07-01 10:08 - 2015-06-01 20:55 - 00014870 _____ C:\Users\David\Documents\Juni.xlsx
2015-06-30 11:57 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\tracing
2015-06-27 13:01 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-26 12:09 - 2015-04-10 21:04 - 00000132 _____ C:\Users\David\AppData\Roaming\Adobe PNG Format CC Prefs
2015-06-26 11:47 - 2015-01-14 23:04 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2015-06-26 09:47 - 2015-01-22 16:52 - 00047324 _____ C:\Windows\IE11_main.log
2015-06-26 02:48 - 2015-04-10 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2015-06-26 02:41 - 2013-03-03 15:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-26 02:40 - 2013-04-17 18:07 - 01007166 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-26 02:40 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-06-26 02:17 - 2013-09-06 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2015-06-26 02:03 - 2015-03-18 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-06-26 02:03 - 2015-03-18 12:05 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-25 11:34 - 2013-03-07 19:34 - 00000000 ____D C:\Windows\pss
2015-06-25 10:45 - 2015-04-11 23:41 - 00022316 _____ C:\Windows\iis7.log
2015-06-25 10:43 - 2009-07-14 11:45 - 05143096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-25 10:39 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-06-25 10:39 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-25 10:39 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-25 07:39 - 2015-01-22 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-25 07:38 - 2015-01-22 00:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-25 07:38 - 2015-01-22 00:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-25 06:00 - 2014-01-05 08:37 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-24 11:00 - 2013-09-02 08:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 11:00 - 2013-03-03 13:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 11:00 - 2013-03-03 13:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 06:55 - 2015-01-30 12:40 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-21 16:46 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-14 09:03 - 2015-04-10 18:06 - 00000000 ____D C:\Users\MsDtsServer110
2015-06-14 03:02 - 2014-06-10 23:43 - 00000000 ____D C:\Users\David\AppData\Local\Windows Live
2015-06-13 14:14 - 2015-05-30 20:51 - 00000000 ____D C:\Users\David\Desktop\infinity challenge duet songs
2015-06-11 22:51 - 2013-05-31 18:31 - 00000000 ____D C:\Users\David\AppData\Roaming\IDM
2015-06-11 15:47 - 2014-02-04 01:17 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-06-11 15:47 - 2014-02-04 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-06-08 09:51 - 2013-08-09 12:41 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
2015-06-07 01:06 - 2015-05-25 20:48 - 00001166 _____ C:\Users\David\Desktop\IC.txt
2015-06-06 10:46 - 2014-02-08 22:03 - 00000000 ____D C:\Users\David\Desktop\BNMC

==================== Files in the root of some directories =======

2015-07-01 19:15 - 2015-07-01 19:15 - 1415680 _____ (wj32) C:\Program Files\07BIBFJ0.exe
2015-07-05 15:07 - 2015-07-05 15:07 - 1415680 _____ (wj32) C:\Program Files\0FIMP480.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 1415680 _____ (wj32) C:\Program Files\15929AHP.exe
2015-07-05 15:08 - 2015-07-05 15:08 - 1415680 _____ (wj32) C:\Program Files\1EOY8LV5.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 1415680 _____ (wj32) C:\Program Files\26A3AEIA.exe
2015-07-01 17:29 - 2015-07-01 17:29 - 1415680 _____ (wj32) C:\Program Files\37BIBFJB.exe
2015-07-02 09:27 - 2015-07-02 09:27 - 1415680 _____ (wj32) C:\Program Files\3BLY8ISK.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\3GK0ANXV.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 1415680 _____ (wj32) C:\Program Files\3W04BFJ6.exe
2015-06-25 05:27 - 2015-06-25 05:27 - 1415680 _____ (wj32) C:\Program Files\4818CJNM.exe
2015-06-25 05:30 - 2015-06-25 05:30 - 1415680 _____ (wj32) C:\Program Files\48CJNRK9.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 1415680 _____ (wj32) C:\Program Files\4BFJNJNF.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\59DKOSLJ.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\5Y59DHO2.exe
2015-06-25 11:38 - 2015-06-25 11:38 - 1415680 _____ (wj32) C:\Program Files\6AELEIMT.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\6BLV8IV0.exe
2015-07-02 09:28 - 2015-07-02 09:28 - 1415680 _____ (wj32) C:\Program Files\7B4BFJN4.exe
2015-06-30 10:52 - 2015-06-30 10:52 - 1415680 _____ (wj32) C:\Program Files\7BF8FJNR.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 1415680 _____ (wj32) C:\Program Files\8CGCGKO5.exe
2015-07-02 09:28 - 2015-07-02 09:28 - 1415680 _____ (wj32) C:\Program Files\8FJCGNRG.exe
2015-06-29 11:06 - 2015-06-29 11:06 - 1415680 _____ (wj32) C:\Program Files\8IS2FPZX.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 1415680 _____ (wj32) C:\Program Files\8LV8IS2S.exe
2015-06-30 10:52 - 2015-06-30 10:52 - 1415680 _____ (wj32) C:\Program Files\9DHLSLPT.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\9GKOSZ3K.exe
2015-06-25 11:26 - 2015-06-25 11:26 - 1415680 _____ (wj32) C:\Program Files\9MW6G2PN.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\9VONCHCP.exe
2015-07-02 09:28 - 2015-07-02 09:28 - 1415680 _____ (wj32) C:\Program Files\AHLEIPTI.exe
2015-06-25 05:30 - 2015-06-25 05:30 - 1415680 _____ (wj32) C:\Program Files\AZIKFNFG.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 1415680 _____ (wj32) C:\Program Files\BLV8IS20.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\BOK9PO4D.exe
2015-06-25 05:31 - 2015-06-25 05:31 - 1415680 _____ (wj32) C:\Program Files\CG9DKOGU.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 1415680 _____ (wj32) C:\Program Files\CGKRKOS3.exe
2015-06-23 15:11 - 2015-06-23 15:11 - 1415680 _____ (wj32) C:\Program Files\CMW6JT31.exe
2015-07-01 17:30 - 2015-07-01 17:30 - 1415680 _____ (wj32) C:\Program Files\DEC7RG8G.exe
2015-07-03 01:02 - 2015-07-03 01:02 - 1415680 _____ (wj32) C:\Program Files\DHOSZVZR.exe
2015-06-28 17:09 - 2015-06-28 17:09 - 1415680 _____ (wj32) C:\Program Files\E7BIMKU5.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 1415680 _____ (wj32) C:\Program Files\EIMKX15Y.exe
2015-06-27 12:58 - 2015-06-27 12:58 - 1415680 _____ (wj32) C:\Program Files\EOYBLV5Y.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 1415680 _____ (wj32) C:\Program Files\ER12159T.exe
2015-06-25 05:32 - 2015-06-25 05:32 - 1415680 _____ (wj32) C:\Program Files\FMKU159K.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 1415680 _____ (wj32) C:\Program Files\G5JKCH95.exe
2015-07-05 15:07 - 2015-07-05 15:07 - 1415680 _____ (wj32) C:\Program Files\GK0ANX75.exe
2015-07-01 19:41 - 2015-07-01 19:41 - 1415680 _____ (wj32) C:\Program Files\GT3GK3G6.exe
2015-07-02 09:28 - 2015-07-02 09:28 - 1415680 _____ (wj32) C:\Program Files\HAHLSW3V.exe
2015-06-25 11:25 - 2015-06-25 11:25 - 1415680 _____ (wj32) C:\Program Files\HLSW6Z6E.exe
2015-06-25 05:21 - 2015-06-25 05:21 - 1415680 _____ (wj32) C:\Program Files\HR1BJT3Y.exe
2015-06-24 09:47 - 2015-06-24 09:47 - 1415680 _____ (wj32) C:\Program Files\HR1EOY8L.exe
2015-06-25 10:45 - 2015-06-25 10:45 - 1415680 _____ (wj32) C:\Program Files\IMTX15C2.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 1415680 _____ (wj32) C:\Program Files\IS0AKUSN.exe
2015-07-02 09:27 - 2015-07-02 09:27 - 1415680 _____ (wj32) C:\Program Files\IS2FPZ9W.exe
2015-07-05 15:07 - 2015-07-05 15:07 - 1415680 _____ (wj32) C:\Program Files\IX047MKJ.exe
2015-06-25 06:00 - 2015-06-25 06:00 - 1415680 _____ (wj32) C:\Program Files\JNRY26AR.exe
2015-06-30 10:52 - 2015-06-30 10:52 - 1415680 _____ (wj32) C:\Program Files\JW6GK3DN.exe
2015-06-24 09:48 - 2015-06-24 09:48 - 1415680 _____ (wj32) C:\Program Files\KLJH4WCB.exe
2015-07-01 09:26 - 2015-07-01 09:26 - 1415680 _____ (wj32) C:\Program Files\KU159DKS.exe
2015-07-01 17:29 - 2015-07-01 17:29 - 1415680 _____ (wj32) C:\Program Files\KU4HMW64.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\L15AEUNF.exe
2015-07-01 19:15 - 2015-07-01 19:15 - 1415680 _____ (wj32) C:\Program Files\LPIPTX1T.exe
2015-06-25 11:26 - 2015-06-25 11:26 - 1415680 _____ (wj32) C:\Program Files\LPTPTX12.exe
2015-06-25 05:15 - 2015-06-25 05:15 - 1415680 _____ (wj32) C:\Program Files\LV8ISXAK.exe
2015-07-06 12:30 - 2015-07-06 12:30 - 1415680 _____ (wj32) C:\Program Files\LY8IS5FD.exe
2015-07-01 19:16 - 2015-07-01 19:16 - 1415680 _____ (wj32) C:\Program Files\N9K9P6JI.exe
2015-07-06 12:29 - 2015-07-06 12:29 - 1415680 _____ (wj32) C:\Program Files\NRY2VZ6V.exe
2015-06-27 12:59 - 2015-06-27 12:59 - 1415680 _____ (wj32) C:\Program Files\OKOSW37O.exe
2015-06-28 17:10 - 2015-06-28 17:10 - 1415680 _____ (wj32) C:\Program Files\OSW3737F.exe
2015-06-29 11:06 - 2015-06-29 11:06 - 1415680 _____ (wj32) C:\Program Files\OSWSW07W.exe
2015-07-02 09:27 - 2015-07-02 09:27 - 1415680 _____ (wj32) C:\Program Files\OSZ37B7W.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 1415680 _____ (wj32) C:\Program Files\OSZ3W07L.exe
2015-06-25 05:22 - 2015-06-25 05:22 - 1415680 _____ (wj32) C:\Program Files\OVZ3737T.exe
2015-07-06 12:29 - 2015-07-06 12:29 - 1415680 _____ (wj32) C:\Program Files\PZCMW6J9.exe
2015-06-25 11:39 - 2015-06-25 11:39 - 1415680 _____ (wj32) C:\Program Files\R1BOY8IV.exe
2015-06-25 06:00 - 2015-06-25 06:00 - 1415680 _____ (wj32) C:\Program Files\SHPK3KC5.exe
2015-06-25 10:38 - 2015-06-25 10:38 - 1415680 _____ (wj32) C:\Program Files\SW3704BM.exe
2015-06-28 17:09 - 2015-06-28 17:09 - 1415680 _____ (wj32) C:\Program Files\SWPW048J.exe
2015-07-03 01:03 - 2015-07-03 01:03 - 1415680 _____ (wj32) C:\Program Files\U15Y29D2.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 1415680 _____ (wj32) C:\Program Files\UY5959D5.exe
2015-06-25 05:20 - 2015-06-25 05:20 - 1415680 _____ (wj32) C:\Program Files\VRVZ3AES.exe
2015-06-25 10:44 - 2015-06-25 10:44 - 1415680 _____ (wj32) C:\Program Files\W3AHLHOD.exe
2015-06-25 05:32 - 2015-06-25 05:32 - 1415680 _____ (wj32) C:\Program Files\X2IH05I5.exe
2015-06-26 17:28 - 2015-06-26 17:28 - 1415680 _____ (wj32) C:\Program Files\XVIG83K6.exe
2015-07-01 17:29 - 2015-07-01 17:29 - 1415680 _____ (wj32) C:\Program Files\Z3707BFK.exe
2015-07-03 01:02 - 2015-07-03 01:02 - 1415680 _____ (wj32) C:\Program Files\Z9JW6JTG.exe
2015-07-01 09:25 - 2015-07-01 09:25 - 1415680 _____ (wj32) C:\Program Files\ZSZ37BIW.exe
2014-10-01 21:43 - 2014-04-04 20:55 - 535287324 _____ () C:\Program Files (x86)\adt-bundle-windows-x86_64-20140321.zip
2006-08-14 17:08 - 2006-08-14 17:08 - 1348242 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1079850 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1398718 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1116109 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0917318 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 4163518 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0180021 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0133991 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0087989 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0046898 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1351430 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1078532 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0183863 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0138195 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0088102 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0047018 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0703080 _____ () C:\Program Files (x86)\BDA.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1156363 _____ () C:\Program Files (x86)\BDANT.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0976020 _____ () C:\Program Files (x86)\BDAXP.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1358864 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1080344 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 15493481 _____ () C:\Program Files (x86)\DirectX.cab
2013-04-02 10:44 - 2011-09-30 14:01 - 0746688 _____ () C:\Program Files (x86)\DotaToolKit v3.2d_2.rar
2013-04-02 10:44 - 2011-01-28 19:48 - 0880609 _____ () C:\Program Files (x86)\DotaToolKit.exe
2006-08-14 17:08 - 2006-08-14 17:08 - 0074520 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2006-08-14 17:08 - 2006-08-14 17:08 - 2248984 _____ (Microsoft Corporation) C:\Program Files (x86)\dsetup32.dll
2010-10-18 02:34 - 2013-04-04 08:31 - 0001095 ___SH () C:\Program Files (x86)\DTKConfig.ini
2013-04-02 10:44 - 2010-12-08 19:07 - 0005570 ___SH () C:\Program Files (x86)\DTKItemBuild.ini
2013-04-02 10:44 - 2010-12-08 19:05 - 0007558 ___SH () C:\Program Files (x86)\DTKSkillBuild.ini
2006-08-14 17:08 - 2006-08-14 17:08 - 0041995 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 13265040 _____ () C:\Program Files (x86)\dxnt.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0484632 _____ (Microsoft Corporation) C:\Program Files (x86)\DXSETUP.exe
2006-08-14 17:08 - 2006-08-14 17:08 - 0082338 _____ () C:\Program Files (x86)\dxupdate.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1248387 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1014113 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1363684 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1085608 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0179247 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0133297 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1336890 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1065813 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0181745 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0134631 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0086925 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0046247 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2015-04-10 21:04 - 2015-06-26 12:09 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CC Prefs
2015-04-11 00:23 - 2015-04-11 00:24 - 184702896 _____ () C:\Users\David\AppData\Local\ACCCx2_9_1_474.zip.aamdownload
2015-04-11 00:23 - 2015-04-11 00:24 - 0002216 _____ () C:\Users\David\AppData\Local\ACCCx2_9_1_474.zip.aamdownload.aamd
2015-06-26 11:47 - 2015-06-26 11:47 - 0001456 _____ () C:\Users\David\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-16 23:56 - 2015-01-16 23:56 - 0000001 _____ () C:\Users\David\AppData\Local\DSI.DAT
2013-12-11 17:19 - 2015-05-03 20:17 - 0007601 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2015-04-10 09:50 - 2015-06-12 11:40 - 0004932 _____ () C:\Users\David\AppData\Local\Temp-log.txt
2015-06-29 12:00 - 2015-06-29 12:00 - 0000000 _____ () C:\Users\David\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\David\AppData\Local\Temp\42bb54162217efda71fdf88108e80481.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-24 18:51

==================== End of log ============================


  • 0

#10
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Next steps :)

 

I've spotted signs of a P2P program installed on your machine.

 

uTorent



icon_exclaim.gifBe warned:

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected: unsecured ports, downloaded cracks... There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.
 
I'm rather sure that if you'll continue using P2P, you'll be often visiting our Malware Removal Forum.
Please fully uninstall any P2P apps (uTorrent) (if so, please do it from the Control Panel > Add/Remove Programs),
 

 

Next, you have Developer build of Chrome installed. Please uninstall Chrome and then re-install it with the production version.

 

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 

 

adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
 
Please include the contents of that file in your reply.

 

 

 

 

Junkware Removal Tool

Download Junkware Removal Tool by thisisu and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.


AdwCleaner


Download AdwCleaner from here to the Desktop

  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    AdwCleaner.png
  • Click the Scan button and wait for the program to finish.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open
  • Please copy/paste the generated log to your next reply.

  • 0

Advertisements


#11
davidhoho

davidhoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

My laptop went blue screen when i try to scan with comboFix?

 

and For your information i still cannot make my antivirus run on my computer, it stopped immediately when i start it. (Microsoft Essential)


  • 0

#12
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Sometimes CF (Combofix) will Blue Screen. Nothing to worry about. Just reboot and try again. If it fails again, then just move to the second step and continue.

 

Also, your A/V is not going to start until we get the Malware cleaned off the machine.

 

Last, once you've run all the tools, go back and run FRST once more, as you did earlier and post the log. Also, make sure uTorrent is uninstalled before you do anything else.


  • 0

#13
davidhoho

davidhoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here I will post the result

 

1. ComboFix result Blue Screen

 

2. AdwCleaner result Blue Screen

 

3. Junkware Removal Tool

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.5 (07.07.2015:2)
OS: Windows 7 Home Premium x64
Ran by David on 08/07/2015 at 11:34:57,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] bprotectex [Reboot required]
Successfully deleted: [Service] pcfapiutil [Reboot required]
Successfully deleted: [Service] vsss [Reboot required]



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCRegistryShield_Popup
Successfully deleted: [Task] C:\Windows\system32\tasks\PCRegistryShield_Start



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch



~~~ Files

Failed to delete: [File] C:\Users\David\AppData\Roaming\microsoft\systemcertificates\vssvc.exe
Successfully deleted: [File] C:\Program Files\07BIBFJ0.exe
Successfully deleted: [File] C:\Program Files\0FIMP480.exe
Successfully deleted: [File] C:\Program Files\15929AHP.exe
Successfully deleted: [File] C:\Program Files\1EOY8LV5.exe
Successfully deleted: [File] C:\Program Files\26A3AEIA.exe
Successfully deleted: [File] C:\Program Files\26DHOSZG.exe
Successfully deleted: [File] C:\Program Files\37BIBFJB.exe
Successfully deleted: [File] C:\Program Files\3BLY8ISK.exe
Successfully deleted: [File] C:\Program Files\3GK0ANXV.exe
Successfully deleted: [File] C:\Program Files\3W04BFJ6.exe
Successfully deleted: [File] C:\Program Files\4818CJNM.exe
Successfully deleted: [File] C:\Program Files\48CJNRK9.exe
Successfully deleted: [File] C:\Program Files\48FJCGNY.exe
Successfully deleted: [File] C:\Program Files\4BFJNJNF.exe
Successfully deleted: [File] C:\Program Files\59DKOSLJ.exe
Successfully deleted: [File] C:\Program Files\5Y59DHO2.exe
Successfully deleted: [File] C:\Program Files\6AELEIMT.exe
Successfully deleted: [File] C:\Program Files\6BLV8IV0.exe
Successfully deleted: [File] C:\Program Files\7B4BFJN4.exe
Successfully deleted: [File] C:\Program Files\7BF8FJNR.exe
Successfully deleted: [File] C:\Program Files\8CGCGKO5.exe
Successfully deleted: [File] C:\Program Files\8FJCGNRG.exe
Successfully deleted: [File] C:\Program Files\8IS2FPZX.exe
Successfully deleted: [File] C:\Program Files\8LV8IS2S.exe
Successfully deleted: [File] C:\Program Files\9DHLSLPT.exe
Successfully deleted: [File] C:\Program Files\9GKOSZ3K.exe
Successfully deleted: [File] C:\Program Files\9MW6G2PN.exe
Successfully deleted: [File] C:\Program Files\9VONCHCP.exe
Successfully deleted: [File] C:\Program Files\AHLEIPTI.exe
Successfully deleted: [File] C:\Program Files\AZIKFNFG.exe
Successfully deleted: [File] C:\Program Files\BLV8IS20.exe
Successfully deleted: [File] C:\Program Files\BOK9PO4D.exe
Successfully deleted: [File] C:\Program Files\CG9DKOGU.exe
Successfully deleted: [File] C:\Program Files\CGKRKOS3.exe
Successfully deleted: [File] C:\Program Files\CMW6JT31.exe
Successfully deleted: [File] C:\Program Files\DEC7RG8G.exe
Successfully deleted: [File] C:\Program Files\DHOSZVZR.exe
Successfully deleted: [File] C:\Program Files\EIMKX15Y.exe
Successfully deleted: [File] C:\Program Files\EOYBLV5Y.exe
Successfully deleted: [File] C:\Program Files\ER12159T.exe
Successfully deleted: [File] C:\Program Files\FMKU159K.exe
Successfully deleted: [File] C:\Program Files\G5JKCH95.exe
Successfully deleted: [File] C:\Program Files\GK0ANX75.exe
Successfully deleted: [File] C:\Program Files\GT3GK3G6.exe
Successfully deleted: [File] C:\Program Files\HAHLSW3V.exe
Successfully deleted: [File] C:\Program Files\HLSW6Z6E.exe
Successfully deleted: [File] C:\Program Files\HR1BJT3Y.exe
Successfully deleted: [File] C:\Program Files\HR1EOY8L.exe
Successfully deleted: [File] C:\Program Files\IMTX15C2.exe
Successfully deleted: [File] C:\Program Files\IS0AKUSN.exe
Successfully deleted: [File] C:\Program Files\IS2FPZ9W.exe
Successfully deleted: [File] C:\Program Files\IX047MKJ.exe
Successfully deleted: [File] C:\Program Files\JFJNRY20.exe
Successfully deleted: [File] C:\Program Files\JNRY26AR.exe
Successfully deleted: [File] C:\Program Files\JT3GK3D3.exe
Successfully deleted: [File] C:\Program Files\JW6GK3DN.exe
Successfully deleted: [File] C:\Program Files\KLJH4WCB.exe
Successfully deleted: [File] C:\Program Files\KU159DKS.exe
Successfully deleted: [File] C:\Program Files\KU4HMW64.exe
Successfully deleted: [File] C:\Program Files\L15AEUNF.exe
Successfully deleted: [File] C:\Program Files\LPIPTX1T.exe
Successfully deleted: [File] C:\Program Files\LPTPTX12.exe
Successfully deleted: [File] C:\Program Files\LV8ISXAK.exe
Successfully deleted: [File] C:\Program Files\LY8IS5FD.exe
Successfully deleted: [File] C:\Program Files\N9K9P6JI.exe
Successfully deleted: [File] C:\Program Files\NRY2VZ6V.exe
Successfully deleted: [File] C:\Program Files\OKOSW37O.exe
Successfully deleted: [File] C:\Program Files\OSW3737F.exe
Successfully deleted: [File] C:\Program Files\OSWSW07W.exe
Successfully deleted: [File] C:\Program Files\OSZ37B7W.exe
Successfully deleted: [File] C:\Program Files\OSZ3W07L.exe
Successfully deleted: [File] C:\Program Files\OVZ3737T.exe
Successfully deleted: [File] C:\Program Files\PZ9JW6G9.exe
Successfully deleted: [File] C:\Program Files\PZCMW6J9.exe
Successfully deleted: [File] C:\Program Files\R1BOY8IV.exe
Successfully deleted: [File] C:\Program Files\SHPK3KC5.exe
Successfully deleted: [File] C:\Program Files\SW3704BM.exe
Successfully deleted: [File] C:\Program Files\SWPW048J.exe
Successfully deleted: [File] C:\Program Files\T3DK0AKI.exe
Successfully deleted: [File] C:\Program Files\U15Y29D2.exe
Successfully deleted: [File] C:\Program Files\U49MW6GT.exe
Successfully deleted: [File] C:\Program Files\UY5959D5.exe
Successfully deleted: [File] C:\Program Files\V5FP2CPF.exe
Successfully deleted: [File] C:\Program Files\VRVZ3AES.exe
Successfully deleted: [File] C:\Program Files\W3AHLHOD.exe
Successfully deleted: [File] C:\Program Files\W6JT1BLK.exe
Successfully deleted: [File] C:\Program Files\X15Y59S9.exe
Successfully deleted: [File] C:\Program Files\X2IH05I5.exe
Successfully deleted: [File] C:\Program Files\XVIG83K6.exe
Successfully deleted: [File] C:\Program Files\Y2926AH6.exe
Successfully deleted: [File] C:\Program Files\Y8LV5ANI.exe
Successfully deleted: [File] C:\Program Files\YBLV5ISI.exe
Successfully deleted: [File] C:\Program Files\Z3707BFK.exe
Successfully deleted: [File] C:\Program Files\Z9JW6JTG.exe
Successfully deleted: [File] C:\Program Files\Z9MW1W1Z.exe
Successfully deleted: [File] C:\Program Files\ZCMW6JT3.exe
Successfully deleted: [File] C:\Program Files\ZSZ37BIW.exe
Successfully deleted: [File] C:\Users\David\appdata\local\google\chrome\user data\default\local storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage
Successfully deleted: [File] C:\Users\David\appdata\local\google\chrome\user data\default\local storage\chrome-extension_eiimolhnbbbdagljikeckdkldgemmmlj_0.localstorage
Successfully deleted: [File] C:\Users\David\appdata\local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
Successfully deleted: [File] C:\Users\David\appdata\local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
Successfully deleted: [File] C:\Users\David\appdata\local\google\chrome\user data\default\local storage\chrome-extension_oilkkkefbalmbfppgjmgjoefbclebkce_0.localstorage



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\fighters
Successfully deleted: [Folder] C:\ProgramData\Google
Successfully deleted: [Folder] C:\Users\David\AppData\Roaming\fighters



~~~ FireFox

Successfully deleted: [Folder] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\rpq8mq8f.default-1428237532237\extensions\[email protected]
Successfully deleted the following from C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\rpq8mq8f.default-1428237532237\prefs.js

user_pref(browser.search.searchengine.alias, );
user_pref(browser.search.searchengine.name, V9 );
user_pref(browser.search.searchengine.ref, d3d3LnY5LmNvbQ==);
user_pref(browser.search.searchengine.ts, 1431343042);
user_pref(browser.search.searchengine.type, );
user_pref(browser.search.searchengine.uid, hitachixhts547550a9e384_j25j0054ha397eha397ex);
Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\rpq8mq8f.default-1428237532237\minidumps [6 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd

[C:\Users\David\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\David\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\David\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\David\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/07/2015 at 11:38:03,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

4. AdwCleaner

 

# AdwCleaner v4.207 - Logfile created 08/07/2015 at 11:45:11
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : David - DAVIDHOHO
# Running from : C:\Users\David\Desktop\AdwCleaner_2.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.searchgol.com_0.localstorage

***** [ Scheduled tasks ] *****

Task Deleted : LaunchSignup

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKCU\Software\5253dd8fe739e513
Key Deleted : HKLM\SOFTWARE\5253dd8fe739e513
Key Deleted : HKLM\SOFTWARE\9044c9b5-9df6-bf21-df5b-7d45e1de058e
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{803C743C-7D37-4334-8BB0-B7716237AED6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{917A80E3-C425-4F5F-B8D3-4804A0CCA924}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{94BBC0BB-9577-4D4E-A79D-D3F33AFF0DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\V9
Key Deleted : HKCU\Software\Fighters
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\Fighters
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SiteSee
Key Deleted : HKU\.DEFAULT\Software\Elex-tech
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16659


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v43.0.2357.132


*************************

AdwCleaner[R0].txt - [26635 bytes] - [16/01/2015 23:44:57]
AdwCleaner[R1].txt - [19060 bytes] - [01/07/2015 19:34:43]
AdwCleaner[R2].txt - [19120 bytes] - [01/07/2015 19:36:35]
AdwCleaner[R3].txt - [23900 bytes] - [07/07/2015 22:07:07]
AdwCleaner[R4].txt - [23186 bytes] - [07/07/2015 22:09:01]
AdwCleaner[S0].txt - [10954 bytes] - [08/07/2015 11:45:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11014  bytes] ##########
 

 

Scan Result with FRST

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by David at 2015-07-08 11:53:17
Running from C:\Users\David\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1685673173-357443733-221515080-500 - Administrator - Disabled)
David (S-1-5-21-1685673173-357443733-221515080-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-1685673173-357443733-221515080-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ATI Catalyst Install Manager (HKLM\...\{127BEDB9-CFBA-91A2-BCC1-A3A21AFA02F6}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Battlefield 2 Complete Collection (HKLM-x32\...\Battlefield 2 Complete Collection_R.G._Element_Arts_is1) (Version: 1.5.3153.802.0 - R.G. Element Arts, Zerstoren)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2011.0407.736.11742 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Packet Tracer 6.2 Student (HKLM-x32\...\Cisco Packet Tracer 6.2 Student_is1) (Version:  - Cisco Systems, Inc.)
CodeBlocks (HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FreeArc 0.666 (HKLM-x32\...\FreeArc) (Version: 0.666 - Bulat Ziganshin)
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
GDR 2218 for SQL Server 2012 (KB2716442) (64-bit) (HKLM\...\KB2716442) (Version: 11.0.2218.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{B86FB076-3531-4AF4-86CC-68CA36BFF48A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
IIS Search Engine Optimization Toolkit 1.0 (HKLM\...\{BC5929D3-9D88-4B35-8E37-CD1F2849292C}) (Version: 1.0.0731 - Microsoft Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Java™ SE Development Kit 6 Update 1 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 Update 1 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.0.0 - )
LenovoUsbDriver 1.0.10 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.10 - Lenovo)
LINE (HKLM-x32\...\LINE) (Version: 4.0.3.367 - LINE Corporation)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{BFEF7F89-A8EF-440A-8CBF-90BE1B7DFB7A}) (Version: 15.8.8928.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{587F8B5C-D30D-4EEC-849B-FC410EA38AAF}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 RS Add-in for SharePoint  (HKLM\...\{1527F893-FB8F-45D1-8B83-488E9F5C516C}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{977887EC-1C9B-47FA-8489-88E5E7F43D5E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{03A2AE02-CBC9-4746-A376-0F7BF6AF5F39}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.001.05.00.45 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NBA 2K13 (HKLM-x32\...\{D96B6543-A0C0-4351-AF96-73DEF1DD6820}) (Version: 1.0.0 - 2K Sports)
NetBeans IDE 7.2.1 (HKLM\...\nbi-nb-base-7.2.1.0.201210100934) (Version: 7.2.1 - NetBeans.org)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Rise of Nations Gold (HKLM-x32\...\Rise of Nations Gold_is1) (Version:  - Microsoft)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SQL Server 2012 Analysis Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Distributed Replay (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Master Data Services (Version: 11.0.2218.0 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 RS_SharePoint_SharedService (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
Update 4.0.2 for Microsoft .NET Framework 4 Client Profile (KB2544514) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2544514) (Version: 1 - Microsoft Corporation)
Update 4.0.2 for Microsoft .NET Framework 4 Extended (KB2544514) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2544514) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VitalSource Bookshelf (HKLM-x32\...\{ACBF0550-A317-4C22-AC93-0DDB73087412}) (Version: 6.01.0018 - Ingram Content Group)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.10 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.1 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812ASIA}_is1) (Version:  - Wargaming.net)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1685673173-357443733-221515080-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2015-07-03 00:35 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08A1113C-A2DA-4B2A-883C-44BD490449A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {25938748-7616-4E43-9632-EC6A53A099FC} - System32\Tasks\{0AB6AF86-822A-4734-BABE-37E5EE267EB9} => C:\Game\Warcraft III\w3l.exe
Task: {2ECA2BD1-1A80-41F9-A26C-C4A4B55E6D47} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {2ED5F245-5710-49C0-A6F6-B29BD5023A8A} - System32\Tasks\{85BFD318-7D84-4871-A7D2-762BFF77EA25} => C:\Game\Warcraft III\w3l.exe
Task: {30DD0ACD-0013-4E52-B72A-3B98C7091978} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-06-30] (Microsoft)
Task: {55FA7F85-E46C-410E-9A45-6AAA167EF060} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-23] (CyberLink)
Task: {6B53199F-814C-4648-8FB4-6C138DB6F16D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {6BAB7E0B-06A9-43E3-901A-4F52E67D4328} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {70DD3BEB-BE15-4BF4-8D26-FB28695BAB02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {79FF2895-84D2-46F4-9267-F299C3A8339B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {97FCC845-F557-4706-8859-41F6C4775A84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {B20721BE-F0F3-47D5-9152-9B77291D750C} - System32\Tasks\HPCeeScheduleForDavid => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {B47A7F60-50F9-4475-8B2E-8DFFA4B74633} - System32\Tasks\{AD666397-DC06-4640-B0AA-42A4BBE16AFD} => C:\Game\Warcraft III\w3l.exe
Task: {D07410B1-FA85-4514-92C5-06F55E48E4E7} - System32\Tasks\{96B35852-3F50-4A28-A954-B03FCA8218EC} => C:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30] (Microsoft Corporation)
Task: {D4D36EA5-A92B-4381-B7D6-DD7E4DC58398} - System32\Tasks\AdobeAAMUpdater-1.0-DAVIDHOHO-David => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {F482E15A-101E-47A0-8E53-C739A097BF9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-06-30] (Microsoft)
Task: {F7DF8D19-7D6B-4732-B5F0-26FA08A58452} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDavid.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-01-08 07:57 - 2011-01-08 07:57 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-05 19:49 - 2014-09-11 21:13 - 11021824 _____ () C:\xampp\mysql\bin\mysqld.exe
2013-04-01 19:32 - 2013-04-01 19:32 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-05 19:47 - 2014-07-17 18:18 - 00219648 _____ () C:\xampp\apache\bin\pcre.dll
2015-01-05 19:50 - 2014-11-13 08:41 - 00127488 _____ () C:\xampp\php\libpq.dll
2015-01-05 19:47 - 2014-11-13 08:41 - 00117760 _____ () C:\xampp\apache\bin\libssh2.dll
2015-06-10 15:35 - 2015-06-10 15:35 - 03129368 _____ () C:\Program Files (x86)\Naver\LINE\ampkit_windows.dll
2015-06-10 09:57 - 2015-06-10 09:57 - 00123928 _____ () C:\Program Files (x86)\Naver\LINE\PlayerHelper.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-09 00:39 - 2015-04-09 00:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67e9010a82d780d45c4fd2d359927737\IsdiInterop.ni.dll
2011-06-23 15:42 - 2011-01-13 07:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:55B41E6A

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1685673173-357443733-221515080-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk => C:\Windows\pss\HDDlife.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WhatsApp.lnk => C:\Windows\pss\WhatsApp.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6B3740EB-5D99-48F1-B0D2-53B539BCED33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3A4B2587-D697-44D1-BDAE-201688BC23FC}] => (Allow) LPort=2869
FirewallRules: [{809E009A-CE7B-4969-8990-AB43964FE3C3}] => (Allow) LPort=1900
FirewallRules: [{00D5614A-9AE8-4661-8D51-58AA18B43CDE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8B3C2753-344A-4D03-935D-71C9463C29C2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1CF0B2B8-3D1A-4DF9-99A3-2E739EB20CEB}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K13\nba2k13.exe
FirewallRules: [{B4A194DD-D351-40D5-97D5-E3A3DBC4E1C2}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K13\nba2k13.exe
FirewallRules: [{075ECCBD-73B5-492F-9A78-E2DF6962F3A1}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\cstrike-online.exe
FirewallRules: [{1F5DF9C7-81AF-470A-AF90-E01CF3A3BE5A}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\cstrike-online.exe
FirewallRules: [{BC998806-E740-403B-A806-9343D22A574D}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\NMService.exe
FirewallRules: [{A348BB80-9B62-4C94-8B8E-8745364BB51E}] => (Allow) C:\GAMES\Counter-Strike Online\Bin\NMService.exe
FirewallRules: [{614C3048-4256-4F0C-BE16-E97F5D89F7F6}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{7D0CD4F5-8520-42AE-AAD0-A6B5D66134E0}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{A6973349-4389-4418-B8A4-7CF433B910DC}] => (Allow) C:\Users\David\Downloads\Programs\CodecPerformerSetup.exe
FirewallRules: [{0990733B-0955-464D-BA6D-AA5B1E8A4BB6}] => (Allow) C:\Users\David\Downloads\Programs\CodecPerformerSetup.exe
FirewallRules: [{5ACA60A4-8FD6-4CD8-AAE0-3225CC90C7B4}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{B06B07F3-38CE-4230-8654-4B32EA827074}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{78C78202-E329-413C-9D10-0E1BA507AFC1}] => (Allow) C:\GAMES\AuraKingdom\game.bin
FirewallRules: [{DC801EC6-260A-4370-A37E-7E171372DC82}] => (Allow) C:\GAMES\AuraKingdom\game.bin
FirewallRules: [TCP Query User{241564F6-FF73-4B71-B5EB-799C3232AE7F}C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe] => (Allow) C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe
FirewallRules: [UDP Query User{DB3F80BB-A7D0-4921-965F-0FC7211A06AB}C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe] => (Allow) C:\program files (x86)\r.g. element arts\battlefield 2 complete collection\bf2.exe
FirewallRules: [TCP Query User{6A6AB493-35EC-4760-A78C-10A31DC29BD4}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{A4913ABD-DCA1-4293-8E51-E34D771EFC9D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{23F54A62-2D33-4515-AE53-F3E939BAE786}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{2988892D-CE7A-48F9-B41C-7CE19EDC82DB}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{8D91D658-2E6E-451B-BD09-F77639443AA6}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\Spark.exe
FirewallRules: [{AFB0601B-C348-449C-84B9-D230FE4E62F8}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\Spark.exe
FirewallRules: [{190113EB-035D-400E-BBC9-640DE05B4912}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\CrashUL.exe
FirewallRules: [{A5163DA0-3BAA-418D-8346-A8078A68104D}] => (Allow) C:\Program Files (x86)\baidu\SparkSafe\CrashUL.exe
FirewallRules: [TCP Query User{ED1F8A2D-2A2B-4798-BD89-34D4101BC132}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{7936885E-68BF-43DE-88F1-583DEEDE9786}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{A9225E45-8C09-4BE9-A3F3-D31625C802F2}] => (Block) C:\Program Files (x86)\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [TCP Query User{5706E12E-4B6B-4364-A277-D4757F8C6D45}C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe] => (Allow) C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe
FirewallRules: [UDP Query User{ED49BCDB-8F6D-4785-B9CE-B903DF32EFF3}C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe] => (Allow) C:\program files (x86)\ea\crysis 3\bin32\crysis3.exe
FirewallRules: [TCP Query User{705435AC-F8B1-4067-B858-C84D34EC3109}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{7669D051-0976-4C82-A9C9-B247D327DDF8}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{87E9AF7D-6069-4B47-8C77-B9141071385E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{D0514609-3A98-4491-ACE0-22A875DC9F08}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{0033148A-C5D6-4E99-98BC-B0CE6A55A87D}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{17EC4BDA-9421-415D-9664-2B46F18D4976}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{92F5E274-3BD1-45B7-B6D5-0B70CD105DA9}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{E81FC4D9-88A6-4FA2-8CED-6CFFCC0261FD}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{8C120001-792A-4D69-8D28-081DE1C0AC57}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{D88BE0EF-6363-4605-BE19-46FF90691F42}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{DAD03EAB-1478-4202-9222-853B38F16CB0}C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{72B3BC66-9774-4502-8BB3-E13C5A63579C}C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\david\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{D25FBC46-871C-4356-9103-A73308B17BBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9AA31033-3D4D-43F9-B171-7BF0F36553B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{544CB9E2-03DD-4E62-9A2A-E3780E864A09}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{20A7AF5E-0430-4664-8E13-EEA8F1733061}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{CBD5C76A-ECBE-47B1-89C2-8069E7A8E352}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B7CF26EA-3EFC-4ADA-B9CF-ED605D399193}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{915BD1D5-9B87-4EDD-8482-9F43EC773C79}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{689A810A-EDC6-4618-B0F5-80DE851B9066}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{ACAC4C4F-4C5C-4FF0-9A52-31E7949B1DA3}C:\games\left 4 dead 2\left4dead2.exe] => (Allow) C:\games\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{25266BD3-D02C-47D5-B623-71B833884EF6}C:\games\left 4 dead 2\left4dead2.exe] => (Allow) C:\games\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{D92F72F5-3D5F-4060-A95B-75140A595086}C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe] => (Allow) C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe
FirewallRules: [UDP Query User{23871980-9305-4EB9-949C-BDA231E5054F}C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe] => (Allow) C:\games\needforspeed hot persuit\need for speed™ hot pursuit\nfs11.exe
FirewallRules: [TCP Query User{57849398-5074-43B4-BCC6-F48B7B0021ED}C:\games\warcraft iii\war3.exe] => (Allow) C:\games\warcraft iii\war3.exe
FirewallRules: [UDP Query User{242D870D-CCC6-4B1E-BCBE-CB5330CEB097}C:\games\warcraft iii\war3.exe] => (Allow) C:\games\warcraft iii\war3.exe
FirewallRules: [{77A76879-AC1F-49B5-B3FF-C668F4289E93}] => (Allow) C:\GAMES\Special Force 2\SpecialForce2\Binaries\Win32\sf2.exe
FirewallRules: [{CE5D343F-C36F-4131-9A31-04EEFA967655}] => (Allow) C:\GAMES\Special Force 2\SpecialForce2\Binaries\Win32\sf2.exe
FirewallRules: [{2E7ECBE4-4E7C-481F-AC77-FBDD499B166F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2015 11:49:34 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012) cannot connect to the report server database.

Error: (07/08/2015 11:48:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 11:42:30 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012) cannot connect to the report server database.

Error: (07/08/2015 11:42:15 AM) (Source: MSSQL$SQL2012) (EventID: 17187) (User: )
Description: SQL Server is not ready to accept new client connections. Wait a few minutes before trying again. If you have access to the error log, look for the informational message that indicates that SQL Server is ready before trying to connect again.  [CLIENT: <local machine>]

Error: (07/08/2015 11:41:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 11:35:52 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012) cannot connect to the report server database.

Error: (07/08/2015 11:31:23 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012) cannot connect to the report server database.

Error: (07/08/2015 11:31:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 10:13:16 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012) cannot connect to the report server database.

Error: (07/08/2015 10:12:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/08/2015 11:50:13 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/08/2015 11:50:13 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/08/2015 11:49:35 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/08/2015 11:49:35 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/08/2015 11:48:28 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue[::]:80

Error: (07/08/2015 11:48:28 AM) (Source: W3SVC) (EventID: 1004) (User: )
Description: The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://*:80/ for site 1. The site has been disabled. The data field contains the error number.

Error: (07/08/2015 11:48:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error:
%%2

Error: (07/08/2015 11:47:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FileZilla Server FTP server service failed to start due to the following error:
%%1053

Error: (07/08/2015 11:47:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FileZilla Server FTP server service to connect.

Error: (07/08/2015 11:46:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Distressed Stretch service failed to start due to the following error:
%%2


Microsoft Office:
=========================
Error: (07/08/2015 11:49:34 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012)

Error: (07/08/2015 11:48:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 11:42:30 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012)

Error: (07/08/2015 11:42:15 AM) (Source: MSSQL$SQL2012) (EventID: 17187) (User: )
Description: [CLIENT: <local machine>]

Error: (07/08/2015 11:41:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 11:35:52 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012)

Error: (07/08/2015 11:31:23 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012)

Error: (07/08/2015 11:31:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/08/2015 10:13:16 AM) (Source: Report Server Windows Service (SQL2012)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQL2012)

Error: (07/08/2015 10:12:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 59%
Total physical RAM: 4043.86 MB
Available physical RAM: 1656.04 MB
Total Virtual: 8085.93 MB
Available Virtual: 5252.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.51 GB) (Free:10.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (David) (Fixed) (Total:220.53 GB) (Free:10.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B45026AF)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=13.4 GB) - (Type=07 NTFS)

==================== End of log ============================

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by David (administrator) on DAVIDHOHO on 08-07-2015 11:52:12
Running from C:\Users\David\Desktop
Loaded Profiles: David & MsDtsServer110 & MSSQLFDLauncher$SQL2012 & MSOLAP$SQL2012 & ReportServer$SQL2012 & MSSQL$SQL2012 (Available Profiles: David & MsDtsServer110 & MSSQLFDLauncher$SQL2012 & MSOLAP$SQL2012 & ReportServer$SQL2012 & MSSQL$SQL2012)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\bin\msmdsrv.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe
() C:\xampp\mysql\bin\mysqld.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.SQL2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdhost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\David\Desktop\FRST64_2.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-30] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [13491224 2015-06-10] (LINE Corporation)
HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3417496 2011-08-31] (Tonec Inc.)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d.lnk [2015-06-10]
ShortcutTarget: d.lnk -> C:\Users\David\AppData\Roaming\obfavqufsr.exe (No File)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2011-05-30] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/28
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1685673173-357443733-221515080-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-1799020999-621814136-2803284099-1257466858-2328019442 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-2371223097-4079952696-1148679707-1386771867-422980588 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-3188738194-1912865064-2563333431-1497984182-3983513578 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-80-771732568-2983420133-2210906521-522062425-3275482924 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{075D9B8C-0025-4FC3-B6CF-A58F1C996B6E}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{1B86BCA7-6621-4E16-9860-B4B15399D217}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CBC345F-5772-44D4-B02F-07018B0000FF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{356C5CBD-3163-44AE-A8D8-E98B1DF5B446}: [NameServer] 10.0.28.18 10.0.28.3
Tcpip\..\Interfaces\{521BB429-17C4-4E6C-BE52-42869AC3D700}: [NameServer] 10.0.28.18 10.0.28.3
Tcpip\..\Interfaces\{7DE099D1-FF3E-4FE4-AADC-4C14A4C2ABF0}: [NameServer] 192.168.130.28 0.0.0.0
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-15] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1685673173-357443733-221515080-1000: LWAPlugin15.8 -> C:\Users\David\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2014-11-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\David\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2014-11-13] (Microsoft Corporation)
FF Extension: Download YouTube Videos as MP4 - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-05-18]
FF Extension: Adblock Edge - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-06-28]
FF HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\David\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\David\AppData\Roaming\IDM\idmmzcc5 [2014-08-08]
FF HKU\S-1-5-21-1685673173-357443733-221515080-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\David\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-30]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-30]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-30]
CHR Extension: (IDM Integration Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-30]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2014-07-17] (Apache Software Foundation) [File not signed]
S2 FileZilla Server; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2372096 2011-02-19] (Realsil Microelectronics Inc.) [File not signed]
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218040 2012-06-12] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSOLAP$SQL2012; C:\Program Files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\bin\msmdsrv.exe [61538904 2012-02-11] (Microsoft Corporation)
R2 MSSQL$SQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [11021824 2014-09-11] () [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-01] ()
R2 ReportServer$SQL2012; C:\Program Files\Microsoft SQL Server\MSRS11.SQL2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348632 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S3 SQLAgent$SQL2012; C:\Program Files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 AntiVirMailService; "C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe" [X]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\Antivirus\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\Antivirus\avguard.exe" [X]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe" [X]
S2 Distressed Stretch; "C:\Program Files (x86)\Distressed Stretch\Distressed Stretch.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 plkusbser; C:\Windows\System32\DRIVERS\plkusbser.sys [113664 2008-01-23] (QUALCOMM Incorporated)
R1 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 esyvrrjc; \??\C:\Windows\system32\drivers\esyvrrjc.sys [X]
S3 hxsyol; \??\C:\GAMES\AuraKingdom\avital\hxsy64.sys [X]
S1 kvbqyqvg; \??\C:\Windows\system32\drivers\kvbqyqvg.sys [X]
S1 ojqlethn; \??\C:\Windows\system32\drivers\ojqlethn.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Spring64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 11:43 - 2015-07-08 11:43 - 02244096 _____ C:\Users\David\Desktop\AdwCleaner_2.exe
2015-07-08 11:38 - 2015-07-08 11:38 - 00009380 _____ C:\Users\David\Desktop\JRT.txt
2015-07-08 11:35 - 2015-07-08 11:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DAVIDHOHO-Windows-7-Home-Premium-(64-bit).dat
2015-07-08 11:35 - 2015-07-08 11:35 - 00000000 ____D C:\RegBackup
2015-07-08 11:28 - 2015-07-08 11:28 - 00262144 _____ C:\Windows\Minidump\070815-35396-01.dmp
2015-07-07 22:25 - 2015-07-07 22:25 - 00262144 _____ C:\Windows\Minidump\070715-38922-01.dmp
2015-07-07 22:15 - 2015-07-07 22:15 - 02953676 _____ (Malwarebytes Corporation) C:\Users\David\Desktop\JRT.exe
2015-07-07 22:10 - 2015-07-07 22:10 - 00262144 _____ C:\Windows\Minidump\070715-33805-01.dmp
2015-07-07 22:06 - 2015-07-07 22:06 - 02244096 _____ C:\Users\David\Desktop\AdwCleaner.exe
2015-07-07 22:00 - 2015-07-07 22:01 - 00262144 _____ C:\Windows\Minidump\070715-37955-01.dmp
2015-07-07 21:51 - 2015-07-07 21:52 - 00262144 _____ C:\Windows\Minidump\070715-38781-01.dmp
2015-07-07 21:50 - 2015-07-07 22:24 - 00000000 ___SD C:\32788R22FWJFW
2015-07-07 21:50 - 2015-07-07 21:50 - 00000000 ____D C:\Windows\erdnt
2015-07-07 21:49 - 2015-07-07 21:49 - 05632562 ____R (Swearware) C:\Users\David\Desktop\ComboFix.exe
2015-07-06 21:25 - 2015-07-06 21:25 - 00053140 _____ C:\Users\David\Desktop\Addition.txt
2015-07-06 21:22 - 2015-07-06 21:22 - 02112512 _____ (Farbar) C:\Users\David\Desktop\FRST64_2.exe
2015-07-06 13:40 - 2015-07-06 13:40 - 00352768 _____ C:\Users\David\Desktop\bnmc expo.fla
2015-07-06 13:31 - 2015-07-06 13:31 - 00864285 _____ C:\Users\David\Desktop\Presentation-BNMC.pptx
2015-07-05 21:50 - 2015-07-06 22:00 - 00000000 ____D C:\Users\David\Desktop\PJJ ANGKATAN 15-2
2015-07-03 01:02 - 2015-07-03 01:02 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
2015-07-03 00:57 - 2015-07-03 00:33 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-02 22:30 - 2015-07-03 01:02 - 00055147 _____ C:\zoek-results.log
2015-07-02 22:23 - 2015-07-03 00:51 - 00000000 ____D C:\zoek_backup
2015-07-02 22:21 - 2015-07-02 22:21 - 01308672 _____ C:\Users\David\Desktop\zoek.exe
2015-07-01 21:18 - 2015-07-01 21:18 - 00001044 _____ C:\Users\David\Desktop\w3l - Shortcut.lnk
2015-07-01 19:38 - 2015-07-01 19:39 - 00262144 _____ C:\Windows\Minidump\070115-40778-01.dmp
2015-07-01 17:40 - 2015-07-01 19:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-01 17:40 - 2015-07-01 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-01 17:25 - 2015-07-01 17:26 - 00262144 _____ C:\Windows\Minidump\070115-37221-01.dmp
2015-07-01 16:37 - 2015-07-08 11:53 - 00024545 _____ C:\Users\David\Desktop\FRST.txt
2015-07-01 16:37 - 2015-07-08 11:52 - 00000000 ____D C:\FRST
2015-07-01 16:17 - 2015-07-03 04:05 - 00000000 _____ C:\dfu.log
2015-07-01 10:08 - 2015-07-07 20:58 - 00014410 _____ C:\Users\David\Documents\Juli.xlsx
2015-06-30 15:21 - 2015-07-01 01:14 - 00036864 _____ C:\Users\David\Desktop\SE Rev1.xls
2015-06-29 12:00 - 2015-06-29 12:00 - 00000000 _____ C:\Users\David\AppData\Local\Temp.dat
2015-06-27 15:33 - 2015-06-27 15:35 - 00000000 ____D C:\Windows\rescache
2015-06-27 01:05 - 2015-06-30 22:28 - 00008832 _____ C:\Users\David\Desktop\Book1.xlsx
2015-06-26 11:47 - 2015-06-26 11:47 - 00001456 _____ C:\Users\David\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-26 09:24 - 2015-06-26 09:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-26 09:24 - 2015-06-26 09:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-26 02:12 - 2012-02-11 15:43 - 00253016 _____ (Microsoft Corporation) C:\Windows\system32\SQSRVRES.DLL
2015-06-25 11:00 - 2015-04-18 10:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-25 11:00 - 2015-04-18 09:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-25 10:59 - 2015-05-26 01:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-25 10:59 - 2015-05-26 01:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-25 10:59 - 2015-05-26 01:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-25 10:59 - 2015-05-26 01:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-25 10:59 - 2015-05-26 01:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-25 10:59 - 2015-05-26 01:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-25 10:59 - 2015-05-26 01:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-25 10:59 - 2015-05-26 01:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-25 10:59 - 2015-05-26 01:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 01:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-25 10:59 - 2015-05-26 01:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-25 10:59 - 2015-05-26 01:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-25 10:59 - 2015-05-26 01:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-25 10:59 - 2015-05-26 01:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-25 10:59 - 2015-05-26 01:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-25 10:59 - 2015-05-26 00:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-25 10:59 - 2015-05-26 00:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-25 10:59 - 2015-05-26 00:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-25 10:59 - 2015-05-26 00:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-25 10:59 - 2015-05-26 00:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-25 10:59 - 2015-05-26 00:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-25 10:59 - 2015-05-26 00:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-25 10:59 - 2015-05-25 23:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-25 10:59 - 2015-05-25 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-25 10:59 - 2015-05-25 23:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-25 10:59 - 2015-05-25 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-25 10:59 - 2015-05-25 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-25 10:59 - 2015-05-25 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-25 10:59 - 2015-04-30 01:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-25 10:59 - 2015-04-30 01:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-25 10:59 - 2015-04-30 01:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-25 10:59 - 2015-04-30 01:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-25 10:59 - 2015-04-30 01:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-25 10:59 - 2015-04-30 01:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-25 10:59 - 2015-04-30 01:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-25 10:59 - 2015-04-30 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-25 10:59 - 2015-04-30 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-25 10:59 - 2015-04-30 01:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-25 07:40 - 2015-05-01 20:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-25 07:40 - 2015-05-01 20:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-25 07:13 - 2015-01-09 10:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-25 07:13 - 2015-01-09 10:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-25 07:13 - 2015-01-09 10:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-25 07:13 - 2015-01-09 09:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-06-25 06:38 - 2015-04-13 10:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-25 06:37 - 2015-05-23 01:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-25 06:37 - 2015-05-23 01:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-25 06:37 - 2015-05-23 01:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-25 06:37 - 2015-05-21 20:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-25 06:37 - 2015-01-28 06:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-06-25 06:36 - 2015-04-25 01:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-25 06:36 - 2015-04-25 00:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-25 06:36 - 2015-04-20 10:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-25 06:36 - 2015-04-20 10:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-25 06:36 - 2015-04-20 09:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-25 06:36 - 2015-04-08 10:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-25 06:36 - 2015-04-08 10:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-25 06:36 - 2015-03-25 10:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-25 06:36 - 2015-03-25 10:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-25 06:36 - 2015-03-25 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-25 06:36 - 2015-03-25 10:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-25 06:36 - 2015-03-25 10:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-25 06:36 - 2015-03-25 10:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-25 06:36 - 2015-03-10 10:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-25 06:36 - 2015-03-10 10:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-25 06:36 - 2015-03-10 10:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-06-25 06:36 - 2015-03-10 10:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-06-25 06:36 - 2015-03-05 12:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-25 06:36 - 2015-03-05 11:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-06-25 06:36 - 2015-01-29 10:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-25 06:36 - 2015-01-29 10:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-25 06:36 - 2012-06-01 12:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-06-25 06:36 - 2012-06-01 12:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-06-25 06:36 - 2012-06-01 12:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-06-25 06:36 - 2012-06-01 12:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-06-25 06:36 - 2012-06-01 12:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-06-25 06:36 - 2012-06-01 12:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-06-25 06:36 - 2012-06-01 11:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-06-25 06:36 - 2012-06-01 11:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-06-25 06:36 - 2012-06-01 11:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-06-25 06:36 - 2012-06-01 11:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-06-25 06:36 - 2012-06-01 11:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-06-25 06:36 - 2012-06-01 11:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-06-25 06:35 - 2015-05-26 00:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-25 06:34 - 2015-05-31 08:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-25 06:34 - 2015-05-31 07:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-25 06:34 - 2015-05-31 07:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-25 06:34 - 2015-05-31 07:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-25 06:34 - 2015-05-31 07:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-25 06:34 - 2015-05-31 07:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-25 06:34 - 2015-05-31 07:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-25 06:34 - 2015-05-31 07:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-25 06:34 - 2015-05-31 07:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-25 06:34 - 2015-05-31 07:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-25 06:34 - 2015-05-31 07:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-25 06:34 - 2015-05-31 07:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-25 06:34 - 2015-05-31 07:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-25 06:34 - 2015-05-31 06:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-25 06:34 - 2015-05-31 06:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-25 06:34 - 2015-05-31 06:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-25 06:34 - 2015-05-31 06:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-25 06:34 - 2015-05-31 06:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-25 06:34 - 2015-05-31 06:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-25 06:34 - 2015-05-31 06:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-25 06:34 - 2015-05-31 06:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-25 06:34 - 2015-05-31 06:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-25 06:34 - 2015-05-31 06:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-25 06:34 - 2015-05-31 06:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-25 06:34 - 2015-05-31 06:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-25 06:34 - 2015-05-31 06:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-25 06:34 - 2015-05-31 06:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-25 06:34 - 2015-05-31 06:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-25 06:34 - 2015-04-11 10:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-25 06:34 - 2015-02-25 10:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-25 06:34 - 2015-02-18 14:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-06-25 06:34 - 2015-02-18 14:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-25 06:32 - 2015-03-04 11:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-25 06:32 - 2015-03-04 11:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-25 06:32 - 2015-03-04 11:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-25 06:32 - 2015-03-04 11:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-25 06:32 - 2015-03-04 11:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-25 06:32 - 2015-03-04 11:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-25 06:32 - 2015-03-04 11:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-06-25 06:32 - 2015-03-04 11:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-06-25 06:32 - 2015-03-04 11:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-25 06:32 - 2015-03-04 11:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-25 06:04 - 2015-06-25 06:04 - 00002976 _____ C:\Windows\System32\Tasks\{96B35852-3F50-4A28-A954-B03FCA8218EC}
2015-06-25 06:02 - 2015-06-25 06:02 - 00002117 _____ C:\Users\David\Desktop\Microsoft Security Essentials.lnk
2015-06-25 06:00 - 2015-06-25 06:00 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-25 06:00 - 2015-06-25 06:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-25 06:00 - 2015-06-25 06:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-14 18:04 - 2015-07-01 19:54 - 00000000 ____D C:\Users\David\Desktop\uas

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 11:53 - 2015-01-30 12:37 - 00001012 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-08 11:50 - 2011-06-23 15:43 - 01854434 _____ C:\Windows\WindowsUpdate.log
2015-07-08 11:48 - 2015-01-30 12:37 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-08 11:47 - 2014-07-03 19:56 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-08 11:46 - 2015-01-06 20:24 - 00000200 _____ C:\Windows\Tasks\AutoKMS.job
2015-07-08 11:46 - 2014-06-18 18:53 - 00085654 _____ C:\Windows\setupact.log
2015-07-08 11:46 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-08 11:45 - 2015-01-16 23:44 - 00000000 ____D C:\AdwCleaner
2015-07-08 11:45 - 2015-01-15 21:45 - 00000000 ____D C:\Windows\system32\log
2015-07-08 11:45 - 2013-03-03 13:02 - 00001132 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-08 11:45 - 2013-03-03 13:02 - 00000989 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-07-08 11:45 - 2009-07-14 11:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-08 11:45 - 2009-07-14 11:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-08 11:28 - 2013-12-03 09:02 - 00000000 ____D C:\Windows\Minidump
2015-07-08 11:00 - 2013-09-02 08:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-08 03:35 - 2013-03-07 15:41 - 00000000 ____D C:\Users\David\AppData\Roaming\DMCache
2015-07-08 02:00 - 2015-01-14 23:04 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2015-07-07 23:56 - 2015-01-30 12:40 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 17:30 - 2015-01-06 20:24 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2015-07-05 21:48 - 2009-07-14 12:13 - 01021254 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 20:23 - 2015-04-09 20:10 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDavid
2015-07-05 20:23 - 2015-04-09 20:10 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForDavid.job
2015-07-03 01:02 - 2015-04-10 18:05 - 00000000 ____D C:\Users\MSSQLFDLauncher$SQL2012
2015-07-03 01:01 - 2013-05-31 22:33 - 00000008 __RSH C:\Users\David\ntuser.pol
2015-07-03 01:01 - 2013-03-03 12:57 - 00000000 ____D C:\Users\David
2015-07-03 00:59 - 2014-06-25 08:23 - 00519420 _____ C:\Windows\PFRO.log
2015-07-03 00:34 - 2013-03-06 14:06 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2015-07-02 22:58 - 2015-04-21 10:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-02 22:58 - 2009-07-14 10:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-02 22:58 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-07-02 14:38 - 2013-03-21 18:19 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-01 19:38 - 2013-03-11 11:19 - 00000000 ____D C:\ProgramData\Avira
2015-07-01 19:11 - 2013-03-08 18:36 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-01 18:04 - 2015-01-16 23:48 - 00000000 ____D C:\Users\David\Desktop\3teria
2015-07-01 17:30 - 2015-03-11 09:04 - 00002740 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2015-07-01 17:30 - 2014-07-05 10:47 - 00100296 _____ C:\Windows\AutoKMS.log
2015-07-01 10:08 - 2015-06-01 20:55 - 00014870 _____ C:\Users\David\Documents\Juni.xlsx
2015-06-30 11:57 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\tracing
2015-06-27 13:01 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-26 12:09 - 2015-04-10 21:04 - 00000132 _____ C:\Users\David\AppData\Roaming\Adobe PNG Format CC Prefs
2015-06-26 11:47 - 2015-01-14 23:04 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2015-06-26 09:47 - 2015-01-22 16:52 - 00047324 _____ C:\Windows\IE11_main.log
2015-06-26 02:48 - 2015-04-10 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2015-06-26 02:41 - 2013-03-03 15:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-26 02:40 - 2013-04-17 18:07 - 01007166 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-26 02:40 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-06-26 02:17 - 2013-09-06 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2015-06-26 02:03 - 2015-03-18 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-06-26 02:03 - 2015-03-18 12:05 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-25 11:34 - 2013-03-07 19:34 - 00000000 ____D C:\Windows\pss
2015-06-25 10:45 - 2015-04-11 23:41 - 00022316 _____ C:\Windows\iis7.log
2015-06-25 10:43 - 2009-07-14 11:45 - 05143096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-25 10:39 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-06-25 10:39 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-25 10:39 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-25 07:39 - 2015-01-22 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-25 07:38 - 2015-01-22 00:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-25 07:38 - 2015-01-22 00:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-25 06:00 - 2014-01-05 08:37 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-24 11:00 - 2013-09-02 08:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 11:00 - 2013-03-03 13:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 11:00 - 2013-03-03 13:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-21 16:46 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-14 09:03 - 2015-04-10 18:06 - 00000000 ____D C:\Users\MsDtsServer110
2015-06-14 03:02 - 2014-06-10 23:43 - 00000000 ____D C:\Users\David\AppData\Local\Windows Live
2015-06-13 14:14 - 2015-05-30 20:51 - 00000000 ____D C:\Users\David\Desktop\infinity challenge duet songs
2015-06-11 22:51 - 2013-05-31 18:31 - 00000000 ____D C:\Users\David\AppData\Roaming\IDM
2015-06-11 15:47 - 2014-02-04 01:17 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-06-11 15:47 - 2014-02-04 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE

==================== Files in the root of some directories =======

2014-10-01 21:43 - 2014-04-04 20:55 - 535287324 _____ () C:\Program Files (x86)\adt-bundle-windows-x86_64-20140321.zip
2006-08-14 17:08 - 2006-08-14 17:08 - 1348242 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1079850 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1398718 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1116109 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0917318 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 4163518 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0180021 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0133991 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0087989 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0046898 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1351430 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1078532 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0183863 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0138195 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0088102 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0047018 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0703080 _____ () C:\Program Files (x86)\BDA.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1156363 _____ () C:\Program Files (x86)\BDANT.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0976020 _____ () C:\Program Files (x86)\BDAXP.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1358864 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1080344 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 15493481 _____ () C:\Program Files (x86)\DirectX.cab
2013-04-02 10:44 - 2011-09-30 14:01 - 0746688 _____ () C:\Program Files (x86)\DotaToolKit v3.2d_2.rar
2013-04-02 10:44 - 2011-01-28 19:48 - 0880609 _____ () C:\Program Files (x86)\DotaToolKit.exe
2006-08-14 17:08 - 2006-08-14 17:08 - 0074520 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2006-08-14 17:08 - 2006-08-14 17:08 - 2248984 _____ (Microsoft Corporation) C:\Program Files (x86)\dsetup32.dll
2010-10-18 02:34 - 2013-04-04 08:31 - 0001095 ___SH () C:\Program Files (x86)\DTKConfig.ini
2013-04-02 10:44 - 2010-12-08 19:07 - 0005570 ___SH () C:\Program Files (x86)\DTKItemBuild.ini
2013-04-02 10:44 - 2010-12-08 19:05 - 0007558 ___SH () C:\Program Files (x86)\DTKSkillBuild.ini
2006-08-14 17:08 - 2006-08-14 17:08 - 0041995 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 13265040 _____ () C:\Program Files (x86)\dxnt.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0484632 _____ (Microsoft Corporation) C:\Program Files (x86)\DXSETUP.exe
2006-08-14 17:08 - 2006-08-14 17:08 - 0082338 _____ () C:\Program Files (x86)\dxupdate.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1248387 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1014113 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1363684 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1085608 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0179247 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0133297 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1336890 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 1065813 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0181745 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0134631 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0086925 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2006-08-14 17:08 - 2006-08-14 17:08 - 0046247 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2015-04-10 21:04 - 2015-06-26 12:09 - 0000132 _____ () C:\Users\David\AppData\Roaming\Adobe PNG Format CC Prefs
2015-04-11 00:23 - 2015-04-11 00:24 - 184702896 _____ () C:\Users\David\AppData\Local\ACCCx2_9_1_474.zip.aamdownload
2015-04-11 00:23 - 2015-04-11 00:24 - 0002216 _____ () C:\Users\David\AppData\Local\ACCCx2_9_1_474.zip.aamdownload.aamd
2015-06-26 11:47 - 2015-06-26 11:47 - 0001456 _____ () C:\Users\David\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-16 23:56 - 2015-01-16 23:56 - 0000001 _____ () C:\Users\David\AppData\Local\DSI.DAT
2013-12-11 17:19 - 2015-05-03 20:17 - 0007601 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2015-04-10 09:50 - 2015-06-12 11:40 - 0004932 _____ () C:\Users\David\AppData\Local\Temp-log.txt
2015-06-29 12:00 - 2015-06-29 12:00 - 0000000 _____ () C:\Users\David\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\David\AppData\Local\Temp\42bb54162217efda71fdf88108e80481.dll
C:\Users\David\AppData\Local\Temp\mpam-cd681b3b.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-06 22:55

==================== End of log ============================

 

So, what i should do next? FYI my A/V already can run successfully


  • 0

#14
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

FYI my A/V already can run successfully

 

I was pretty sure that it would start! However, I still see some things that I'd like to remove. Also, I'd feel better if Combofix ran successfully. In many ways, Combofix is sort of Canary in the Mine, so to speak. If it doesn't run or continues to Blue Screen, that's a certain indication of the presence of significant malware. So, please give Combofix another try and let me know how it goes.

 

In the meantime I will be reviewing your most recent FRST log.


  • 0

#15
davidhoho

davidhoho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Okay, this time i can run it successfully.

Here is the result

 

 

ComboFix 15-07-07.01 - David 08/07/2015  20:56:15.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.62.1033.18.4044.2197 [GMT 7:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{02CB818A-5524-450B-9786-725B3FE40C25}.xps
c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A36C74A9-0A97-4DF9-8BE0-F31D286824CB}.xps
c:\users\David\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
c:\users\David\Documents\YouCam_5.0.2931.0_HW_Patch_YUC130508-05.tmp
c:\windows\msdownld.tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705\services.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-06-08 to 2015-07-08  )))))))))))))))))))))))))))))))
.
.
2015-07-08 14:09 . 2015-07-08 14:09    --------    d-----w-    c:\users\ReportServer$SQL2012\AppData\Local\temp
2015-07-08 14:09 . 2015-07-08 14:09    --------    d-----w-    c:\users\MSSQLFDLauncher$SQL2012\AppData\Local\temp
2015-07-08 14:09 . 2015-07-08 14:09    --------    d-----w-    c:\users\MSSQL$SQL2012\AppData\Local\temp
2015-07-08 14:09 . 2015-07-08 14:09    --------    d-----w-    c:\users\MSOLAP$SQL2012\AppData\Local\temp
2015-07-08 14:09 . 2015-07-08 14:09    --------    d-----w-    c:\users\MsDtsServer110\AppData\Local\temp
2015-07-08 14:09 . 2015-07-08 14:09    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-07-08 09:42 . 2015-06-23 18:22    12221144    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9101BBAA-CC7A-4144-8534-6A7F12F95CD9}\mpengine.dll
2015-07-08 04:55 . 2015-06-24 08:00    1190000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB90D8FB-A0FE-409D-A6A1-BCDA2EBB1478}\gapaengine.dll
2015-07-08 04:55 . 2015-06-23 18:22    12221144    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-08 04:35 . 2015-07-08 04:35    --------    d-----w-    C:\RegBackup
2015-07-02 18:02 . 2015-07-02 18:02    --------    d-----w-    c:\users\David\AppData\Local\VirtualStore
2015-07-02 17:57 . 2015-07-02 17:33    24064    ----a-w-    c:\windows\zoek-delete.exe
2015-07-02 17:57 . 2015-07-08 14:15    --------    d-----w-    c:\users\David\AppData\Local\Temp
2015-07-02 15:23 . 2015-07-02 17:51    --------    d-----w-    C:\zoek_backup
2015-07-01 10:40 . 2015-07-01 12:26    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-01 10:40 . 2015-07-01 10:40    --------    d-----w-    c:\programdata\Malwarebytes
2015-07-01 09:37 . 2015-07-08 04:53    --------    d-----w-    C:\FRST
2015-06-27 08:33 . 2015-06-27 08:35    --------    d-----w-    c:\windows\rescache
2015-06-26 02:24 . 2015-06-26 02:24    --------    d-----w-    c:\windows\Migration
2015-06-26 02:24 . 2015-06-26 02:24    --------    d-s---w-    c:\windows\system32\CompatTel
2015-06-26 02:24 . 2015-06-26 02:24    --------    d-----w-    c:\windows\system32\appraiser
2015-06-25 19:12 . 2012-02-11 08:43    253016    ----a-w-    c:\windows\system32\SQSRVRES.DLL
2015-06-25 04:00 . 2015-04-18 02:56    342016    ----a-w-    c:\windows\SysWow64\certcli.dll
2015-06-25 04:00 . 2015-04-18 03:10    460800    ----a-w-    c:\windows\system32\certcli.dll
2015-06-25 03:39 . 2015-06-25 03:39    --------    d-----w-    c:\windows\SysWow64\Wat
2015-06-25 03:39 . 2015-06-25 03:39    --------    d-----w-    c:\windows\system32\Wat
2015-06-25 00:40 . 2015-05-01 13:17    124112    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-25 00:40 . 2015-05-01 13:16    102608    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-25 00:13 . 2015-01-09 03:14    91136    ----a-w-    c:\windows\system32\wdi.dll
2015-06-25 00:13 . 2015-01-09 03:14    950272    ----a-w-    c:\windows\system32\perftrack.dll
2015-06-25 00:13 . 2015-01-09 03:14    29696    ----a-w-    c:\windows\system32\powertracker.dll
2015-06-25 00:13 . 2015-01-09 02:48    76800    ----a-w-    c:\windows\SysWow64\wdi.dll
2015-06-24 23:38 . 2015-04-13 03:28    328704    ----a-w-    c:\windows\system32\services.exe
2015-06-24 23:37 . 2015-01-27 23:36    1239720    ----a-w-    c:\windows\system32\aitstatic.exe
2015-06-24 23:37 . 2015-05-22 18:18    700416    ----a-w-    c:\windows\system32\generaltel.dll
2015-06-24 23:37 . 2015-05-22 18:18    757248    ----a-w-    c:\windows\system32\invagent.dll
2015-06-24 23:37 . 2015-05-22 18:18    423424    ----a-w-    c:\windows\system32\devinv.dll
2015-06-24 23:37 . 2015-05-22 18:18    45568    ----a-w-    c:\windows\system32\acmigration.dll
2015-06-24 23:37 . 2015-05-22 18:18    227328    ----a-w-    c:\windows\system32\aepdu.dll
2015-06-24 23:37 . 2015-05-22 18:13    1119232    ----a-w-    c:\windows\system32\aeinv.dll
2015-06-24 23:37 . 2015-05-21 13:19    193536    ----a-w-    c:\windows\system32\aepic.dll
2015-06-24 23:35 . 2015-05-25 17:08    3206144    ----a-w-    c:\windows\system32\win32k.sys
2015-06-24 23:32 . 2015-03-04 04:41    6656    ----a-w-    c:\windows\system32\shimeng.dll
2015-06-24 23:32 . 2015-03-04 04:41    72192    ----a-w-    c:\windows\system32\aelupsvc.dll
2015-06-24 23:32 . 2015-03-04 04:41    342016    ----a-w-    c:\windows\system32\apphelp.dll
2015-06-24 23:32 . 2015-03-04 04:41    23552    ----a-w-    c:\windows\system32\sdbinst.exe
2015-06-24 23:32 . 2015-03-04 04:11    5120    ----a-w-    c:\windows\SysWow64\shimeng.dll
2015-06-24 23:32 . 2015-03-04 04:10    295936    ----a-w-    c:\windows\SysWow64\apphelp.dll
2015-06-24 23:32 . 2015-03-04 04:10    20992    ----a-w-    c:\windows\SysWow64\sdbinst.exe
2015-06-24 23:32 . 2015-03-04 04:55    367552    ----a-w-    c:\windows\system32\clfs.sys
2015-06-24 23:32 . 2015-03-04 04:41    79360    ----a-w-    c:\windows\system32\clfsw32.dll
2015-06-24 23:32 . 2015-03-04 04:10    58880    ----a-w-    c:\windows\SysWow64\clfsw32.dll
2015-06-24 23:00 . 2015-06-24 23:00    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2015-06-24 23:00 . 2015-06-24 23:00    --------    d-----w-    c:\program files\Microsoft Security Client
2015-06-21 09:46 . 2015-06-24 23:04    --------    d-----w-    c:\users\David\AppData\Local\Diagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-05 10:08 . 2010-11-21 03:27    300704    ------w-    c:\windows\system32\MpSigStub.exe
2015-06-25 19:48 . 2015-04-10 10:34    494784    ----a-w-    c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2015-06-25 19:17 . 2013-09-06 13:20    112832    ----a-w-    c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2015-06-24 04:00 . 2013-03-03 06:35    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-24 04:00 . 2013-03-03 06:35    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-26 17:04 . 2015-04-08 13:06    140135120    ----a-w-    c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-25 03:59    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-05-11 14:53 . 2015-05-11 14:53    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2015-05-11 14:53 . 2015-05-11 14:53    320424    ----a-w-    c:\windows\system32\javaws.exe
2015-05-11 14:53 . 2015-05-11 14:53    189352    ----a-w-    c:\windows\system32\javaw.exe
2015-05-11 14:53 . 2015-05-11 14:53    189352    ----a-w-    c:\windows\system32\java.exe
2011-01-28 12:48 . 2013-04-02 03:44    880609    ----a-w-    c:\program files (x86)\DotaToolKit.exe
2006-08-14 10:08 . 2006-08-14 10:08    74520    ----a-w-    c:\program files (x86)\DSETUP.dll
2006-08-14 10:08 . 2006-08-14 10:08    484632    ----a-w-    c:\program files (x86)\DXSETUP.exe
2006-08-14 10:08 . 2006-08-14 10:08    2248984    ----a-w-    c:\program files (x86)\dsetup32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Line"="c:\program files (x86)\Naver\LINE\Line.exe" [2015-06-10 13491224]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-08-30 3417496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R1 esyvrrjc;esyvrrjc;c:\windows\system32\drivers\esyvrrjc.sys;c:\windows\SYSNATIVE\drivers\esyvrrjc.sys [x]
R1 kvbqyqvg;kvbqyqvg;c:\windows\system32\drivers\kvbqyqvg.sys;c:\windows\SYSNATIVE\drivers\kvbqyqvg.sys [x]
R1 ojqlethn;ojqlethn;c:\windows\system32\drivers\ojqlethn.sys;c:\windows\SYSNATIVE\drivers\ojqlethn.sys [x]
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Distressed Stretch;Distressed Stretch;c:\program files (x86)\Distressed Stretch\Distressed Stretch.exe;c:\program files (x86)\Distressed Stretch\Distressed Stretch.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 hxsyol;hxsyol;c:\games\AuraKingdom\avital\hxsy64.sys;c:\games\AuraKingdom\avital\hxsy64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 plkusbser;PROLiNKU6 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\plkusbser.sys;c:\windows\SYSNATIVE\DRIVERS\plkusbser.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 Spring;Spring;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\Spring64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\Spring64.sys [x]
R3 SQL Server Distributed Replay Client;SQL Server Distributed Replay Client;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [x]
R3 SQL Server Distributed Replay Controller;SQL Server Distributed Replay Controller;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe;c:\program files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [x]
R3 SQLAgent$SQL2012;SQL Server Agent (SQL2012);c:\program files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\SQLAGENT.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe;c:\xampp\apache\bin\httpd.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MsDtsServer110;SQL Server Integration Services 11.0;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [x]
S2 MSOLAP$SQL2012;SQL Server Analysis Services (SQL2012);c:\program files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\bin\msmdsrv.exe;c:\program files\Microsoft SQL Server\MSAS11.SQL2012\OLAP\bin\msmdsrv.exe [x]
S2 MSSQL$SQL2012;SQL Server (SQL2012);c:\program files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\sqlservr.exe [x]
S2 ReportServer$SQL2012;SQL Server Reporting Services (SQL2012);c:\program files\Microsoft SQL Server\MSRS11.SQL2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS11.SQL2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 MSSQLFDLauncher$SQL2012;SQL Full-text Filter Daemon Launcher (SQL2012);c:\program files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL11.SQL2012\MSSQL\Binn\fdlauncher.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-07 16:54    991048    ----a-w-    c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-03 04:00]
.
2015-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30 05:37]
.
2015-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30 05:37]
.
2015-07-05 c:\windows\Tasks\HPCeeScheduleForDavid.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50    22408    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-08 418328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files (x86)\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d} -
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{356C5CBD-3163-44AE-A8D8-E98B1DF5B446}: NameServer = 10.0.28.18 10.0.28.3
TCP: Interfaces\{521BB429-17C4-4E6C-BE52-42869AC3D700}: NameServer = 10.0.28.18 10.0.28.3
TCP: Interfaces\{7DE099D1-FF3E-4FE4-AADC-4C14A4C2ABF0}: NameServer = 192.168.130.28 0.0.0.0
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rpq8mq8f.default-1428237532237\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d.lnk - c:\users\David\AppData\Roaming\obfavqufsr.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSRS11.SQL2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ReportServerSharePoint:Service]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6e,df,
   9c,b4,8a,ec,0d,95,4e,ce,e8,47,6f,39,27
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,24,
   81,30,19,d7,04,93,c0,10,24,75,4e,21,de
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,21,da,
   c3,78,ac,28,09,85,82,42,9c,2c,7e,81,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,dc,
   ca,77,f1,33,0d,a1,78,dd,65,c2,83,ca,b1
"{8D3EC233-B92D-4187-A506-284127CFBA2D}"=hex:51,66,7a,6c,4c,1d,3b,1b,23,dd,2a,
   9c,1f,ec,ef,0f,b8,0a,69,01,24,89,f8,35
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,cb,
   09,9f,bd,eb,0c,b8,9a,bb,17,8f,68,ff,db
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,91,
   63,f7,65,4a,03,aa,f5,4a,fc,1e,7e,e1,66
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e7,
   a5,13,5b,31,07,a7,2e,03,f3,03,c8,40,e7
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,40,
   3b,c4,0e,0d,08,b5,af,8e,e9,64,68,00,89
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,24,39,
   5c,8c,3c,12,09,8d,f9,bc,9b,06,73,3b,6d
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,dd,0c,
   32,57,1c,bc,5f,86,14,41,d0,24,e3,8f,57
"{19A395C9-823B-4700-B817-396FC84FFB16}"=hex:51,66,7a,6c,4c,1d,3b,1b,d9,8a,b7,
   08,09,d7,68,09,a5,1b,78,2f,cb,09,b9,0e
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f2,4c,
   bb,ef,54,f9,03,9e,3f,8e,50,54,32,31,ef
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@Denied: (Full) (Everyone)
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0275ffde-843c-11e2-a2a4-806e6f6e6963}\shell]
@="None"
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0275ffdf-843c-11e2-a2a4-806e6f6e6963}]
"_CommentFromDesktopINI"=""
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0275ffdf-843c-11e2-a2a4-806e6f6e6963}\shell]
@="None"
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2814f26f-83c7-11e2-b20e-cc52afa0a36e}\shell]
@="None"
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2814f2ba-83c7-11e2-b20e-080027000472}\shell]
@="AutoRun"
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):2f,d0,6c,cd,f4,07,1a,b7,e7,6c,9e,f7,ef,82,9e,97,e3,30,1b,7a,9d,
   7f,00,73,e4,a0,ad,c7,a9,d3,aa,8c,80,d4,8a,ac,1f,ed,f6,bc,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4e,dd,be,a9,38,af,87,46,dc,a7,3c,74,16,81,af,a4,c6,09,37,33,c4,
   ca,c6,d7,a2,25,bd,2b,c0,2e,2a,79,25,a1,13,06,e1,69,88,fd,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000_Classes\Wow6432Node\CLSID\{894a3e4d-0f43-4584-b341-68f17a204aa5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000056
"Therad"=dword:00000016
.
[HKEY_USERS\S-1-5-21-1685673173-357443733-221515080-1000_Classes\Wow6432Node\CLSID\{becfdd30-15ee-429a-89d2-aaac0dfd8c52}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000096
"Therad"=dword:00000017
"SpecVersion"=dword:000000d4
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\xampp\mysql\bin\mysqld.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-07-08  21:21:23 - machine was rebooted
ComboFix-quarantined-files.txt  2015-07-08 14:21
.
Pre-Run: 9.889.517.568 bytes free
Post-Run: 9.838.137.344 bytes free
.
- - End Of File - - BBEB4D3A0210349D47114E7EB728E04A
 


  • 0






Similar Topics


Also tagged with one or more of these keywords: AntiVirus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP