Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Gen2.exe, Trojan Horse infecting my laptop


  • Please log in to reply

#1
g33km4r0

g33km4r0

    New Member

  • Member
  • Pip
  • 2 posts

It has been for months i tried to figure out this infection on my laptop. Symantec Endpoint Protection keep popping up saying numerous dwhXXX.exe series of files been quarantine. I did full scan using Malwarebyte too and end up intermittent result of tracking and removing the virus. I even use SpyHunter though the problem still persist.This virus has made my laptop very slow when boot up and opening program, sometimes it automatically shut down.

 

Please help me.

TQ.Maro

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by maro (administrator) on MARO-PC (02-12-2015 12:14:36)
Running from C:\Users\maro\Desktop
Loaded Profiles: maro (Available Profiles: maro & Guest)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(SoftThinks SAS) C:\Program Files\Dell DataSafe Local Backup\SftService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(SoftThinks - Dell) C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
(Microsoft Corporation) C:\windows\System32\GWX\GWX.exe
() C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\windows\System32\rundll32.exe
(Microsoft Corporation) C:\windows\System32\wbem\unsecapp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\windows\System32\igfxtray.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Hewlett-Packard Company) C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard Company) C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SavUI.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\maro\AppData\Local\Google\Update\GoogleUpdate.exe
(Facebook Inc.) C:\Users\maro\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\maro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\maro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SmcGui.exe
(Google Inc.) C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1138783 2011-05-28] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3405168 2011-03-25] (Dell Inc.)
HKLM\...\Run: [RoxWatchTray] => c:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] => c:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM\...\Run: [Dell DataSafe Online] => C:\Program Files\Dell\Dell Datasafe Online\NOBuClient.exe [927576 2010-08-26] (Dell, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-06-30] (Adobe Systems Incorporated)
HKLM\...\Run: [ToolboxFX] => C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] => C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2459192 2010-08-24] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093232 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668720 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\SEP: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Run: [Google Update] => C:\Users\maro\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-02] (Google Inc.)
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Run: [Facebook Update] => C:\Users\maro\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-26] (Facebook Inc.)
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3837520 2014-06-17] (Tonec Inc.)
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-20] (Piriform Ltd)
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Run: [Dropbox Update] => C:\Users\maro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [57981568 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\MountPoints2: {369d4eb2-9303-11e2-94e6-ccaf78a1591a} - F:\AutoRun.exe
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\MountPoints2: {369d4eca-9303-11e2-94e6-ccaf78a1591a} - F:\AutoRun.exe
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\MountPoints2: {81257c20-5b8a-11e5-bee5-ccaf78a1591a} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2014-04-21] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-05-23]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2013-01-28]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\maro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-12-27]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0D6B3D19-137B-46D2-B65B-C6F2C09BD8C0}: [NameServer] 203.82.64.129 203.82.64.145
Tcpip\..\Interfaces\{134E4E97-BD2D-4C4A-AF58-70CB52C01915}: [DhcpNameServer] 165.21.83.88 165.21.100.88
Tcpip\..\Interfaces\{BC8D10A6-91D1-4FDD-935A-FC897726A1D0}: [DhcpNameServer] 1.9.1.9 202.188.0.133
Tcpip\..\Interfaces\{E07BEA6B-8011-47B0-98AF-11255C8D5608}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_0
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_0
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_0
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://malaysia.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://malaysia.msn.com/?ocid=iehp
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
SearchScopes: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000 -> {496DD270-C41B-462D-8796-942E5B2E3CC9} URL = hxxps://malaysia.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2014-06-18] (Internet Download Manager, Tonec Inc.)
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2012-03-21] (Yahoo! Inc.)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL [2011-05-13] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01] (Oracle Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2012-03-21] (Yahoo! Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C87A3AD5-DE8E-4a2e-BF7B-D6BCD419DED1} hxxp://www.envivio.tv/downloads/EnvivioTV/EnvivioTVAutomaticInstaller.exe
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://10.0.0.16/activex/AMC.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\maro\AppData\Roaming\Mozilla\Firefox\Profiles\tgygkjl1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-22] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-01] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-02-22] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [No File]
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @networksurveillance.com/camclictrl -> C:\Program Files\NetworkSurveillanceNP\npCamCliCtrl.dll [2012-11-14] ()
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-05-30] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3006858039-2870049685-1553520448-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\maro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3006858039-2870049685-1553520448-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\maro\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3006858039-2870049685-1553520448-1000: @talk.google.com/O1DPlugin -> C:\Users\maro\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3006858039-2870049685-1553520448-1000: @tools.google.com/Google Update;version=3 -> C:\Users\maro\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3006858039-2870049685-1553520448-1000: @tools.google.com/Google Update;version=9 -> C:\Users\maro\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3006858039-2870049685-1553520448-1000: facebook.com/fbDesktopPlugin -> C:\Users\maro\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF user.js: detected! => C:\Users\maro\AppData\Roaming\Mozilla\Firefox\Profiles\tgygkjl1.default\user.js [2013-06-24]
FF Plugin ProgramFiles/Appdata: C:\Users\maro\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\maro\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFF [2013-10-04] [not signed]
FF HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\maro\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\maro\AppData\Roaming\IDM\idmmzcc5 [2014-07-04] [not signed]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\maro\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\maro\AppData\Local\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\maro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\maro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\maro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\maro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\maro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Docs Offline) - C:\Users\maro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (IDM Integration Module) - C:\Users\maro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\maro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\maro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-06-04]
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
S3 Installer Service; C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{EDB188F5-D8E8-42EE-89E0-F212DA48CB81}\Installer\InstallerService.exe [125288 2013-11-14] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [45568 2014-04-28] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files\Dell\Dell Datasafe Online\NOBuAgent.exe [2075480 2010-08-26] (Dell, Inc.)
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [55808 2014-04-28] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB12OEM; c:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; c:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [137224 2011-06-15] (Symantec Corporation)
R2 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1695040 2012-02-17] (SoftThinks SAS)
R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe [1664744 2011-06-18] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe [280496 2011-06-18] (Symantec Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-28] (IDT, Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACTIVhidmini; C:\windows\System32\DRIVERS\ACTIVhidmini.sys [82176 2010-05-26] (Promethean Technologies Ltd)
R3 ActivHidSerMini; C:\windows\System32\DRIVERS\activhidsermini.sys [74752 2010-05-26] (Promethean Technologies Ltd)
R1 BHDrvx86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20151113.011\BHDrvx86.sys [1193032 2015-10-09] (Symantec Corporation)
S3 BTWAMPFL; C:\windows\System32\DRIVERS\btwampfl.sys [302120 2011-08-19] (Broadcom Corporation.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-18] (Symantec Corporation)
R1 ElRawDisk; C:\windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [125264 2015-11-18] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20151201.001\IDSvix86.sys [505048 2015-03-24] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MEI; C:\windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20151201.004\NAVENG.SYS [104440 2015-11-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20151201.004\NAVEX15.SYS [1647216 2015-11-11] (Symantec Corporation)
S3 NMgamingmsFltr; C:\windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
R2 NPF; C:\windows\System32\drivers\npf.sys [50704 2009-10-21] (CACE Technologies, Inc.)
R3 prmvmouse; C:\windows\System32\DRIVERS\activmouse.sys [6144 2010-05-26] (Promethean Technologies Ltd)
S3 ser2at; C:\windows\System32\DRIVERS\ser2at.sys [80896 2009-10-15] (ATEN)
S3 Ser2plx86; C:\windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
R1 SRTSP; C:\windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS [516216 2011-05-28] (Symantec Corporation)
R1 SRTSPX; C:\windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS [50168 2011-05-28] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys [23984 2011-06-18] (Symantec Corporation)
R0 SymDS; C:\windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS [340088 2011-05-03] (Symantec Corporation)
R0 SymEFA; C:\windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS [756856 2011-05-18] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [127096 2012-05-31] (Symantec Corporation)
R1 SymIRON; C:\windows\System32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS [136312 2011-05-11] (Symantec Corporation)
R1 SYMNETS; C:\windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMNETS.SYS [299640 2011-04-21] (Symantec Corporation)
R1 SysPlant; C:\windows\System32\Drivers\SysPlant.sys [92080 2012-05-31] (Symantec Corporation)
R1 Teefer2; C:\windows\System32\DRIVERS\Teefer.sys [50096 2011-05-21] (Symantec Corporation)
S3 tpfiltdev; C:\windows\System32\DRIVERS\tpfiltdev.sys [5632 2012-02-08] ()
S3 tpusbnet; C:\windows\System32\DRIVERS\tpusbnet.sys [129536 2011-12-08] (QUALCOMM Incorporated)
S3 tpusbser; C:\windows\System32\DRIVERS\tpusbser.sys [107776 2011-12-08] (QUALCOMM Incorporated)
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296192 2011-03-17] (Microsoft Corporation)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-02 12:14 - 2015-12-02 12:16 - 00034303 _____ C:\Users\maro\Desktop\FRST.txt
2015-12-02 12:10 - 2015-12-02 12:14 - 00000000 ____D C:\FRST
2015-12-02 12:09 - 2015-12-02 12:09 - 01721344 _____ (Farbar) C:\Users\maro\Desktop\FRST.exe
2015-12-01 12:10 - 2015-12-01 12:11 - 00004943 _____ C:\Users\maro\Downloads\Receipt Rental December.pdf
2015-12-01 11:10 - 2015-12-01 11:13 - 131201369 _____ C:\Users\maro\Downloads\Clash of clans - Town hall 9 (TH9) New best Farming base 2015 [The slit] Speed build.mp4
2015-12-01 10:08 - 2015-12-01 10:08 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-27 16:06 - 2015-11-27 16:06 - 00148346 _____ C:\Users\maro\Downloads\Printing.pdf
2015-11-26 13:15 - 2015-11-26 13:15 - 00004947 _____ C:\Users\maro\Downloads\Receipt duit kutu December.pdf
2015-11-18 11:45 - 2015-11-04 01:46 - 02386944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-18 10:31 - 2015-11-18 10:31 - 00000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-11 12:42 - 2015-11-04 05:51 - 00342728 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-11 12:42 - 2015-10-31 06:58 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-11 12:42 - 2015-10-31 06:47 - 00504832 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 12:42 - 2015-10-31 06:45 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-11 12:42 - 2015-10-31 06:39 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-11 12:42 - 2015-10-31 06:39 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-11 12:42 - 2015-10-31 06:36 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-11 12:42 - 2015-10-31 06:36 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-11 12:42 - 2015-10-31 06:36 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-11 12:42 - 2015-10-31 06:31 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-11 12:42 - 2015-10-31 06:28 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-11 12:42 - 2015-10-31 06:23 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 12:42 - 2015-10-31 06:17 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-11 12:42 - 2015-10-31 06:11 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-11 12:42 - 2015-10-31 06:10 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 12:42 - 2015-10-31 06:09 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-11 12:42 - 2015-10-31 06:09 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 12:42 - 2015-10-31 05:48 - 01311744 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 12:42 - 2015-10-31 05:46 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 12:41 - 2015-10-31 06:58 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-11 12:41 - 2015-10-31 06:52 - 20331520 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 12:41 - 2015-10-31 06:46 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-11 12:41 - 2015-10-31 06:45 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-11 12:41 - 2015-10-31 06:44 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-11 12:41 - 2015-10-31 06:42 - 02279936 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 12:41 - 2015-10-31 06:37 - 00480256 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-11 12:41 - 2015-10-31 06:36 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 12:41 - 2015-10-31 06:21 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-11 12:41 - 2015-10-31 06:19 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-11 12:41 - 2015-10-31 06:18 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-11 12:41 - 2015-10-31 06:16 - 04527616 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 12:41 - 2015-10-31 06:09 - 12854272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 12:41 - 2015-10-31 06:09 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-11 12:41 - 2015-10-31 05:51 - 02011136 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 10:47 - 2015-09-23 21:09 - 00371920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 10:47 - 2015-09-23 21:09 - 00251000 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 10:46 - 2015-10-21 01:46 - 02955776 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 10:46 - 2015-10-21 01:46 - 02061824 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 10:46 - 2015-10-21 01:46 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 10:46 - 2015-10-21 01:46 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 10:46 - 2015-10-21 01:46 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 10:46 - 2015-10-21 01:46 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-11 10:46 - 2015-10-21 01:46 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-11 10:46 - 2015-10-21 01:45 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 10:46 - 2015-10-21 01:45 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-11 10:46 - 2015-10-21 01:45 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 10:46 - 2015-10-21 01:45 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-11 10:46 - 2015-10-02 01:50 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-11 10:46 - 2015-10-02 01:50 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-11-11 10:40 - 2015-10-30 01:50 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-11 10:40 - 2015-10-30 01:49 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-11 10:40 - 2015-10-30 01:49 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-11 10:40 - 2015-10-30 01:49 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-11 10:38 - 2015-10-20 08:45 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 10:38 - 2015-10-14 00:31 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 10:38 - 2015-10-14 00:31 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 10:37 - 2015-10-20 08:52 - 03991488 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-11-11 10:37 - 2015-10-20 08:52 - 03935680 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 10:37 - 2015-10-20 08:52 - 00138176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 10:37 - 2015-10-20 08:52 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-11 10:37 - 2015-10-20 08:48 - 01308160 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00655360 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-11 10:37 - 2015-10-20 08:45 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-11 10:37 - 2015-10-20 08:45 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-11 10:37 - 2015-10-20 08:45 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-11 10:37 - 2015-10-20 08:44 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-11 10:37 - 2015-10-20 08:44 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-11 10:37 - 2015-10-20 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-11 10:37 - 2015-10-20 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-11 10:37 - 2015-10-20 08:35 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-11 10:37 - 2015-10-20 08:35 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-11 10:37 - 2015-10-20 07:29 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-11 10:37 - 2015-10-20 07:28 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 10:37 - 2015-10-20 07:28 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 10:37 - 2015-10-13 12:50 - 00712640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-11 00:43 - 2015-05-21 14:02 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2015-11-11 00:43 - 2015-05-21 14:02 - 00089984 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2015-11-10 23:56 - 2015-11-10 23:56 - 00001881 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-11-06 17:16 - 2015-11-06 17:16 - 00120329 _____ C:\Users\maro\Downloads\AirAsia Web Check-In.pdf
2015-11-06 17:14 - 2015-11-06 17:14 - 00119579 _____ C:\Users\maro\Downloads\eqah AirAsia Web Check-In.pdf
2015-11-06 17:11 - 2015-11-06 17:11 - 00112224 _____ C:\Users\maro\Downloads\maro AirAsia Web Check-In.pdf
2015-11-06 17:05 - 2015-11-06 17:05 - 00108054 _____ C:\Users\maro\Downloads\maro AA.pdf
2015-11-05 11:32 - 2015-11-05 11:32 - 00000000 ____D C:\Users\maro\AppData\Local\CEF
2015-11-05 10:42 - 2015-11-27 16:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-05 10:42 - 2015-11-05 10:42 - 00001979 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-05 10:42 - 2015-11-05 10:42 - 00000000 ____D C:\Program Files\Adobe
2015-11-04 00:12 - 2015-11-04 00:12 - 00000000 ____D C:\Users\maro\AppData\Local\Western Digital
2015-11-02 17:27 - 2015-11-02 17:29 - 00000000 ____D C:\Users\maro\Documents\Ansur
2015-11-02 17:24 - 2015-11-02 17:24 - 00002781 _____ C:\Users\Public\Desktop\ESA615 Mini Plug-In.lnk
2015-11-02 17:17 - 2015-11-12 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fluke
2015-11-02 17:17 - 2015-11-02 17:24 - 00000000 ____D C:\Program Files\Fluke
2015-11-02 17:17 - 2015-11-02 17:17 - 00002693 _____ C:\Users\Public\Desktop\Ansur.exe.lnk
2015-11-02 17:17 - 2015-11-02 17:17 - 00001906 _____ C:\Users\Public\Desktop\Ansur Test Library.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-02 12:15 - 2009-07-14 12:34 - 00030944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-02 12:15 - 2009-07-14 12:34 - 00030944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-02 12:13 - 2012-06-08 02:34 - 01028608 ___SH C:\Users\maro\Desktop\Thumbs.db
2015-12-02 12:11 - 2012-05-23 00:34 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-02 12:11 - 2009-07-14 10:37 - 00000000 ____D C:\windows
2015-12-02 12:09 - 2014-07-04 16:17 - 00000000 ____D C:\Users\maro\AppData\Roaming\IDM
2015-12-02 12:07 - 2012-05-30 00:25 - 00000000 ____D C:\Users\maro\AppData\Roaming\Skype
2015-12-02 11:33 - 2015-06-18 11:22 - 00000914 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000UA.job
2015-12-02 11:24 - 2012-05-29 19:57 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000UA.job
2015-12-02 11:21 - 2013-03-21 20:43 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 11:12 - 2014-06-16 17:12 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-02 10:53 - 2014-12-17 11:46 - 00000000 ___RD C:\Users\maro\Google Drive
2015-12-02 10:53 - 2014-01-03 11:56 - 00000000 ___RD C:\Users\maro\Dropbox
2015-12-02 10:53 - 2014-01-03 11:51 - 00000000 ____D C:\Users\maro\AppData\Roaming\Dropbox
2015-12-02 10:49 - 2012-05-23 01:25 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-12-02 10:49 - 2012-05-23 01:25 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-12-02 10:49 - 2012-05-23 01:12 - 00000000 ____D C:\Program Files\Dell DataSafe Local Backup
2015-12-02 10:48 - 2015-06-18 11:22 - 00000862 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000Core.job
2015-12-02 10:48 - 2013-03-21 20:43 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 10:48 - 2012-06-05 14:14 - 00000924 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000UA.job
2015-12-02 10:48 - 2012-06-05 14:14 - 00000902 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000Core.job
2015-12-02 10:48 - 2012-05-29 19:57 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000Core.job
2015-12-02 10:48 - 2009-07-14 12:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-01 12:00 - 2015-03-17 13:32 - 00000000 ____D C:\Users\maro\AppData\Roaming\MPC-HC
2015-12-01 10:18 - 2013-10-22 23:46 - 00000000 ____D C:\ProgramData\Oracle
2015-12-01 10:10 - 2012-05-29 23:44 - 00000000 ____D C:\Program Files\Java
2015-12-01 10:09 - 2014-04-21 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-01 10:08 - 2015-09-09 13:59 - 00000000 ____D C:\Users\maro\.oracle_jre_usage
2015-12-01 10:06 - 2015-10-28 22:36 - 00095840 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2015-11-27 16:41 - 2012-06-19 13:32 - 00000000 ____D C:\Users\maro\AppData\Roaming\DMCache
2015-11-27 15:28 - 2009-07-14 10:37 - 00000000 ____D C:\windows\inf
2015-11-26 20:23 - 2014-12-17 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-26 10:09 - 2012-05-23 00:55 - 00000000 ____D C:\ProgramData\Sonic
2015-11-24 11:26 - 2010-11-21 05:01 - 00006466 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-18 14:48 - 2009-07-14 10:37 - 00000000 ____D C:\windows\rescache
2015-11-18 13:36 - 2009-07-14 12:33 - 00502264 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-18 10:45 - 2012-07-04 17:19 - 00000000 ____D C:\Program Files\TeamViewer
2015-11-18 10:19 - 2012-05-23 03:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-13 01:16 - 2013-07-23 09:54 - 00000000 ____D C:\windows\system32\MRT
2015-11-13 01:15 - 2012-05-29 20:16 - 143250520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-12 10:39 - 2015-09-10 12:57 - 00000000 ___HD C:\$Windows.~BT
2015-11-12 10:39 - 2012-05-29 14:48 - 00000000 ____D C:\Users\maro\AppData\Local\SoftThinks
2015-11-12 09:49 - 2015-09-22 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-12 09:49 - 2015-09-15 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-11-12 09:49 - 2015-03-17 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-11-12 09:49 - 2014-12-17 11:53 - 00000000 ____D C:\windows\en
2015-11-12 09:49 - 2014-12-17 11:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-11-12 09:49 - 2014-10-10 10:50 - 00000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vidyo Desktop - (maro)
2015-11-12 09:49 - 2014-07-04 16:17 - 00000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-11-12 09:49 - 2014-07-04 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-11-12 09:49 - 2014-06-16 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-12 09:49 - 2013-12-25 12:27 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-12 09:49 - 2013-12-12 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-11-12 09:49 - 2013-11-14 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2015-11-12 09:49 - 2013-10-09 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-11-12 09:49 - 2013-10-09 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
2015-11-12 09:49 - 2013-09-09 11:34 - 00000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-11-12 09:49 - 2013-07-07 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LQD MetaTrader 4 Terminal
2015-11-12 09:49 - 2013-06-07 04:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-11-12 09:49 - 2013-05-15 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Foundry
2015-11-12 09:49 - 2013-04-04 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-11-12 09:49 - 2013-03-09 10:45 - 00000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2015-11-12 09:49 - 2012-12-29 05:33 - 00000000 ___HD C:\windows\system32\CanonIJ Uninstaller Information
2015-11-12 09:49 - 2012-12-29 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
2015-11-12 09:49 - 2012-12-27 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-11-12 09:49 - 2012-12-27 16:26 - 00000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-12 09:49 - 2012-12-27 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-12 09:49 - 2012-12-03 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-11-12 09:49 - 2012-11-02 01:13 - 00000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-12 09:49 - 2012-10-21 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-12 09:49 - 2012-09-14 01:02 - 00000000 ____D C:\Users\Guest
2015-11-12 09:49 - 2012-08-15 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2015-11-12 09:49 - 2012-08-11 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
2015-11-12 09:49 - 2012-07-26 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
2015-11-12 09:49 - 2012-07-24 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MicroDicom
2015-11-12 09:49 - 2012-07-18 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-11-12 09:49 - 2012-07-03 15:09 - 00000000 ____D C:\windows\system32\Dell
2015-11-12 09:49 - 2012-06-29 16:13 - 00000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-12 09:49 - 2012-06-15 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Client
2015-11-12 09:49 - 2012-06-15 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laerdal Debrief Viewer
2015-11-12 09:49 - 2012-06-15 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player Filter
2015-11-12 09:49 - 2012-06-15 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2015-11-12 09:49 - 2012-05-31 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2015-11-12 09:49 - 2012-05-31 12:55 - 00000000 ____D C:\windows\system32\appmgmt
2015-11-12 09:49 - 2012-05-30 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-12 09:49 - 2012-05-29 19:58 - 00000000 ____D C:\Users\maro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-12 09:49 - 2012-05-29 14:48 - 00000000 ____D C:\Users\maro
2015-11-12 09:49 - 2012-05-23 03:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-12 09:49 - 2012-05-23 03:18 - 00000000 ____D C:\windows\ShellNew
2015-11-12 09:49 - 2012-05-23 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2015-11-12 09:49 - 2012-05-23 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-12 09:49 - 2012-05-23 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe Online
2015-11-12 09:49 - 2012-05-23 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
2015-11-12 09:49 - 2012-05-23 00:35 - 00000000 ____D C:\Program Files\IDT
2015-11-12 09:49 - 2012-05-23 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-11-12 09:49 - 2012-05-23 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
2015-11-12 09:49 - 2009-07-14 12:52 - 00000000 ____D C:\windows\Downloaded Program Files
2015-11-12 09:49 - 2009-07-14 12:52 - 00000000 ____D C:\Program Files\MSBuild
2015-11-12 09:49 - 2009-07-14 10:37 - 00000000 __RSD C:\windows\Media
2015-11-12 09:49 - 2009-07-14 10:37 - 00000000 ____D C:\windows\system32\NDF
2015-11-12 09:49 - 2009-07-14 10:37 - 00000000 ____D C:\windows\system32\lv-LV
2015-11-12 09:49 - 2009-07-14 10:37 - 00000000 ____D C:\windows\system32\lt-LT
2015-11-12 09:49 - 2009-07-14 10:37 - 00000000 ____D C:\windows\system32\et-EE
2015-11-12 09:49 - 2009-07-14 10:37 - 00000000 ____D C:\windows\PolicyDefinitions
2015-11-12 09:49 - 2009-07-14 10:37 - 00000000 ____D C:\windows\LiveKernelReports
2015-11-12 09:49 - 2009-07-14 10:37 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-12 09:49 - 2009-07-14 10:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-11 17:46 - 2015-10-09 15:33 - 00017087 _____ C:\windows\diagerr.xml
2015-11-11 17:46 - 2015-10-09 15:33 - 00015243 _____ C:\windows\diagwrn.xml
2015-11-11 15:37 - 2009-07-14 10:37 - 00000000 ____D C:\windows\registration
2015-11-11 15:26 - 2011-02-24 19:16 - 00000000 ____D C:\windows\Panther
2015-11-11 00:56 - 2012-09-09 12:00 - 00000000 ____D C:\Users\maro\AppData\Local\ElevatedDiagnostics
2015-11-05 12:08 - 2012-08-15 15:13 - 00000000 ____D C:\Users\maro\AppData\Roaming\PhotoScape
2015-11-05 12:08 - 2012-07-04 17:23 - 00000000 ____D C:\Users\maro\AppData\Roaming\TeamViewer
2015-11-05 11:32 - 2014-06-15 18:39 - 00000000 ____D C:\Users\maro\AppData\Local\Adobe
2015-11-05 10:42 - 2012-05-29 23:54 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-11-05 10:41 - 2012-05-23 01:10 - 00000000 ____D C:\ProgramData\Adobe
2015-11-03 23:34 - 2012-06-19 13:32 - 00000000 ____D C:\Users\maro\Downloads\Compressed
2015-11-03 23:19 - 2012-06-19 13:32 - 00000000 ____D C:\Users\maro\Downloads\Video
2015-11-02 17:13 - 2012-06-18 22:28 - 00000000 ____D C:\Program Files\DIFX
2015-11-02 13:40 - 2012-12-23 22:06 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-02 13:30 - 2012-08-11 15:32 - 00000000 ____D C:\Program Files\Counter-Strike 1.6
2015-11-02 10:50 - 2015-03-17 10:37 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
 
==================== Files in the root of some directories =======
 
2014-11-14 10:31 - 2014-11-14 10:31 - 6000640 _____ () C:\Program Files\GUT524.tmp
2013-12-22 12:38 - 2013-12-22 12:39 - 4216840 _____ (Microsoft Corporation) C:\Program Files\Common Files\vcredist.exe
2012-06-14 15:00 - 2012-06-14 15:32 - 0165636 _____ () C:\Users\maro\AppData\Roaming\ICARE.LOG
2012-05-29 17:07 - 2012-05-29 17:07 - 0000000 _____ () C:\ProgramData\4268f1ffc3fae36eff2693871b421290_c
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\mpoqmd5c.dll
C:\Users\maro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwulzif.dll
C:\Users\maro\AppData\Local\Temp\DWH631C.exe
C:\Users\maro\AppData\Local\Temp\DWHE477.exe
C:\Users\maro\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\maro\AppData\Local\Temp\NOSEventMessages.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-26 20:59
 
==================== End of FRST.txt ============================
 
And the Addition
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015
Ran by maro (2015-12-02 12:18:09)
Running from C:\Users\maro\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2012-05-29 06:48:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3006858039-2870049685-1553520448-500 - Administrator - Disabled)
Guest (S-1-5-21-3006858039-2870049685-1553520448-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3006858039-2870049685-1553520448-1002 - Limited - Enabled)
maro (S-1-5-21-3006858039-2870049685-1553520448-1000 - Administrator - Enabled) => C:\Users\maro
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 17.1.1 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
ActivDriver x86 v5.5 (HKLM\...\{FB4291BF-594B-4AA9-883B-1E7509DCA092}) (Version: 5.5.37.4 - Promethean)
ActivInspire Core Resources (ENU) v1 (HKLM\...\{505493F5-D4C5-481D-B6BF-9718BADA7846}) (Version: 1.4.0 - Promethean)
ActivInspire Help (GBR) v1 (HKLM\...\{702E23DF-6424-4C5C-8FC9-1104FA777FA8}) (Version: 1.4.0 - Promethean)
ActivInspire HWR Resources (INT) v1 (HKLM\...\{782E1916-7A78-47F7-9AF3-2233B83026F2}) (Version: 1.3.0 - Promethean)
ActivInspire v1 (HKLM\...\{6332D268-FCEE-47A0-8AD6-6948E25AA786}) (Version: 1.6.50464 - Promethean)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced IP Scanner (HKLM\...\{7774E6AB-D658-40A2-B9FA-7136FA917BAE}) (Version: 2.2.224 - Famatech)
AMX IR Database (HKLM\...\AMX IR Database) (Version: 16 - AMX Corporation)
Ansur ESA615 Plug-In (HKLM\...\{37F7DE7D-1EF8-4423-8BA9-E2BF5AB13929}) (Version: 1.0.5 - Fluke Biomedical)
Ansur Executive (HKLM\...\{1B608966-AD18-43B6-A25C-330934317604}) (Version: 3.0.0 - Fluke Biomedical)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AXIS Camera Management 2.00 (HKLM\...\{89FB030B-05F9-4421-9D90-8FF2BBA70FE7}_is1) (Version: 2.00.040 - Axis Communications)
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
CamCliCtrl (HKLM\...\{A393C92E-46A9-49A2-A9D2-D7D34B5EA687}) (Version: 1.0.7114 - NetworkSurveillanceNP)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Canon Utilities Digital Photo Professional 3.11 (HKLM\...\Digital Photo Professional) (Version: 3.11.30.3 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.11.3.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.1.0.18 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.10.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6) (Version:  - )
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Online (HKLM\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DGX Configuration Software (HKLM\...\DGX Configuration Software) (Version:  - )
DIP Switch 2.0 (HKLM\...\DIP Switch 2.0) (Version: 2.0.0.15 - AMX Corporation)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dota 2 (HKLM\...\Steam App 570) (Version:  - )
Dropbox (HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
EclerNet Manager v2.14r21 (HKLM\...\EclerNet Manager_is1) (Version:  - Ecler)
EnvivioTV EnvivioTV-3-2-467 (HKLM\...\EnvivioTV-3.2) (Version: EnvivioTV-3-2-467 - Envivio, Inc.)
EnvivioTV EnvivioTV-QT-3-1-422 (HKLM\...\EnvivioTV for Quicktime-3.1) (Version: EnvivioTV-QT-3-1-422 - Envivio, Inc.)
EWSLauncherCore (Version: 4.06.0001 - HP) Hidden
EWSLauncherM775 (Version: 5.00.0001 - HP) Hidden
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
G4 Panel Preview (HKLM\...\G4 Panel Preview) (Version: 2.0.0.63 - AMX Corporation)
Google Chrome (HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
HP FWUpdateEDO3 (HKLM\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP LaserJet Enterprise 700 color MFP M775 (HKLM\...\{ef8a0c24-ebe8-4e4b-8b5b-08c74601eea2}) (Version: 5.0.12240.391 - Hewlett-Packard)
HP LaserJet Professional CM1410 Series (HKLM\...\{0EF0EA0D-F945-4958-85CC-60FF1E86D216}) (Version:  - Hewlett-Packard)
HP LJ CM1410 MFP Series HP Scan (HKLM\...\{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HP Toner Cartridge Authentication (HKLM\...\HP Toner Cartridge Authentication) (Version: 1.1.2307.3939 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDXP (Version: 3.0.26.10 - HP) Hidden
HPLaserJetHelp_LearnCenter (HKLM\...\{22FE3793-5961-4ADE-AE66-69D9291C22B1}) (Version: 1.03.0000 - Hewlett-Packard)
HPLJEnterprise700colorMFPM775 (HKLM\...\{2974A020-4AE3-4744-B299-50FEA7CDF2AB}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUT (Version: 1.00.0012 - HP) Hidden
HPOARInstall (Version: 1.00.0000 - Hewlett Packard) Hidden
hppCM1410LaserJetService (Version: 001.008.00477 - Hewlett-Packard) Hidden
hppFaxDrvCM1410 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM1410 (Version: 000.002.00001 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 002.015.00599 - Hewlett-Packard) Hidden
hppSendFaxCM1410 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXCM1410 (Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (Version: 006.015.01163 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IREdit (HKLM\...\IREdit) (Version:  - )
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 11.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
Laerdal Debrief Viewer (HKLM\...\Debrief Viewer) (Version: 2.1.1.455 - Laerdal Medical)
LJDXPHelperUI (Version: 020.021.004 - HP) Hidden
LQD MetaTrader 4 Terminal (HKLM\...\LQD MetaTrader 4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marketsplash Shortcuts (HKLM\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
Max Payne 3 (HKLM\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
Mediasite Desktop Recorder (HKLM\...\{8853304E-97AE-4C3B-A88A-6904EC878CD0}) (Version: 1.3.0 - Sonic Foundry)
MicroDicom 0.7.1 (HKLM\...\MicroDicom) (Version: 0.7.1 - MicroDicom)
Microsoft .NET Compact Framework 3.5 (HKLM\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft CAPICOM 2.1.0.2 SDK (HKLM\...\{2FF43F5D-5729-4E02-A548-310E30A5F29B}) (Version: 2.1.0.2 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5763 - Mozilla)
Mozilla Thunderbird 42.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\MyFreeCodec) (Version:  - )
NetLinx Diagnostics 1.0 (HKLM\...\NetLinx Diagnostics 1.0) (Version: 1.0.0.3 - AMX Corporation)
NetLinx Studio (HKLM\...\NetLinx Studio 2) (Version: 3.3.0.525 - AMX LLC)
Network Camera View 4S (HKLM\...\{8A27C0FE-87C7-4169-BF5A-05BF94F70A54}) (Version: 4.16.03 - Panasonic System Networks Co.,Ltd.)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (Version: 3.8.48.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden
QuickSet32 (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
SIMPL+ Cross Compiler (HKLM\...\{FB97A745-D1E6-435D-B942-264E94F89938}) (Version: 1.3 - Crestron Electronics Inc.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Switch Sound File Converter (HKLM\...\Switch) (Version: 4.52 - NCH Software)
Symantec Endpoint Protection (HKLM\...\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}) (Version: 12.1.671.4971 - Symantec Corporation)
Symetrix Automix Matrix 780 v1.0 (HKLM\...\InstallShield_{F943D49F-FE3F-49AB-831B-D256CEB51373}) (Version: 1.0.1.27 - Symetrix, Inc.)
Symetrix Automix Matrix 780 v1.0 (Version: 1.0.1.27 - Symetrix, Inc.) Hidden
SymNet Designer 10.0 (HKLM\...\{96858F20-7E61-4B98-90B3-CF8536102502}) (Version:  - )
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Tom Clancy's Ghost Recon Future Soldier (HKLM\...\{6D87CAD9-9B94-4421-A439-B25F8DE14575}) (Version: 1.00 - Ubisoft)
TPDesign4 (HKLM\...\TPDesign4) (Version: 3.2.0.661 - AMX Corporation)
TP-LINK 3G Client (HKLM\...\{3B9617DC-074C-44A6-A906-FC4CFA954404}) (Version: 1.0 - TP-LINK)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UC232A_Win 7_32bit (HKLM\...\{680FF7B7-9645-48D3-9DCA-B8C756CC9E35}) (Version: 1.0.078 - Aten International Co., Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoClient (HKLM\...\{15B93F4C-C7C9-40B8-ACFE-AE77D37F7C2A}) (Version: 1.2 - Laerdal Medical)
VideoClient (Version: 1.2 - Laerdal Medical) Hidden
Vidyo Desktop 3.0.4 - (maro) (HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\...\Vidyo Desktop) (Version: 3.0.4 - Vidyo Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/27/2014 2.10.00) (HKLM\...\A360E2EA788FFC586113AFE1F2AABF01EBE7A248) (Version: 01/27/2014 2.10.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/27/2014 2.10.00) (HKLM\...\42F5D8399C4B7EB9005D88E9045ABB1A715CD59A) (Version: 01/27/2014 2.10.00 - FTDI)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Filter v4.6.0.5 (HKLM\...\Windows Media Player Filter_is1) (Version:  - )
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\maro\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{04FE3112-DB93-424D-B958-5E709395693F}\InprocServer32 -> C:\Users\maro\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\maro\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\maro\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\maro\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\maro\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\maro\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{33156164-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{33156168-81D6-11D3-8006-00C04FA30A73}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\maro\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{505C2E67-8615-4CA9-9B57-48CF6EE696FD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\maro\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\maro\AppData\Local\Google\Chrome\Application\46.0.2490.86\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\maro\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{6A2E0670-28E4-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{720D4AC0-7533-11D0-A5D6-28DB04C10000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\maro\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\maro\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{8D52AA2E-40BE-46D7-8F36-DB7B0F636824}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{8E849609-C7E8-4EC7-8BD3-D55E871A340D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\maro\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{AB37E6C0-194D-4C33-A924-5178414DEB98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{AB406AAC-2B2B-11D3-B36B-00C04F6108FF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\maro\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\maro\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{C1AB3D89-6973-45A6-AA44-09CEBBF872E5}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{C3043B13-E649-436A-9CE7-8DA8CB0BF7C8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\maro\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\maro\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\maro\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{C6E13344-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{C6E13360-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{C6E13370-30AC-11D0-A18C-00A0C9118956}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\maro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\maro\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{DF0AD8E0-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{DF0AD8E1-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{DF0AD8E3-F91C-4109-AE46-1EAA5CD8AB08}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{E297AB5E-40B0-41BD-9E06-E4144084EE5F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{E30629D2-27E5-11CE-875D-00608CB78066}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\maro\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\maro\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\maro\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3006858039-2870049685-1553520448-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\maro\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
18-11-2015 11:39:07 Windows Update
18-11-2015 12:38:07 Windows Update
24-11-2015 10:39:19 Windows Update
01-12-2015 10:04:07 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03659465-85E6-43E5-98DA-41D60AAB5900} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000Core => C:\Users\maro\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {0795EA05-3C73-4CC2-AC25-8FCED074F8B4} - System32\Tasks\{1E09F99A-BA27-43E5-8C29-74B627D7CCC1} => pcalua.exe -a "C:\Users\maro\Desktop\Client Viewer setup.exe" -d C:\Users\maro\Desktop
Task: {16F4B410-5427-42C6-9891-6E8706E17BAB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000Core => C:\Users\maro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {1A6BE387-4EB8-405C-983A-0EBFE15D356B} - System32\Tasks\{A1E6DB94-A1BA-4E22-87E1-70B0EE3ACB2B} => C:\Users\maro\Downloads\Compressed\LiveJasmin Hacker - August\Ljasmin Adder.exe
Task: {2BD05BA6-988D-4BD3-A9CD-9A39F80AF524} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {39ACF565-BB7C-40C4-9EC0-E67DC79E5E7A} - System32\Tasks\{263CBDD6-82C5-4CDF-8DED-654488ACFB21} => C:\Program Files\Activ Software\Inspire\Inspire.exe [2012-03-16] ()
Task: {3A17019F-98A8-4B2A-AFBE-104B077001A2} - System32\Tasks\{3E8DEE10-D9EE-4505-94C5-6EAFD94B71D5} => C:\Users\maro\Downloads\Compressed\LiveJasmin Hacker - August\Ljasmin Adder.exe
Task: {3A4D2F0A-001A-438C-A107-5674333CCC7C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {404B28A9-130E-4829-9B6F-DEC1C067D95C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {4303B0DA-081B-427E-8AAC-CCE82D0209EE} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {5A18FE72-90CB-4FD9-BDD3-30191ED71E5B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000UA => C:\Users\maro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {5C46A595-6A00-473A-BE4F-003F026DB8D3} - System32\Tasks\{769C409D-68B2-4B8C-859C-F7DDDDF26719} => pcalua.exe -a "C:\Program Files\AMX Control Disc\IREdit\UNWISE.EXE" -c /u "C:\Program Files\AMX Control Disc\IREdit\INSTALL.LOG"
Task: {6AEE35F5-6FAA-48BF-B5EA-D6BA544DBEDA} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-04-16] ()
Task: {70FB62EF-9387-42E0-9C4D-A873228732AB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000UA => C:\Users\maro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-26] (Facebook Inc.)
Task: {75464283-34CC-4AD5-81FD-3BC6A9A27F50} - System32\Tasks\{8D6D85C4-4CE0-4561-93FA-5EA7AA05646B} => Chrome.exe hxxp://ui.skype.com/ui/0/7.7.0.103.320/en/go/help.faq.installer?LastError=1618
Task: {757200FD-B64E-488D-8B7D-6F19BA1DAF3F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {77767006-8410-4805-8E38-806D898D9899} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {9477E2DF-DEB2-4DF8-A826-CC546210D676} - System32\Tasks\{44245587-F78A-46E1-BE09-2309CF6269EA} => Chrome.exe hxxp://ui.skype.com/ui/0/5.9.0.115/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {9F54B95F-5096-4803-AE61-E9B3AC5B616D} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {A2AE39C7-7676-4D97-BBE1-C682A74A833B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000Core => C:\Users\maro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-26] (Facebook Inc.)
Task: {A676845D-5D88-4B49-878F-CF1101DFA772} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000UA => C:\Users\maro\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {AA25C97E-A051-43B8-A2C8-CD69A8B1E751} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-22] (Adobe Systems Incorporated)
Task: {B45A59A4-6F93-4A48-B929-56407836657C} - System32\Tasks\{DD51C4C4-527D-41E9-9625-B025E82AA33B} => C:\Users\maro\Downloads\Compressed\LiveJasmin Hacker - August\Ljasmin Adder.exe
Task: {B954DC41-02C2-47CD-ACA5-C43C82BF4B94} - System32\Tasks\{8F7777D8-AB53-4A5C-8E5B-3CFE88057624} => pcalua.exe -a C:\PROGRA~1\AUTOPA~1\DGXCON~1.0\UNINST~1.EXE
Task: {C62BE97A-F940-4298-9F06-DA50C81BE811} - System32\Tasks\{8017C006-8C99-4994-BD70-69A166999C3B} => pcalua.exe -a C:\Users\maro\Downloads\IREditSetup.exe -d C:\Users\maro\Downloads
Task: {C9FE1AC0-0F4D-4399-BA75-9F454D01BA48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {D3D4218A-E12A-468A-AA73-7235D7ED8587} - System32\Tasks\RunAsStdUser Task => C:\Users\maro\AppData\Local\RavenBleuSA\bin\1.0.13.0\RavenBleuSA.exe
Task: {D5571022-3BAD-4621-ADA9-9D4FC20F56E6} - System32\Tasks\{83D079EF-328C-4926-BB7B-F064A31CDA67} => pcalua.exe -a C:\Users\maro\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {D7AA3884-C044-4D7C-A394-821B4422936E} - System32\Tasks\{A3F2C72A-5C4B-4D5F-B605-CFBB609D4CC8} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.3.0.105&amp;LastError=0
Task: {D9E63307-D625-4140-8B30-B8F43A296FAE} - \0C8B663C-680C-4CB7-BA20-A9CAC82116C7 -> No File <==== ATTENTION
Task: {E2334CFE-45AF-478F-AA83-BEAAAF71F5D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {EE231AFE-A6C7-43AE-BB4A-AF03BA893C3B} - System32\Tasks\{459EE62C-8B01-40EC-ACCE-15192FE1B3F8} => pcalua.exe -a C:\Users\maro\Downloads\Programs\Ansur_ESA615_Plug-In_v1.0.5.exe -d C:\Users\maro\AppData\Roaming\IDM
Task: {EECA91C4-A074-4390-B454-1342D0805C0F} - System32\Tasks\{69881C34-992A-46BC-A536-3CCB76479E2F} => pcalua.exe -a C:\Users\maro\Downloads\IREditSystemFiles.exe
Task: {F68BD7DB-6FEF-4D45-B379-DA90699ADB68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-20] (Piriform Ltd)
Task: {F7F93A8A-A911-41DA-8DA9-1A544C96EE69} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {FC1E3046-6188-48A1-852E-7C80DF9AA225} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {FD932C87-675F-4B41-A738-4F776EC37F8F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-15] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000Core.job => C:\Users\maro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000UA.job => C:\Users\maro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000Core.job => C:\Users\maro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000UA.job => C:\Users\maro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000Core.job => C:\Users\maro\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3006858039-2870049685-1553520448-1000UA.job => C:\Users\maro\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-05-23 01:12 - 2012-01-27 10:49 - 02751808 ____N () C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-05-23 03:02 - 2011-03-26 09:28 - 00094208 _____ () C:\windows\System32\IccLibDll.dll
2010-11-17 23:35 - 2010-11-17 23:35 - 00514544 _____ () C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-11-25 11:44 - 2010-11-25 11:44 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll
2010-10-25 14:36 - 2010-10-25 14:36 - 00119864 _____ () C:\Program Files\HP\ToolboxFX\bin\nativeutils.dll
2014-10-16 11:51 - 2014-10-16 11:51 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\427eb6a4b8ba6bd4e7adb1b6ce307380\IsdiInterop.ni.dll
2012-05-23 00:33 - 2011-01-13 06:56 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 08507232 _____ () C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02354016 _____ () C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01014624 _____ () C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00364384 _____ () C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02480992 _____ () C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01346912 _____ () C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00206176 _____ () C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02653024 _____ () C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00033120 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00035680 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00207200 _____ () C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 11166560 _____ () C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00276832 _____ () C:\Program Files\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files\Nokia\Nokia Suite\securestorage.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00438624 _____ () C:\Program Files\Nokia\Nokia Suite\NService.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00446304 _____ () C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00520544 _____ () C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00720736 _____ () C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00606560 _____ () C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00093024 _____ () C:\Program Files\Nokia\Nokia Suite\qjson.dll
2015-12-02 10:52 - 2015-12-02 10:52 - 00071168 _____ () c:\users\maro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwulzif.dll
2015-07-23 10:54 - 2015-09-03 08:11 - 00012800 _____ () C:\Users\maro\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-07-23 10:54 - 2015-09-03 08:11 - 00779776 _____ () C:\Users\maro\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 14:53 - 2015-09-03 08:11 - 00056320 _____ () C:\Users\maro\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-23 10:54 - 2015-09-03 08:11 - 00012288 _____ () C:\Users\maro\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-12-02 10:51 - 2015-12-02 10:51 - 00098816 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32api.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00110080 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\pywintypes27.dll
2015-12-02 10:51 - 2015-12-02 10:51 - 00364544 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\pythoncom27.dll
2015-12-02 10:51 - 2015-12-02 10:51 - 00046080 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\_socket.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 01208320 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\_ssl.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00320512 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32com.shell.shell.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00776704 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\_hashlib.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 01176576 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\wx._core_.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00806400 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\wx._gdi_.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00816128 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\wx._windows_.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 01067008 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\wx._controls_.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00733184 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\wx._misc_.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00682496 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\pysqlite2._sqlite.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00088064 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\_ctypes.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00119808 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32file.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00108544 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32security.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00007168 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\hashobjs_ext.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00017920 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\thumbnails_ext.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00079360 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\usb_ext.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00167936 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32gui.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00018432 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32event.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00128512 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\_elementtree.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00127488 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\pyexpat.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00013824 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\common.time34.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00036864 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\_psutil_windows.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00038912 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32inet.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00525640 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\windows._lib_cacheinvalidation.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00011264 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32crypt.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00077312 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\wx._html2.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00027136 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\_multiprocessing.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00020480 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\_yappi.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00035840 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32process.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00686080 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\unicodedata.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00123392 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\wx._wizard.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00024064 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32pipe.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00010240 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\select.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00025600 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32pdh.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00017408 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32profile.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00022528 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\win32ts.pyd
2015-12-02 10:51 - 2015-12-02 10:51 - 00078848 _____ () C:\Users\maro\AppData\Local\Temp\_MEI14282\wx._animate.pyd
2015-11-12 11:07 - 2015-11-07 12:36 - 01532744 _____ () C:\Users\maro\AppData\Local\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-12 11:07 - 2015-11-07 12:36 - 00081224 _____ () C:\Users\maro\AppData\Local\Google\Chrome\Application\46.0.2490.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:C76EDAC3
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3006858039-2870049685-1553520448-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\maro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ActivControl => C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B755DAE7-AEA1-4930-B13A-59AE9202429E}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{3488C7B0-E83F-4FD6-93AF-5768FF416191}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{26D0C32C-4860-4704-8590-F5057E3374E7}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BFDF5137-6CDD-49C1-A4C9-7B21DE782D5F}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{595317BE-2DE4-44FB-A294-6DC0E9A030A9}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
FirewallRules: [{20F0795E-B785-42B4-9290-53BA418B9014}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
FirewallRules: [{F72B5234-9543-4176-AF94-D8740756C03C}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe
FirewallRules: [{57A21BD7-F488-402C-A42D-F0176D674A4B}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe
FirewallRules: [{262BA1CA-FDDE-4A0C-BED7-87575BF2EB8C}] => (Allow) LPort=61117
FirewallRules: [{3735ACF0-B7C4-422F-B0D1-083278FF2C76}] => (Allow) LPort=61116
FirewallRules: [{9151F5C3-B361-4CB8-B2FB-040F2F300099}] => (Allow) C:\Program Files\Laerdal Medical\Laerdal Debrief Viewer\LaerdalDebriefViewer.exe
FirewallRules: [{4C2A05B9-C3D9-4AA7-92FF-47937D639E6C}] => (Allow) C:\Program Files\Laerdal Medical\Laerdal Debrief Viewer\LaerdalDebriefViewer.exe
FirewallRules: [{B034CA88-E785-47C2-BE16-5B2F33F373A4}] => (Allow) C:\Program Files\Laerdal Medical\VideoClient\LaerdalVideoClient.exe
FirewallRules: [{40E82F17-9B80-47C2-BCC4-73BEFA021803}] => (Allow) C:\Program Files\Laerdal Medical\VideoClient\LaerdalVideoClient.exe
FirewallRules: [{BFE94B6D-4B6E-47F5-A343-7363CBA746A6}] => (Allow) C:\Program Files\Laerdal Medical\VideoClient\LaerdalVideoClient.exe
FirewallRules: [{CB138928-79CE-4E7F-A73A-A73894305C9C}] => (Allow) C:\Program Files\Laerdal Medical\VideoClient\LaerdalVideoClient.exe
FirewallRules: [{1C5B3917-028B-499B-A1C4-1DEFD9FFCB74}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{1E5A9CB1-0D37-4F4E-BC09-B348AEDDD584}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{059938F2-588F-4233-A40B-ADC6D3266AD4}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{A3ACD66E-3518-4B21-889D-F3A7D2B3A225}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{9FC0ABA1-E842-430E-A6AD-620FDC08BCC4}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{9DADFE71-9E96-498E-8D40-DA53417D02D9}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{0B9ABC1D-D3B8-4A51-9926-ED8D2935686F}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{AB64514B-0783-4C7F-B872-F621E3CE0388}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F3FE27CB-8D84-4B60-B504-0B0BEEC07267}] => (Allow) C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5496D446-5C3A-48BC-8717-5491A8A08326}] => (Allow) C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E2115C96-59A5-4FD0-B57B-B907062F9071}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{DA47B80A-A92E-4140-ACBB-840AD0F2E71A}] => (Allow) C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FAA09FBD-0DE6-43DB-B209-64B0E722F438}] => (Allow) C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{216E8C57-241D-4E98-8282-6883B1EF2394}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{657E40B4-3E35-48FF-9355-A4811E95FDD2}] => (Allow) C:\Users\maro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{380A6B9E-D2DC-450C-9A10-95280B15AD9B}] => (Allow) C:\Users\maro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{DD8FDCA1-D6A4-4FC5-B55B-651149D1E793}] => (Allow) C:\Users\maro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{C76CCBC0-D132-45DF-ACAB-3D3B3A33CEFF}] => (Allow) C:\Users\maro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{2DA01B5D-3E90-4109-AE20-63EEA4ECB7CB}] => (Allow) C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{30A63EDB-3DED-450F-94A1-CE3C6AC12644}] => (Allow) C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{7022DBFE-8B11-4962-A0D8-5AFEA58F3C20}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{0AAFC04A-3893-47C3-9BD5-CCE3C98F0A29}] => (Allow) C:\Users\maro\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{22FB2D5E-84FB-4306-A995-FC190DCCDF96}] => (Allow) C:\Users\maro\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6C7642E9-E400-4720-A36C-9F63AED67CDB}] => (Allow) C:\Users\maro\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{927787EB-7721-4F07-A91D-DEE32AEF6E3A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{614EB5CB-5490-4677-97E7-502072C720D4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{AAB457B3-C0CB-4442-BA06-8D2D757C3E0E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{53BEE28D-5D5F-4DA5-99CC-FB485ECCE08E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2820790B-EA8E-49D8-B593-2579A4290937}] => (Allow) C:\Users\maro\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2731673B-3DCB-4D03-8E9B-C16CB0724489}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BEE0CF25-C29A-4E83-9DA1-83BB63EA9050}] => (Allow) LPort=2869
FirewallRules: [{F9617915-CE38-45AB-8CFF-59E42B25EC77}] => (Allow) LPort=1900
FirewallRules: [{734FE775-90B6-48CB-90FF-4413C318F783}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{387E96B5-1B22-4120-8D5E-A3FB01258819}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{C424E415-2489-41D4-9287-FBCE98C33A43}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{05777D12-7D04-4858-AFF3-D9902A0F91F4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{1904AD5C-58EB-47B6-B617-78B68409CA22}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{AA8F5618-38FE-4453-AA5B-19A2C4718545}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3377DB95-8DF2-48EA-A55A-E4A3847E2177}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6E2173B3-03E0-4969-A611-54BEC063D711}] => (Allow) C:\Users\maro\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2015 00:21:05 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\maro\AppData\Local\Temp\dwhf95e.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/02/2015 00:19:57 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\maro\AppData\Local\Temp\dwhf950.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/02/2015 00:19:08 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\maro\AppData\Local\Temp\dwhf94a.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/02/2015 00:18:14 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan Horse in File: C:\Users\maro\AppData\Local\Temp\dwhf90f.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/02/2015 00:17:33 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\maro\AppData\Local\Temp\dwhf8ba.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/02/2015 00:16:48 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\maro\AppData\Local\Temp\dwhf8ae.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/02/2015 00:16:04 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\maro\AppData\Local\Temp\dwhf872.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/02/2015 00:15:05 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\maro\AppData\Local\Temp\dwhf86e.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/02/2015 00:12:20 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\maro\AppData\Local\Temp\dwhf85a.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (12/02/2015 00:11:20 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\maro\AppData\Local\Temp\dwhf843.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
 
System errors:
=============
Error: (12/02/2015 11:05:57 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/02/2015 11:04:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error: 
%%1053
 
Error: (12/02/2015 11:04:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
 
Error: (12/02/2015 11:03:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (12/02/2015 11:03:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
 
Error: (12/02/2015 11:01:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3059C9E6-9EDC-4C89-933E-C65623F8FD60}
 
Error: (12/02/2015 10:52:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
 
Error: (12/02/2015 10:52:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error: 
%%1053
 
Error: (12/02/2015 10:52:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.
 
Error: (12/02/2015 10:47:59 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:09:49 AM on ‎2/‎12/‎2015 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2015-12-02 12:22:03.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-02 12:05:58.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-02 11:09:03.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-02 10:48:23.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-01 17:10:07.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-01 16:51:13.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-01 16:41:06.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-01 16:13:25.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-01 15:45:56.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-01 13:36:43.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 73%
Total physical RAM: 3493.89 MB
Available physical RAM: 923.45 MB
Total Virtual: 6986.09 MB
Available Virtual: 3097.03 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:223.07 GB) (Free:76.27 GB) NTFS
Drive e: (DATAPART1) (Fixed) (Total:223.06 GB) (Free:199.37 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1624.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 54C7A100)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=223.1 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: ACB55F6D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

It's not a virus.  Symantec is chasing its own tail.  SEE: http://www.symantec....-cant-remove-it

 

This problem is fixed in Maintenance Patch 2 of Symantec Endpoint Protection Maintenance Release 4 (11.0.4202.75). You can apply this patch over Symantec Endpoint Protection MR4 or MR4 MP1.

Please refer to the product Download page to obtain the update: 
http://www.symantec....s.jsp?pid=54619

If you are unable to migrate up at this time, here are workarounds that should alleviate the issue. These are listed in order of preference.

  1. Disable rescanning of quarantine upon receipt of new virus definitions.
  2. Ensure no process or services (such as Windows Indexing Service for example) can access/monitor our files.
  3. Ensure that the %TEMP% folder is not open during the receipt of virus definitions and scanning of the quarantine.
  4. Restart in safe mode, deleting DWH files in the temporary folder, cleaning the quarantine folder.

If it is still running slow then:

 

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 

 


  • 0

#3
g33km4r0

g33km4r0

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

It's not a virus.  Symantec is chasing its own tail.  SEE: http://www.symantec....-cant-remove-it

 

This problem is fixed in Maintenance Patch 2 of Symantec Endpoint Protection Maintenance Release 4 (11.0.4202.75). You can apply this patch over Symantec Endpoint Protection MR4 or MR4 MP1.

Please refer to the product Download page to obtain the update: 
http://www.symantec....s.jsp?pid=54619

 

 

 

 

Thanks for the reply. I kinda lost at this patch part. The link that you gave would direct me straight to the patch?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP