TechSpot

Internet explorer running ads in background with no window open

By JulienR
Feb 24, 2015
  1. Hello,

    A week ago my computer started playing ad sounds randomly but I first couldn't see where it was coming from. I thought it was from a page I had opened but even with Firefox closed it kept on doing it. And it sounded like it would play only a portion of the ad, like a few seconds. Later I started seeing small ad windows and experiencing random redirections to commercial websites on Firefox. I also noticed I was using up a lot of internet data (it went up to 15 GB in a day). And finally I noticed internet explorer was open in task manager but I didn’t open open it and there was no window to be seen.

    I have Kaspersky AV and ran it with no results. I ran MBAM and it found a bunch of potentially unwanted program which I all removed. I also went through my program list, googled the ones that I din’t know and uninstalled a couple that were suspicious. After that, the random sounds and ads and redirections stopped, everything seemed to be OK.

    But, a couple of days ago I noticed high data usage again and checked task manager. Here it was again, internet explorer open with no visible window. There was none of the other symptoms though. I ran Kaspersky and MBAM again with no results. I also tried MBAM anti-rootkit with no luck. I installed NetWorx in order to try identifying what was using so much data. I found that avp.exe was using a lot but I later read that this was actually Kaspersky and that some programs would connect to the internet via Kaspersky hence the high data usage. Internet explorer does not use much data, if at all. I can’t end the task from the application tab in the task manager but I can end the processes in the processes tab and the internet explorer disappears from the task tab then. However, it comes back after a while.

    So after desperate hours of search for a solution I found your website. Below are the logs for MBAM and DSS. I posted two logs for MBAM, the first one I got before I removed all the PUPs and a new one (clean). These were obtained while internet explorer is opened in task manager.

    Thank you for your help.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 15/02/2015
    Scan Time: 6:24:00 PM
    Logfile: MBAM log 150215.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.15.01
    Rootkit Database: v2015.02.03.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Reungoat

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 422887
    Time Elapsed: 19 min, 49 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2935964518-2361115088-2651154713-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, No Action By User, [685577a7ddada88ecc8b986f689ba759],
    PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2935964518-2361115088-2651154713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, No Action By User, [79440519eb9f21157ff5aa45d82c01ff],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-2935964518-2361115088-2651154713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, No Action By User, [6f4ee23cc4c687af61d6b6e216ed05fb],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 63
    PUP.Optional.Conduit.A, C:\Users\Reungoat\AppData\Roaming\uTorrent\ism.exe, No Action By User, [a11cea34fe8c9b9be4a4882758a98977],
    PUP.Optional.Amonetize.A, C:\$Recycle.Bin\S-1-5-21-2935964518-2361115088-2651154713-1000\$RPTMVC1.exe, No Action By User, [09b487979af083b388d374f7dc2415eb],
    PUP.Optional.SearchProtect.A, C:\Users\Reungoat\AppData\Local\Temp\SPSetup.exe, No Action By User, [a01d928cfe8c3402b986328212ef1de3],
    PUP.Optional.Conduit.A, C:\Users\Reungoat\AppData\Local\Temp\utt6643.tmp.exe, No Action By User, [10ad3ae4bdcd340250afc97a8081af51],
    PUP.Optional.SearchProtect.A, C:\Users\Reungoat\AppData\Local\Temp\nsd3D16.exe, No Action By User, [08b5e638e6a4c5713897b0a0e02102fe],
    PUP.Optional.Conduit.A, C:\Users\Reungoat\AppData\Local\Temp\nsnB3A9.exe, No Action By User, [ae0f8a94e3a759dd2002486225dc8b75],
    PUP.Optional.SearchProtect.A, C:\Users\Reungoat\AppData\Local\Temp\nsnF0D8.exe, No Action By User, [0bb2d34bff8bc670527dcb859c658779],
    PUP.Optional.SearchProtect.A, C:\Users\Reungoat\AppData\Local\Temp\nsnF349.exe, No Action By User, [e7d6c35b4d3dce68b01fce822dd4b749],
    PUP.Optional.SearchProtect.A, C:\Users\Reungoat\AppData\Local\Temp\nst3EFB.exe, No Action By User, [16a7e13d8efc40f64d822c243dc4da26],
    PUP.Optional.MyStartSearch.A, C:\Users\Reungoat\AppData\Local\Temp\awh1D7C.tmp, No Action By User, [10ad4fcf6b1f92a4d6229464887df60a],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc256E.exe, No Action By User, [8835f7275a309f979e313c146d9409f7],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc2F8D.exe, No Action By User, [04b9da44c9c1ca6cd2fdc38d877a50b0],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc3B6E.exe, No Action By User, [1aa3011d2a60b6804a85b7996a9703fd],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc430C.exe, No Action By User, [5865af6f7614eb4b755a222e5fa22cd4],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc4493.exe, No Action By User, [3b829c82bfcb76c0a52aafa113ee30d0],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc4609.exe, No Action By User, [8439d9455c2e5bdbf9d6b0a069984fb1],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscBDD7.exe, No Action By User, [e0dd99851b6f4de900cfd0801de4718f],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss910C.exe, No Action By User, [912c5fbf6b1f2e08715e38187988c43c],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss910D.exe, No Action By User, [cdf04fcf7a101e18e5eafc5461a0847c],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssA8D1.exe, No Action By User, [08b5a07e92f83bfbce01044cad549f61],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstE68C.exe, No Action By User, [437aea345139350124ab7bd517eaf60a],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw207E.exe, No Action By User, [00bd68b647432e08bb149bb5649d42be],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw207F.exe, No Action By User, [f8c58599503a8babd3fc76da07fab64a],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx4B18.exe, No Action By User, [635aed31f991a98d12bda3ad3dc42bd5],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx4B19.exe, No Action By User, [44794ad4becc2c0a1cb3a9a70100ba46],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx6202.exe, No Action By User, [4776a27c73172d096a65133d7b8637c9],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx65F8.exe, No Action By User, [87367ea08dfdc5715c7385cb60a115eb],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx73AD.exe, No Action By User, [2e8f3ee03456cf6727a8f85807fa18e8],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx8F1A.exe, No Action By User, [fcc12cf2f3973600943b4e02d22f2dd3],
    PUP.Optional.Conduit.A, C:\Windows\Temp\nsyC315.exe, No Action By User, [3a8371ad9af0f73f180a8d1d9b6617e9],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi1B71.exe, No Action By User, [e2db35e92a6059dd438cd27ecf32a15f],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiAC89.exe, No Action By User, [932adc425535a096e8e7014fc23f0ff1],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiD4A0.exe, No Action By User, [ead3c35b0b7f2d09f5daa1afe51ce21e],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiD4A1.exe, No Action By User, [6e4f22fc58323600745b7dd357aa5ea2],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiE69B.exe, No Action By User, [ecd179a5f6941026dcf37ed2ec15a060],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm2F7D.exe, No Action By User, [704d2fef93f765d1d8f75af60af7ff01],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm73BC.exe, No Action By User, [912c7ca209811e183996e070c041c63a],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm7F51.exe, No Action By User, [a419f42ae3a79f97daf586ca956cbc44],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmB761.exe, No Action By User, [655843dbc4c6e84e5a75d080c23fa45c],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss2E06.exe, No Action By User, [f4c9140a1872c86eca053b1550b18977],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmDA6A.exe, No Action By User, [378623fb7713c670438ce36de71a3dc3],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmF1E1.exe, No Action By User, [a21b76a8533747efb41b54fcfd04cf31],
    PUP.Optional.Conduit.A, C:\Windows\Temp\nsn321C.exe, No Action By User, [04b9c7570189310500226941907138c8],
    PUP.Optional.Conduit.A, C:\Windows\Temp\nsnA289.exe, No Action By User, [19a470aee2a86ccac260b7f3bf42956b],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr2149.exe, No Action By User, [b50850ce533744f2fbd49bb54fb2be42],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr30D3.exe, No Action By User, [29949d81d6b42e08814e68e8689940c0],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr4147.exe, No Action By User, [e7d68995602a73c3c807143cb34e916f],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr4675.exe, No Action By User, [4875a37bdfab9e98d5fade726a9745bb],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr4676.exe, No Action By User, [7e3f8d91aedce452e5ea85cb56ab659b],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr5120.exe, No Action By User, [308dad71088287af02cdd08010f1e61a],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr5479.exe, No Action By User, [6e4f8797f694e650755a3d136b964bb5],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr547A.exe, No Action By User, [546945d961299c9ab41b153b9f62f50b],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsrA44E.exe, No Action By User, [fac3f32ba7e33204f6d989c7f11002fe],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsrACD6.exe, No Action By User, [24990b13b5d5d561349bd878d9282bd5],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscDA7A.exe, No Action By User, [ecd172ac4446dc5af9d62a26b849d62a],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscF599.exe, No Action By User, [635ad747800ac76f7b54cd83d52ce21e],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscF71F.exe, No Action By User, [e5d863bba3e7989e23ac450b847d11ef],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd34EA.exe, No Action By User, [3885e638d7b353e3745bff51ed14dc24],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh8B14.exe, No Action By User, [cfeedb431971e3533a95ada3f90803fd],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh9965.exe, No Action By User, [318cf9255634f4421eb1b69a4eb38c74],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh9966.exe, No Action By User, [a8154ad4e8a293a3bf1070e0728fc63a],
    PUP.Optional.Conduit.A, C:\Windows\Temp\nsi13D2.exe, No Action By User, [d3ea0b132c5e1125cc56634757aa58a8],
    PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi1B70.exe, No Action By User, [dedf59c5f99196a06867e967946de020],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 24/02/2015
    Scan Time: 9:52:55 AM
    Logfile: MBAM log 240215.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.23.09
    Rootkit Database: v2015.02.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Reungoat

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 400515
    Time Elapsed: 9 min, 56 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
    Run by Reungoat at 16:20:53 on 2015-02-24
    Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8097.2777 [GMT 10:00]
    .
    AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Windows\SysWOW64\lkads.exe
    C:\Windows\system32\lxdncoms.exe
    C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
    C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
    C:\Windows\system32\o2flash.exe
    C:\Program Files (x86)\PDF Architect\HelperService.exe
    C:\Program Files (x86)\PDF Architect\ConversionService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\SysWOW64\lkcitdl.exe
    C:\Windows\SysWOW64\lktsrv.exe
    C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
    C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
    C:\Program Files\BOINC\boinctray.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\NetWorx\networx.exe
    C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
    C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Digital Line Detect\DLG.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe
    C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe
    C:\Users\Reungoat\AppData\Roaming\Spotify\spotify.exe
    C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    C:\Windows\System32\perfmon.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uSearch Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe,
    BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
    BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
    uRun: [Simple Sticky Notes] C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [Google Update] "C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
    uRun: [Spotify Web Helper] "C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    StartupFolder: C:\Users\Reungoat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Reungoat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTS~1.LNK - C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NIERRO~1.LNK - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: DisableCAD = dword:1
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{07F2CA96-10A6-4614-8BC8-76A37E6161B5} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{07F2CA96-10A6-4614-8BC8-76A37E6161B5}\75776457475727563702D41696E6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{07F2CA96-10A6-4614-8BC8-76A37E6161B5}\E4564734F6D6D60275962756C6563737 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{07F2CA96-10A6-4614-8BC8-76A37E6161B5}\E4564734F6D6D60275962756C65637370223835373 : DHCPNameServer = 192.168.20.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Authentication Packages = msv1_0 wvauth
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
    x64-Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
    x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Reungoat\AppData\Local\Hola\firefox\app\vlc\npvlc.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-10 20464]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2014-4-10 22128]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-6-6 29792]
    R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-6-6 178272]
    R1 networx;networx;C:\Windows\System32\drivers\networx.sys [2015-2-23 60408]
    R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]
    R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [2014-6-6 214512]
    R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-16 2280504]
    R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
    R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-12-31 451416]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-22 13632]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-22 189608]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-22 169432]
    R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
    R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2013-6-8 57696]
    R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2013-5-11 260976]
    R2 NISystemWebServer;NI System Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2013-6-8 57680]
    R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-1-9 1324104]
    R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-1-9 795208]
    R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-12-13 560528]
    R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-6 1679872]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-1-22 165688]
    R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-1-22 598808]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-12-10 39976]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2013-1-22 292864]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-1-22 176096]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-12-10 169752]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-12-10 342528]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-10 358896]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-10 792560]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-11-29 25528]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-6-6 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2014-6-6 29280]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-2-9 129752]
    R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2013-1-22 84712]
    R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_Accel.sys [2014-4-10 89312]
    R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\drivers\usb3Hub.sys [2012-11-29 47072]
    R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\drivers\xHCIPort.sys [2012-10-10 188896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
    S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-10-18 112496]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 ggflt;SOMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-11-2 16088]
    S3 ggsomc;SOMC USB Flash Driver;C:\Windows\System32\drivers\ggsomc.sys [2014-11-2 30424]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-11 114688]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-11-29 35256]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
    S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
    S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2013-1-22 72808]
    S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2013-1-22 74984]
    S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2009-11-3 19456]
    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-8-3 155824]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-1 1255736]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
    S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-17 198144]
    S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-7-25 115296]
    S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2013-6-8 81248]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2015-02-24 02:17:34 -------- d-----w- C:\Program Files (x86)\Common Files\OPC Foundation
    2015-02-24 02:16:04 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
    2015-02-24 02:15:43 -------- d-----w- C:\Program Files\National Instruments
    2015-02-24 02:13:23 -------- d-----w- C:\National Instruments Downloads
    2015-02-24 00:23:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-23 00:37:23 60408 ----a-w- C:\Windows\System32\drivers\networx.sys
    2015-02-23 00:37:21 -------- d-----w- C:\ProgramData\SoftPerfect
    2015-02-23 00:37:21 -------- d-----w- C:\Program Files\NetWorx
    2015-02-22 09:27:31 -------- d-----w- C:\Program Files\Microsoft Network Monitor 3
    2015-02-21 06:59:48 -------- d-----w- C:\ProgramData\SeriousBit
    2015-02-21 06:57:47 -------- d-----w- C:\Users\Reungoat\AppData\Local\Rainmaker_Software_Group_
    2015-02-21 06:57:02 -------- d-----w- C:\Users\Reungoat\AppData\Roaming\Rainmaker Software Group LLC.?
    2015-02-17 23:45:49 -------- d-----w- C:\Windows\pss
    2015-02-15 05:15:26 -------- d-----w- C:\Users\Reungoat\AppData\Roaming\ggcenzvn
    2015-02-12 02:04:21 -------- d-----w- C:\Users\Reungoat\AppData\Roaming\Uniblue
    2015-02-12 02:02:18 -------- d-----w- C:\Program Files (x86)\download Manager
    2015-02-11 23:01:55 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2015-02-11 23:01:55 6041600 ----a-w- C:\Windows\System32\jscript9.dll
    2015-02-11 23:01:55 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2015-02-11 23:01:54 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2015-02-11 04:56:14 -------- d-----w- C:\Users\Reungoat\.imagej
    2015-02-11 02:32:05 -------- d-----w- C:\Program Files (x86)\ImageJ
    2015-02-10 22:55:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2015-02-10 22:54:53 3201536 ----a-w- C:\Windows\System32\win32k.sys
    2015-02-10 00:56:12 -------- d-----w- C:\Users\Reungoat\AppData\Local\PDFCreator
    2015-02-09 00:08:59 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-02-09 00:08:45 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2015-02-09 00:08:45 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2015-02-09 00:08:45 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2015-02-09 00:08:45 -------- d-----w- C:\ProgramData\Malwarebytes
    2015-02-09 00:08:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-08 23:34:32 -------- d-----w- C:\Users\Reungoat\AppData\Roaming\pdfforge
    2015-02-08 23:34:26 114872 ----a-w- C:\Windows\System32\pdfcmon.dll
    2015-02-08 23:34:25 -------- d-----w- C:\Program Files\PDFCreator
    2015-01-31 04:15:11 -------- d-----w- C:\Program Files\iPod
    2015-01-31 04:15:11 -------- d-----w- C:\Program Files (x86)\iTunes
    2015-01-31 04:15:09 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-01-31 04:15:09 -------- d-----w- C:\Program Files\iTunes
    2015-01-28 06:10:31 -------- d-----w- C:\Users\Reungoat\AppData\Local\Diagnostics
    2015-01-27 06:32:35 -------- d-----w- C:\Users\Reungoat\AppData\Local\Spotify
    2015-01-27 06:31:25 -------- d-----w- C:\Users\Reungoat\AppData\Roaming\Spotify
    .
    ==================== Find3M ====================
    .
    2015-02-15 00:10:41 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2015-02-09 00:04:57 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-09 00:04:57 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-02-04 03:16:29 609280 ----a-w- C:\Windows\System32\generaltel.dll
    2015-02-04 03:16:20 762368 ----a-w- C:\Windows\System32\invagent.dll
    2015-02-04 03:16:16 414720 ----a-w- C:\Windows\System32\devinv.dll
    2015-02-04 03:16:14 894976 ----a-w- C:\Windows\System32\appraiser.dll
    2015-02-04 03:16:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
    2015-02-04 03:16:13 192000 ----a-w- C:\Windows\System32\aepic.dll
    2015-02-04 03:13:28 1098752 ----a-w- C:\Windows\System32\aeinv.dll
    2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
    2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
    2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
    2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
    2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
    2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
    2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
    2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
    2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
    2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
    2015-01-14 06:09:27 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2015-01-14 06:05:30 503808 ----a-w- C:\Windows\System32\srcore.dll
    2015-01-14 06:05:30 50176 ----a-w- C:\Windows\System32\srclient.dll
    2015-01-14 06:04:56 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2015-01-14 05:44:59 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2015-01-14 05:44:58 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2015-01-14 05:41:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2015-01-13 03:10:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
    2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
    2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
    2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
    2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
    2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
    2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
    2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
    2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
    2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
    2014-12-12 05:31:39 1480192 ----a-w- C:\Windows\System32\crypt32.dll
    2014-12-12 05:07:26 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
    2014-12-11 08:12:56 1120752 ----a-w- C:\Windows\boinc.scr
    2014-12-08 03:09:05 406528 ----a-w- C:\Windows\System32\scesrv.dll
    2014-12-08 02:46:05 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
    2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
    2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
    2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    .
    ============= FINISH: 16:21:27.91 ===============
     
    Last edited: Feb 24, 2015
  2. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 30/01/2013 12:28:32 PM
    System Uptime: 24/02/2015 12:20:35 PM (4 hours ago)
    .
    Motherboard: Dell Inc. | | 0JC5MT
    Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 153.512 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&01A7\8&40F87BD&0&A0E453A54C5D_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&01A7\8&40F87BD&0&A0E453A54C5D_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{232E51D8-91FF-4C24-AC0F-9EE055DA30A5}_VID&00020FCE_PID&01A7\8&40F87BD&0&A0E453A54C5D_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{232E51D8-91FF-4C24-AC0F-9EE055DA30A5}_VID&00020FCE_PID&01A7\8&40F87BD&0&A0E453A54C5D_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP243: 22/02/2015 9:01:30 PM - Scheduled Checkpoint
    RP244: 24/02/2015 10:11:44 AM - Manual
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 16 ActiveX
    Adobe Flash Player 16 NPAPI
    Adobe Photoshop Lightroom 5.3 64-bit
    Adobe Reader XI (11.0.10)
    Adobe Refresh Manager
    ANT Drivers Installer x64
    Apple Application Support (32-bit)
    Apple Application Support (64-bit)
    Apple Mobile Device Support
    Apple Software Update
    µTorrent
    BASF Sokalan RO Xpert 2013B1
    BioAPI Framework
    BOINC
    Bonjour
    Cisco AnyConnect Secure Mobility Client
    Cisco AnyConnect Secure Mobility Client
    Conexant HDA D330 MDC V.92 Modem
    Custom
    D3DX10
    Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
    Dell Backup and Recovery Manager
    Dell Command | Update
    Dell Custom Help
    Dell Data Protection | Access
    Dell Edoc Viewer
    Dell Feature Enhancement Pack
    Dell Touchpad
    Dell Webcam Central
    DellAccess
    Digital Line Detect
    Dropbox
    Elevated Installer
    EMBASSY Client Core
    Garmin Express
    Garmin Express Tray
    GIMP 2.8.4
    Google Drive
    Google Update Helper
    Hugin 2013.0.0
    IDT Audio
    ImageJ 1.48v
    IMSdesign
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Network Connections 16.8.45.00
    Intel(R) PRO/Wireless Driver
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel(R) WiDi
    Intel(R) Wireless Display
    Intel® PROSet/Wireless Software
    Intel® Trusted Connect Service Client
    iTunes
    iTunes Library Updater
    Java 8 Update 31
    Java Auto Updater
    Junk Mail filter update
    Kaspersky Anti-Virus
    Malwarebytes Anti-Malware version 2.0.4.1028
    Math Kernel Libraries
    Math Kernel Libraries (64-bit)
    Media Go
    Media Go Network Downloader
    Media Go Video Playback Engine 2.12.104.06300
    Membrane Master 4 version 1.16
    Mesh Runtime
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Network Monitor 3.4
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft Sync Framework 2.0 Core Components (x64) ENU
    Microsoft Sync Framework 2.0 Provider Services (x64) ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Modem Diagnostic Tool
    Mozilla Firefox 35.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Manager
    My Photo Box V3
    National Instruments Software
    NetWorx 5.3.3
    NI-Mesa
    NI-RPC 4.4.0f0
    NI-RPC 4.4.0f0 for 64 Bit Windows
    NI-RPC 4.4.0f0 for Phar Lap ETS
    NI ActiveX Container
    NI ActiveX Container (64-bit)
    NI Authentication 13.0.0
    NI Authentication 13.0.0 (64-bit)
    NI Curl 13.0.0
    NI Curl 13.0.0 (64-bit)
    NI DataSocket 5.1
    NI DataSocket 5.1 (64-bit)
    NI Error Reporting 2013
    NI Error Reporting Interface Installer 5.5
    NI Error Reporting Interface Installer 5.5 for Windows 64-bit
    NI EulaDepot
    NI GMP Windows 32-bit Installer 13.0.0
    NI GMP Windows 64-bit Installer 13.0.0
    NI Help Assistant 2.0
    NI Help Assistant 2.0 (64bit)
    NI LabVIEW 2012 Real-Time NBFifo
    NI LabVIEW 2013 Deployable License
    NI LabVIEW 2013 Deployment Framework
    NI LabVIEW 2013 Run-Time Engine Non-English Support.
    NI LabVIEW 2013 Run-Time Engine Web Server
    NI LabVIEW Run-Time Engine 2013
    NI LabVIEW Run-Time Engine Interop 2013
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
    NI Launcher
    NI License Manager
    NI Logos 5.5
    NI Logos 5.5 (64-bit)
    NI Logos XT Support
    NI Logos64 XT Support
    NI MDF Support
    NI mDNS Responder 2.2 for Windows 64-bit
    NI mDNS Responder 2.2.0
    NI Measurement Studio ComponentWorks 3D Graph
    NI Measurement Studio ComponentWorks UI
    NI MXS 5.5.0
    NI MXS 5.5.0 for 64 Bit Windows
    NI OPC Support
    NI OPCEnum Shared
    NI Security Update (KB 67L8LCQW)
    NI Security Update (KB 67L8LCQW) (64-bit)
    NI Service Locator 13.0
    NI SSL LabVIEW RTE 2013 Support
    NI SSL Support
    NI SSL Support (64-bit)
    NI System State Publisher
    NI System State Publisher (64-bit)
    NI System Web Server 13.0
    NI System Web Server Base 13.0.0
    NI System Web Server Base 13.0.0 (64-bit)
    NI TDM Streaming 2.5
    NI TDM Streaming 2.5 (64-bit)
    NI Trace Engine
    NI Trace Engine (64-bit)
    NI Uninstaller
    NI USI 2.0.1
    NI USI 2.0.1 64-Bit
    NI Variable Engine (64-bit)
    NI Variable Engine 2.6.0
    NI VC2008MSMs x64
    NI VC2008MSMs x86
    NI VC2010SP1MSMs x64
    NI VC2010SP1MSMs x86
    NI Web Application Server 13.0
    NI Web Application Server 13.0 (64-bit)
    NI Xerces Delay Load 2.7.3
    NI Xerces Delay Load 2.7.3 64-bit
    NTRU TCG Software Stack
    Oracle VM VirtualBox 4.3.12
    PC-CCID
    PDF Architect
    PDFCreator
    PermaCare - Global - RO12_6
    Phreeqc Interactive 3.1.1-8288
    Picasa 3
    Preboot Manager
    Private Information Manager
    QuickTime 7
    ROSA9
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Excel 2010 (KB2956081) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2956066) 32-Bit Edition
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
    SigmaPlot 12.5
    Simple Sticky Notes 2.5.1
    SketchUp 8
    Skype™ 7.0
    Sony Mobile Update Engine
    Sony PC Companion 2.10.245
    SPBA 5.9
    SportTracks 3.1
    Spotify
    ST Microelectronics 3 Axis Digital Accelerometer Solution
    SyncToy 2.1 (x64)
    ThePhotobookClub.com.au
    toolkit32for64bit
    TorayDS2
    Trusted Drive Manager
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2956054) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2956129) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
    Upek Touchchip Fingerprint Reader
    VLC media player
    Wave Crypto Runtime 2.0.7.0 x86
    Wave Infrastructure Installer
    Wave Support Software Installer
    WIDCOMM Bluetooth Software
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mobile Device Center
    Winflows 3.1.2
    Winflows 3.2.1
    WinRAR 5.00 (64-bit)
    Zotero Standalone 4.0.17 (x86 en-US)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    24/02/2015 3:26:19 PM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    24/02/2015 12:20:48 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    22/02/2015 7:35:56 PM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
    22/02/2015 7:33:26 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    22/02/2015 7:15:59 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    22/02/2015 1:20:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    22/02/2015 1:19:35 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    22/02/2015 1:18:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    22/02/2015 1:18:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    22/02/2015 1:18:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    22/02/2015 1:18:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    22/02/2015 1:18:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    22/02/2015 1:17:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
    22/02/2015 1:17:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF klpd kneps spldr VBoxDrv VBoxUSBMon Wanarpv6
    21/02/2015 6:34:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    21/02/2015 6:34:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    21/02/2015 5:10:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    21/02/2015 5:09:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    21/02/2015 5:09:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    21/02/2015 5:09:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache KLIF KLIM6 klpd kltdi kneps NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon vwififlt Wanarpv6 WfpLwf
    21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    21/02/2015 4:31:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    18/02/2015 9:45:49 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    17/02/2015 7:00:36 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  4. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    Thank you for the quick reply. Internet explorer was not running in task manager when I did the scans for the logs below.

    RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Reungoat [Administrator]
    Mode : Delete -- Date : 02/25/2015 10:47:50

    ¤¤¤ Processes : 11 ¤¤¤
    [Suspicious.Path] hadam3p_anz_6.10_windows_intelx86.exe(5100) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
    [Suspicious.Path] hadam3p_anz_6.10_windows_intelx86.exe(7524) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
    [Suspicious.Path] hadam3p_anz_6.10_windows_intelx86.exe(1420) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
    [Suspicious.Path] hadcm3s_7.24_windows_intelx86.exe(5636) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe[-] -> Killed [TermProc]
    [Suspicious.Path] hadcm3s_um_7.24_windows_intelx86.exe(3092) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe[-] -> Killed [TermProc]
    [Suspicious.Path] hadam3p_anz_um_6.10_windows_intelx86.exe(4484) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
    [Suspicious.Path] hadam3p_anz_um_6.10_windows_intelx86.exe(1940) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
    [Suspicious.Path] hadam3p_anz_um_6.10_windows_intelx86.exe(6540) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
    [Suspicious.Path] hadrm3p_anz_um_6.10_windows_intelx86.exe(1336) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
    [Suspicious.Path] hadrm3p_anz_um_6.10_windows_intelx86.exe(4812) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
    [Suspicious.Path] hadrm3p_anz_um_6.10_windows_intelx86.exe(4932) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]

    ¤¤¤ Registry : 8 ¤¤¤
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [7] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -> ERROR [2]
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST500LX003-1AC15G +++++
    --- User ---
    [MBR] 914d807f4f81919bc6c6205879d325df
    [BSP] c6f56563d6bb3d185dfde2c406ed89b5 : HP MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_02252015_104457.log

    Malwarebytes Anti-Rootkit BETA 1.09.1.1004
    www.malwarebytes.org

    Database version:
    main: v2015.02.25.01
    rootkit: v2015.02.22.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17633
    Reungoat :: REUNGOAT-PC [administrator]

    25/02/2015 10:52:12 AM
    mbar-log-2015-02-25 (10-52-12).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 412309
    Time elapsed: 12 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.1.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17633

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.591000 GHz
    Memory total: 8490545152, free: 3487232000

    Downloaded database version: v2015.02.25.01
    Downloaded database version: v2015.02.22.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    02/25/2015 10:51:56
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\kl1.sys
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\iusb3hcs.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\stdcfltn.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\PBADRV.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\networx.sys
    \SystemRoot\system32\DRIVERS\kltdi.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\klim6.sys
    \SystemRoot\system32\DRIVERS\nm3.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
    \SystemRoot\system32\DRIVERS\VBoxDrv.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\system32\DRIVERS\klpd.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\iusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
    \SystemRoot\system32\DRIVERS\e1c62x64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Netwsw00.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\klkbdflt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\klmouflt.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\ST_ACCEL.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\iwdbus.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\XHCIPort.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\iusb3hub.sys
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
    \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\usb3Hub.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\drivers\bcbtums.sys
    \??\C:\Windows\system32\drivers\btwampfl.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\DRIVERS\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\btwavdt.sys
    \SystemRoot\system32\drivers\btwaudio.sys
    \SystemRoot\system32\DRIVERS\btwl2cap.sys
    \SystemRoot\system32\DRIVERS\btwrchid.sys
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\CtClsFlt.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\o2sdjw7x64.sys
    \SystemRoot\system32\DRIVERS\XAudio64.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\advapi32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\wininet.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\psapi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\user32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\nsi.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2015.02.25.01
    rootkit: v2015.02.22.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8009a43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8009a43b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8009a43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007651cb0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
    DevicePointer: 0xfffffa800749c910, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80074a0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: AE1759B2

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920 Numsec = 25485312
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 25567232 Numsec = 951197696

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  5. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    ComboFix 15-02-16.01 - Reungoat 25/02/2015 11:40:18.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8097.4222 [GMT 10:00]
    Running from: c:\users\Reungoat\Desktop\ComboFix.exe
    AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ntuser.pol
    c:\programdata\Roaming
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-01-25 to 2015-02-25 )))))))))))))))))))))))))))))))
    .
    .
    2015-02-25 00:38 . 2015-02-25 00:41 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-02-25 00:38 . 2015-02-25 00:38 -------- d-----w- c:\programdata\RogueKiller
    2015-02-24 02:17 . 2015-02-24 02:17 -------- d-----w- c:\program files (x86)\Common Files\OPC Foundation
    2015-02-24 02:16 . 2015-02-24 02:17 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
    2015-02-24 02:15 . 2015-02-24 02:16 -------- d-----w- c:\program files\National Instruments
    2015-02-24 02:13 . 2015-02-24 02:13 -------- d-----w- C:\National Instruments Downloads
    2015-02-24 00:23 . 2015-02-25 01:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-02-23 00:37 . 2015-01-05 07:55 60408 ----a-w- c:\windows\system32\drivers\networx.sys
    2015-02-23 00:37 . 2015-02-23 00:37 -------- d-----w- c:\program files\NetWorx
    2015-02-23 00:37 . 2015-02-23 00:37 -------- d-----w- c:\programdata\SoftPerfect
    2015-02-22 09:27 . 2015-02-22 09:27 -------- d-----w- c:\program files\Microsoft Network Monitor 3
    2015-02-21 06:59 . 2015-02-21 06:59 -------- d-----w- c:\programdata\SeriousBit
    2015-02-21 06:57 . 2015-02-21 06:57 -------- d-----w- c:\users\Reungoat\AppData\Local\Rainmaker_Software_Group_
    2015-02-21 06:57 . 2015-02-21 06:57 -------- d-----w- c:\users\Reungoat\AppData\Roaming\Rainmaker Software Group LLC.?
    2015-02-18 23:06 . 2015-02-18 23:06 -------- d-----w- c:\users\Default\AppData\Roaming\Garmin
    2015-02-15 05:15 . 2015-02-15 05:15 -------- d-----w- c:\users\Reungoat\AppData\Roaming\ggcenzvn
    2015-02-15 00:11 . 2015-02-15 00:11 -------- d-----w- c:\program files (x86)\Common Files\Java
    2015-02-12 02:04 . 2015-02-12 02:04 -------- d-----w- c:\users\Reungoat\AppData\Roaming\Uniblue
    2015-02-12 02:02 . 2015-02-12 02:02 -------- d-----w- c:\program files (x86)\download Manager
    2015-02-11 23:01 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
    2015-02-11 23:01 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2015-02-11 23:01 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
    2015-02-11 23:01 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2015-02-11 04:56 . 2015-02-11 04:56 -------- d-----w- c:\users\Reungoat\.imagej
    2015-02-11 02:32 . 2015-02-11 04:25 -------- d-----w- c:\program files (x86)\ImageJ
    2015-02-10 22:55 . 2015-01-15 08:14 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2015-02-10 22:54 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
    2015-02-10 00:56 . 2015-02-10 00:56 -------- d-----w- c:\users\Reungoat\AppData\Local\PDFCreator
    2015-02-09 00:08 . 2015-02-25 00:51 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-09 00:08 . 2015-02-25 00:51 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-02-09 00:08 . 2015-02-09 00:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-02-09 00:08 . 2015-02-09 00:08 -------- d-----w- c:\programdata\Malwarebytes
    2015-02-09 00:08 . 2014-11-20 20:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-02-09 00:08 . 2014-11-20 20:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-02-08 23:34 . 2015-02-08 23:34 -------- d-----w- c:\users\Reungoat\AppData\Roaming\pdfforge
    2015-02-08 23:34 . 2015-01-22 06:14 114872 ----a-w- c:\windows\system32\pdfcmon.dll
    2015-02-08 23:34 . 2015-02-15 08:53 -------- d-----w- c:\program files\PDFCreator
    2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\program files (x86)\iTunes
    2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\program files\iPod
    2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\program files\iTunes
    2015-01-28 06:10 . 2015-02-23 23:18 -------- d-----w- c:\users\Reungoat\AppData\Local\Diagnostics
    2015-01-27 06:32 . 2015-02-25 01:22 -------- d-----w- c:\users\Reungoat\AppData\Local\Spotify
    2015-01-27 06:31 . 2015-02-25 01:36 -------- d-----w- c:\users\Reungoat\AppData\Roaming\Spotify
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-02-15 00:10 . 2014-11-03 22:39 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-02-11 11:59 . 2013-02-01 04:04 116773704 ----a-w- c:\windows\system32\MRT.exe
    2015-02-09 00:04 . 2013-01-22 07:29 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-09 00:04 . 2013-01-22 07:29 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-01-11 11:22 . 2015-01-11 11:22 493168 ----a-r- c:\users\Reungoat\AppData\Roaming\Microsoft\Installer\{84676CB3-965C-496F-AB81-EB148406E9D7}\BOINCManagerShortc_6E797A1C8FF24C29BF4BAD5AE09E4AB3.exe
    2015-01-11 11:22 . 2015-01-11 11:22 493168 ----a-r- c:\users\Reungoat\AppData\Roaming\Microsoft\Installer\{84676CB3-965C-496F-AB81-EB148406E9D7}\ARPPRODUCTICON.exe
    2014-12-19 03:06 . 2015-01-13 23:06 210432 ----a-w- c:\windows\system32\profsvc.dll
    2014-12-19 01:46 . 2015-01-13 23:06 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2014-12-11 17:47 . 2015-01-13 23:06 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2014-12-11 08:12 . 2014-12-11 08:12 1120752 ----a-w- c:\windows\boinc.scr
    2014-12-06 04:17 . 2015-01-13 23:06 303616 ----a-w- c:\windows\system32\nlasvc.dll
    2014-12-06 03:50 . 2015-01-13 23:06 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
    2014-12-06 03:50 . 2015-01-13 23:06 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Simple Sticky Notes"="c:\program files (x86)\Simnet\Simple Sticky Notes\ssn.exe" [2014-10-24 662384]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-01-15 23308256]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2014-12-11 9639920]
    "Spotify Web Helper"="c:\users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-27 1676344]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-23 292088]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-20 60712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-12-31 688984]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-16 507448]
    .
    c:\users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
    Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-16 507448]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2013-2-19 1393880]
    Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2013-1-22 50688]
    NI Error Reporting.lnk - c:\program files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2013-6-7 663896]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-16 507448]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
    R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
    R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
    R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys;c:\windows\SYSNATIVE\DRIVERS\nbdrv.sys [x]
    R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
    R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
    R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
    R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
    R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
    R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
    R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
    S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
    S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
    S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
    S1 networx;networx;c:\windows\system32\drivers\networx.sys;c:\windows\SYSNATIVE\drivers\networx.sys [x]
    S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
    S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
    S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
    S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
    S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
    S2 NISystemWebServer;NI System Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [x]
    S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
    S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
    S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
    S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
    S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
    S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
    S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
    S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-22 00:04]
    .
    2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28 00:27]
    .
    2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28 00:27]
    .
    2015-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job
    - c:\users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28 08:26]
    .
    2015-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job
    - c:\users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28 08:26]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-08-16 1703424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2014-06-03 442352]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-06-03 172016]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-06-03 399856]
    "DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2014-12-11 67056]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-07-08 708952]
    "NetWorx"="c:\program files\NetWorx\networx.exe" [2015-02-04 6638800]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    Trusted Zone: samsungsetup.com\www
    FF - ProfilePath - c:\users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.16"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    c:\windows\SysWOW64\lkads.exe
    c:\program files (x86)\National Instruments\MAX\nimxs.exe
    c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    c:\program files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
    c:\windows\system32\o2flash.exe
    c:\windows\SysWOW64\lkcitdl.exe
    c:\windows\SysWOW64\lktsrv.exe
    c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
    c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    **************************************************************************
    .
    Completion time: 2015-02-25 12:55:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-02-25 02:54
    .
    Pre-Run: 165,634,506,752 bytes free
    Post-Run: 167,861,338,112 bytes free
    .
    - - End Of File - - F86B13EC37EC28E9F59301142493F247
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  8. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    # AdwCleaner v4.111 - Logfile created 25/02/2015 at 14:54:04
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : Reungoat - REUNGOAT-PC
    # Running from : C:\Users\Reungoat\Desktop\adwcleaner_4.111.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\download Manager
    Folder Deleted : C:\Windows\SysWOW64\SearchProtect
    Folder Deleted : C:\Users\Reungoat\AppData\Local\pdfforge
    Folder Deleted : C:\Users\Reungoat\AppData\Local\Hola
    Folder Deleted : C:\Users\Reungoat\AppData\Roaming\pdfforge
    Folder Deleted : C:\Users\Reungoat\AppData\Roaming\Uniblue
    Folder Deleted : C:\Users\Reungoat\Documents\ProPCCleaner

    ***** [ Scheduled tasks ] *****

    Task Deleted : ProPCCleaner_Start
    Task Deleted : ProPCCleaner_Popup

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ProPCCleanerLanguage
    Key Deleted : HKCU\Software\ProPCCleanerConfig
    Key Deleted : HKLM\SOFTWARE\Uniblue

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v35.0.1 (x86 en-GB)


    *************************

    AdwCleaner[R0].txt - [2186 bytes] - [25/02/2015 14:47:18]
    AdwCleaner[S0].txt - [1887 bytes] - [25/02/2015 14:54:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1946 bytes] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Professional x64
    Ran by Reungoat on Wed 25/02/2015 at 15:00:14.38
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Reungoat\appdata\local\{4F5EAEC9-5713-4BF6-AFFD-5862DC7ECCE0}



    ~~~ FireFox

    Emptied folder: C:\Users\Reungoat\AppData\Roaming\mozilla\firefox\profiles\7r4gvv1o.default-1423976232471\minidumps [2 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 25/02/2015 at 15:03:04.11
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2015
    Ran by Reungoat (administrator) on REUNGOAT-PC on 25-02-2015 15:06:22
    Running from C:\Users\Reungoat\Desktop
    Loaded Profiles: Reungoat (Available profiles: Reungoat & Guest)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
    ( ) C:\Windows\System32\lxdncoms.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
    (O2Micro International) C:\Windows\System32\o2flash.exe
    (pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
    (pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
    (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
    (Simnet Ltd. ) C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
    (Spotify Ltd) C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Dropbox, Inc.) C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-09] (Dell Computer Corporation)
    HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-09] (Wave Systems Corp.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
    HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-16] (Dell Inc.)
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [67056 2014-12-11] (Space Sciences Laboratory)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-09] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6638800 2015-02-04] (SoftPerfect Research)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-31] (Intel Corporation)
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-17] (Creative Technology Ltd)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [Simple Sticky Notes] => C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe [662384 2014-10-25] (Simnet Ltd. )
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9639920 2014-12-11] (Space Sciences Laboratory)
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [Spotify Web Helper] => C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-27] (Spotify Ltd)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
    ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    Startup: C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
    ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000 -> {6014117C-9DB7-4581-AC82-08D337DDE4C0} URL =
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg.dll No File
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg32.dll No File
    BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg32.dll No File
    Winsock: Catalog5 11 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
    Winsock: Catalog5-x64 11 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @hola.org/vlc,version=1.6.654 -> C:\Users\Reungoat\AppData\Local\Hola\firefox\app\vlc No File
    FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll (National Instruments)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\googlefrweb.xml
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\googlemaps.xml
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-english-french.xml
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-english.xml
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-french-english.xml
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\youtube.xml
    FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
    FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-02-10]
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\FirefoxExtension
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
    FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-25]
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
    FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-25]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
    FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-25]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-06-06]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-06-06]
    CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-06-06]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-06-06] (Kaspersky Lab ZAO)
    R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-16] (Dell Inc.)
    R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-14] (Intel Corporation)
    R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
    R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
    R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
    R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
    R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-10] (National Instruments Corporation)
    R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
    S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
    R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
    S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
    R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
    R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation)
    R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
    R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [687944 2013-06-15] (National Instruments Corporation)
    R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-17] (O2Micro International)
    R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
    R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
    S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-09] () [File not signed]
    R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-06] (Wave Systems Corp.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-17] (Wave Systems Corp.) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-12-10] (Broadcom Corporation.)
    S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-11-02] (Sony Mobile Communications)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-06-06] (Kaspersky Lab ZAO)
    S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-06-06] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-06-06] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-06-06] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-06-06] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-06-06] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-06-06] (Kaspersky Lab ZAO)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-14] (Intel Corporation)
    R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2015-01-05] (NetFilterSDK.com)
    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [89312 2013-03-27] (STMicroelectronics)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-25] ()
    R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
    R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 Nbdrv; system32\DRIVERS\nbdrv.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  10. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-25 15:06 - 2015-02-25 15:06 - 00031847 _____ () C:\Users\Reungoat\Desktop\FRST.txt
    2015-02-25 15:06 - 2015-02-25 15:06 - 00000000 ____D () C:\FRST
    2015-02-25 15:03 - 2015-02-25 15:03 - 00001623 _____ () C:\Users\Reungoat\Desktop\JRT.txt
    2015-02-25 14:57 - 2015-02-25 14:57 - 00002026 _____ () C:\Users\Reungoat\Desktop\AdwCleaner[S0].txt
    2015-02-25 14:47 - 2015-02-25 14:54 - 00000000 ____D () C:\AdwCleaner
    2015-02-25 13:49 - 2015-02-25 13:49 - 02087424 _____ (Farbar) C:\Users\Reungoat\Desktop\FRST64.exe
    2015-02-25 13:48 - 2015-02-25 13:48 - 02126848 _____ () C:\Users\Reungoat\Desktop\adwcleaner_4.111.exe
    2015-02-25 13:48 - 2015-02-25 13:48 - 01388274 _____ (Thisisu) C:\Users\Reungoat\Desktop\JRT.exe
    2015-02-25 13:47 - 2015-02-25 14:47 - 00002134 _____ () C:\Users\Reungoat\Desktop\Instructions.txt
    2015-02-25 12:55 - 2015-02-25 12:55 - 00034333 _____ () C:\Users\Reungoat\Desktop\ComboFix.txt
    2015-02-25 12:42 - 2015-02-25 12:42 - 00000552 _____ () C:\Windows\PFRO.log
    2015-02-25 11:38 - 2015-02-25 12:55 - 00000000 ____D () C:\Qoobox
    2015-02-25 11:38 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-02-25 11:38 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-02-25 11:38 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-02-25 11:38 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-02-25 11:38 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-02-25 11:38 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-02-25 11:38 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-02-25 11:38 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-02-25 11:37 - 2015-02-25 12:50 - 00000000 ____D () C:\Windows\erdnt
    2015-02-25 11:35 - 2015-02-25 11:36 - 05611903 ____R (Swearware) C:\Users\Reungoat\Desktop\ComboFix.exe
    2015-02-25 10:50 - 2015-02-25 11:09 - 00000000 ____D () C:\Users\Reungoat\Desktop\mbar
    2015-02-25 10:50 - 2015-02-25 10:50 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Reungoat\Desktop\mbar-1.09.1.1004.exe
    2015-02-25 10:48 - 2015-02-25 10:48 - 00004569 _____ () C:\Users\Reungoat\Desktop\RKreport_DEL_02252015_104750.log
    2015-02-25 10:38 - 2015-02-25 10:41 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-25 10:38 - 2015-02-25 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-25 10:31 - 2015-02-25 10:32 - 15536728 _____ () C:\Users\Reungoat\Desktop\RogueKiller.exe
    2015-02-24 16:21 - 2015-02-24 16:21 - 00036116 _____ () C:\Users\Reungoat\Desktop\dds.txt
    2015-02-24 16:21 - 2015-02-24 16:21 - 00020164 _____ () C:\Users\Reungoat\Desktop\attach.txt
    2015-02-24 16:19 - 2015-02-24 16:19 - 00688992 ____R (Swearware) C:\Users\Reungoat\Desktop\dds.com
    2015-02-24 12:35 - 2015-02-24 12:35 - 00000000 ____D () C:\Users\Reungoat\Documents\LabVIEW Data
    2015-02-24 12:15 - 2015-02-24 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
    2015-02-24 12:15 - 2015-02-24 12:16 - 00000000 ____D () C:\Program Files\National Instruments
    2015-02-24 10:23 - 2015-02-25 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\ProgramData\SoftPerfect
    2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
    2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\Program Files\NetWorx
    2015-02-23 10:37 - 2015-01-05 17:55 - 00060408 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\networx.sys
    2015-02-23 10:36 - 2015-02-23 10:36 - 04210744 _____ (Softperfect Research ) C:\Users\Reungoat\Desktop\networx_setup.exe
    2015-02-22 19:39 - 2015-02-22 20:00 - 00000000 ____D () C:\Users\Reungoat\Documents\Network Monitor 3
    2015-02-22 19:27 - 2015-02-22 19:27 - 00000978 _____ () C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
    2015-02-22 19:27 - 2015-02-22 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
    2015-02-22 19:27 - 2015-02-22 19:27 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
    2015-02-21 16:59 - 2015-02-21 16:59 - 00000000 ____D () C:\ProgramData\SeriousBit
    2015-02-21 16:57 - 2015-02-21 16:57 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Rainmaker Software Group LLC.
    2015-02-21 16:57 - 2015-02-21 16:57 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Rainmaker_Software_Group_
    2015-02-20 19:09 - 2015-02-25 14:55 - 00002530 _____ () C:\Windows\setupact.log
    2015-02-20 19:09 - 2015-02-20 19:09 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-19 09:42 - 2015-02-19 09:42 - 00001553 _____ () C:\Users\Reungoat\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
    2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
    2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
    2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2015-02-18 09:45 - 2015-02-19 09:37 - 00000000 ____D () C:\Windows\pss
    2015-02-15 18:22 - 2015-02-15 18:23 - 15431256 _____ () C:\Users\Reungoat\Downloads\RogueKiller.exe
    2015-02-15 15:15 - 2015-02-15 15:15 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\ggcenzvn
    2015-02-15 14:57 - 2015-02-15 14:57 - 00000000 ____D () C:\Users\Reungoat\Desktop\Old Firefox Data
    2015-02-12 21:03 - 2015-02-14 10:15 - 00000000 ____D () C:\Users\Reungoat\Downloads\Hola
    2015-02-12 09:01 - 2015-01-23 14:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-12 09:01 - 2015-01-23 14:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-12 09:01 - 2015-01-23 13:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-12 09:01 - 2015-01-23 13:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-11 14:56 - 2015-02-11 14:56 - 00000000 ____D () C:\Users\Reungoat\.imagej
    2015-02-11 12:32 - 2015-02-11 14:25 - 00000000 ____D () C:\Program Files (x86)\ImageJ
    2015-02-11 12:32 - 2015-02-11 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageJ
    2015-02-11 08:56 - 2015-02-04 13:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-11 08:56 - 2015-02-04 13:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-11 08:56 - 2015-02-04 13:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-11 08:56 - 2015-02-04 13:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-11 08:56 - 2015-02-04 13:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-11 08:56 - 2015-02-04 13:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-11 08:56 - 2015-02-04 13:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-11 08:56 - 2015-01-28 09:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-11 08:56 - 2015-01-14 15:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-11 08:56 - 2015-01-14 15:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-11 08:56 - 2015-01-13 13:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-11 08:56 - 2015-01-13 12:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-11 08:56 - 2015-01-12 13:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 08:56 - 2015-01-12 13:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 08:56 - 2015-01-12 13:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-11 08:56 - 2015-01-12 12:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-11 08:56 - 2015-01-12 12:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 08:56 - 2015-01-12 12:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 08:56 - 2015-01-12 12:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-11 08:56 - 2015-01-12 12:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-11 08:56 - 2015-01-12 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 08:56 - 2015-01-12 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-11 08:56 - 2015-01-12 12:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 08:56 - 2015-01-12 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 08:56 - 2015-01-12 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-11 08:56 - 2015-01-12 12:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-11 08:56 - 2015-01-12 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-11 08:56 - 2015-01-12 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-11 08:56 - 2015-01-12 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 08:56 - 2015-01-12 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-11 08:56 - 2015-01-12 12:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-11 08:56 - 2015-01-12 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-11 08:56 - 2015-01-12 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 08:56 - 2015-01-12 12:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-11 08:56 - 2015-01-12 12:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-11 08:56 - 2015-01-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-11 08:56 - 2015-01-12 12:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 08:56 - 2015-01-12 12:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-11 08:56 - 2015-01-12 12:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-11 08:56 - 2015-01-12 11:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-11 08:56 - 2015-01-12 11:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-11 08:56 - 2015-01-12 11:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-11 08:56 - 2015-01-12 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 08:56 - 2015-01-12 11:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-11 08:56 - 2015-01-12 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 08:56 - 2015-01-12 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-11 08:56 - 2015-01-12 11:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-11 08:56 - 2015-01-12 11:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 08:56 - 2015-01-12 11:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-11 08:56 - 2015-01-12 11:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-11 08:56 - 2015-01-12 11:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-11 08:56 - 2015-01-12 11:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-11 08:56 - 2015-01-12 11:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 08:56 - 2015-01-12 11:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-11 08:56 - 2015-01-12 11:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-11 08:56 - 2015-01-12 11:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-11 08:56 - 2015-01-12 11:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-11 08:56 - 2015-01-12 11:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 08:56 - 2015-01-12 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-11 08:56 - 2015-01-12 11:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-11 08:56 - 2015-01-12 10:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-11 08:56 - 2015-01-12 10:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-11 08:55 - 2015-01-15 18:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-11 08:55 - 2015-01-15 18:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 08:55 - 2015-01-15 18:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-11 08:55 - 2015-01-15 18:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-11 08:55 - 2015-01-15 18:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-11 08:55 - 2015-01-15 18:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-11 08:55 - 2015-01-15 18:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-11 08:55 - 2015-01-15 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-11 08:55 - 2015-01-15 18:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-11 08:55 - 2015-01-15 18:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-11 08:55 - 2015-01-15 18:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-11 08:55 - 2015-01-15 17:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-11 08:55 - 2015-01-15 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-11 08:55 - 2015-01-15 17:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-11 08:55 - 2015-01-15 17:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-11 08:55 - 2015-01-15 17:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-11 08:55 - 2015-01-15 17:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-11 08:55 - 2015-01-15 14:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-11 08:55 - 2015-01-14 16:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-11 08:55 - 2015-01-14 16:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-11 08:55 - 2015-01-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-11 08:55 - 2015-01-14 16:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-11 08:55 - 2015-01-14 15:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-11 08:55 - 2015-01-14 15:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-11 08:55 - 2015-01-14 15:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-11 08:55 - 2014-12-12 15:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-11 08:55 - 2014-12-12 15:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-11 08:55 - 2014-12-08 13:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-11 08:55 - 2014-12-08 12:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-11 08:55 - 2014-11-26 13:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-11 08:55 - 2014-11-26 13:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-11 08:55 - 2014-10-04 12:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-02-11 08:55 - 2014-10-04 11:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-02-11 08:55 - 2014-10-04 11:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2015-02-11 08:54 - 2015-01-09 12:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-10 10:56 - 2015-02-10 10:56 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\PDFCreator
    2015-02-09 10:08 - 2015-02-25 10:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-09 10:08 - 2015-02-25 10:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-09 10:08 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-09 10:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-09 09:34 - 2015-02-15 18:53 - 00000000 ____D () C:\Program Files\PDFCreator
    2015-02-09 09:34 - 2015-02-09 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
    2015-02-09 09:34 - 2015-01-22 16:14 - 00114872 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
    2015-01-31 14:15 - 2015-01-31 14:15 - 00001715 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files\iTunes
    2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files\iPod
    2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-01-27 16:32 - 2015-02-25 11:22 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Spotify
    2015-01-27 16:32 - 2015-01-27 16:32 - 00001827 _____ () C:\Users\Reungoat\Desktop\Spotify.lnk
    2015-01-27 16:32 - 2015-01-27 16:32 - 00001813 _____ () C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2015-01-27 16:31 - 2015-02-25 11:36 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Spotify
    2015-01-27 09:31 - 2015-01-27 09:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-25 15:05 - 2014-05-20 20:52 - 00000000 ____D () C:\ProgramData\BOINC
    2015-02-25 15:04 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-25 15:04 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-25 15:02 - 2009-07-14 15:13 - 01060088 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-25 15:00 - 2013-01-22 17:28 - 01219016 _____ () C:\Windows\WindowsUpdate.log
    2015-02-25 14:59 - 2013-01-30 14:49 - 00000000 ___RD () C:\Users\Reungoat\Documents\Dropbox
    2015-02-25 14:57 - 2014-05-28 10:32 - 00000000 ___RD () C:\Users\Reungoat\Documents\Google Drive
    2015-02-25 14:57 - 2013-01-30 14:46 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Dropbox
    2015-02-25 14:56 - 2014-07-25 10:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-02-25 14:56 - 2014-05-28 10:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-25 14:55 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-25 14:50 - 2014-06-28 18:26 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job
    2015-02-25 14:43 - 2013-01-22 17:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-25 14:29 - 2014-05-28 10:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-25 12:55 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Default
    2015-02-25 12:43 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini
    2015-02-25 12:31 - 2009-07-14 12:34 - 89391104 _____ () C:\Windows\system32\config\SOFTWARE.bak
    2015-02-25 12:31 - 2009-07-14 12:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak
    2015-02-25 12:31 - 2009-07-14 12:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
    2015-02-25 12:31 - 2009-07-14 12:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
    2015-02-25 12:31 - 2009-07-14 12:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
    2015-02-25 11:36 - 2013-01-30 12:42 - 00000000 ____D () C:\Users\Reungoat\Documents\Outlook Files
    2015-02-25 09:50 - 2014-06-28 18:26 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job
    2015-02-24 16:32 - 2014-08-10 16:51 - 00007601 _____ () C:\Users\Reungoat\AppData\Local\Resmon.ResmonCfg
    2015-02-24 15:42 - 2014-06-06 09:36 - 00000000 ____D () C:\Users\Reungoat\Documents\Simple Sticky Notes
    2015-02-24 12:17 - 2012-02-11 15:46 - 00000000 ____D () C:\ProgramData\National Instruments
    2015-02-24 12:16 - 2012-02-11 15:47 - 00000000 ____D () C:\Program Files (x86)\National Instruments
    2015-02-24 12:14 - 2012-02-11 15:52 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\National Instruments
    2015-02-22 22:12 - 2013-02-03 18:03 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Skype
    2015-02-21 16:30 - 2013-01-30 12:28 - 00000000 ____D () C:\Users\Reungoat
    2015-02-19 09:07 - 2013-08-03 16:56 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-19 09:06 - 2014-11-12 14:38 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
    2015-02-19 09:06 - 2013-08-03 16:56 - 00000000 ____D () C:\ProgramData\Garmin
    2015-02-19 09:06 - 2013-08-03 16:56 - 00000000 ____D () C:\Program Files (x86)\Garmin
    2015-02-15 18:53 - 2013-02-05 19:20 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\uTorrent
    2015-02-15 18:51 - 2014-07-25 14:23 - 00000000 ____D () C:\Windows\Minidump
    2015-02-15 18:51 - 2011-02-11 00:25 - 00000000 ____D () C:\Windows\panther
    2015-02-15 17:14 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-15 15:02 - 2013-03-20 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laser GPS
    2015-02-15 15:02 - 2013-03-20 18:45 - 00000000 ____D () C:\Program Files (x86)\Laser GPS
    2015-02-15 10:13 - 2014-05-26 16:36 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-15 10:12 - 2014-11-04 08:39 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-02-15 10:10 - 2014-11-04 08:39 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-02-15 10:10 - 2014-11-04 08:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2015-02-15 10:10 - 2014-11-04 08:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2015-02-15 10:10 - 2014-11-04 08:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-02-15 08:42 - 2009-07-14 15:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-13 11:24 - 2013-01-30 14:46 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-02-12 08:39 - 2009-07-14 14:45 - 00343728 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-12 08:38 - 2014-12-11 10:15 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-12 08:38 - 2014-05-06 19:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-12 08:37 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-11 22:08 - 2013-01-30 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-11 22:08 - 2009-07-14 12:34 - 00000478 _____ () C:\Windows\win.ini
    2015-02-11 22:05 - 2013-07-23 21:59 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-11 21:59 - 2013-02-01 14:04 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-10 08:36 - 2013-01-30 23:31 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
    2015-02-09 10:05 - 2014-08-17 11:58 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Adobe
    2015-02-09 10:04 - 2013-01-22 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-09 10:04 - 2013-01-22 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-09 10:04 - 2013-01-22 17:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-09 09:45 - 2014-06-28 18:26 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA
    2015-02-09 09:45 - 2014-06-28 18:26 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core
    2015-02-09 09:23 - 2014-05-28 10:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-09 09:23 - 2014-05-28 10:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-01 10:50 - 2014-12-07 20:26 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    2015-02-01 10:50 - 2014-05-20 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    2015-02-01 10:49 - 2013-01-22 17:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-01-31 14:15 - 2013-04-07 17:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-01-28 17:12 - 2013-02-07 13:07 - 00000000 ____D () C:\Users\Reungoat\Documents\Membrane Futures
    2015-01-28 16:10 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-28 10:42 - 2013-01-30 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-27 09:39 - 2014-05-28 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

    ==================== Files in the root of some directories =======

    2013-04-07 16:19 - 2013-04-07 16:26 - 0000381 _____ () C:\Users\Reungoat\AppData\Roaming\.ptbt0
    2013-03-04 22:24 - 2013-03-13 09:27 - 0002048 _____ () C:\Users\Reungoat\AppData\Roaming\My Photo Box V3 Prefsv3
    2013-03-04 22:00 - 2013-03-12 22:25 - 0002048 _____ () C:\Users\Reungoat\AppData\Roaming\Snappy Sumo Prefsv3
    2013-07-29 15:50 - 2014-05-18 22:01 - 0003072 _____ () C:\Users\Reungoat\AppData\Roaming\ThePhotobookClub.com.au Prefsv3
    2014-01-05 20:00 - 2014-03-11 18:51 - 0007168 _____ () C:\Users\Reungoat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-05-26 10:15 - 2014-05-26 10:15 - 0000886 _____ () C:\Users\Reungoat\AppData\Local\recently-used.xbel
    2014-08-10 16:51 - 2015-02-24 16:32 - 0007601 _____ () C:\Users\Reungoat\AppData\Local\Resmon.ResmonCfg
    2013-01-30 12:27 - 2013-01-30 12:32 - 0032723 _____ () C:\Users\Reungoat\AppData\Local\WiDiSetupLog.20130130.122743.txt

    Some content of TEMP:
    ====================
    C:\Users\Reungoat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpni0jbc.dll
    C:\Users\Reungoat\AppData\Local\Temp\Quarantine.exe
    C:\Users\Reungoat\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-23 14:01

    ==================== End Of Log ============================
     
  11. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2015
    Ran by Reungoat at 2015-02-25 15:06:53
    Running from C:\Users\Reungoat\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Anti-Virus (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
    AS: Kaspersky Anti-Virus (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BASF Sokalan RO Xpert 2013B1 (HKLM-x32\...\ST5UNST #2) (Version: - )
    BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
    BOINC (HKLM\...\{84676CB3-965C-496F-AB81-EB148406E9D7}) (Version: 7.4.36 - Space Sciences Laboratory, U.C. Berkeley)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
    Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant)
    Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
    Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
    Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
    Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.009 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
    DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
    Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    Dropbox (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
    Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
    EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
    Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
    GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
    Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
    ImageJ 1.48v (HKLM-x32\...\ImageJ_is1) (Version: - NIH)
    IMSdesign (HKLM-x32\...\{69CE1F8E-0CAB-479F-A362-FC44C4A00904}) (Version: 20.12.8 - Hydranautics)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
    iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
    iTunes Library Updater (HKLM-x32\...\{38EE230F-F631-451F-8800-E29F5E5C9E7D}) (Version: 1.2.2 - N/A)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
    Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Math Kernel Libraries (64-bit) (Version: 13.0.13 - National Instruments) Hidden
    Math Kernel Libraries (x32 Version: 13.0.13 - National Instruments) Hidden
    Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
    Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
    Media Go Video Playback Engine 2.12.104.06300 (HKLM-x32\...\{9797040D-7B42-7E9F-4289-9FA87AB89771}) (Version: 2.12.104.06300 - Sony)
    Membrane Master 4 version 1.16 (HKLM-x32\...\{26A83897-CA9F-4D3F-B456-2EDD1F9FF3C0}}_is1) (Version: 1.16 - Genesys International)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
    Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Music Manager (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\MusicManager) (Version: - Google, Inc.)
    My Photo Box V3 (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\My Photo Box V3) (Version: My Photo Box V3 3.1.2 - My Photo Box)
    National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
    NetWorx 5.3.3 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
    NI ActiveX Container (64-bit) (Version: 13.0.4 - National Instruments) Hidden
    NI ActiveX Container (x32 Version: 13.0.4 - National Instruments) Hidden
    NI Authentication 13.0.0 (64-bit) (Version: 13.0.326 - National Instruments) Hidden
    NI Authentication 13.0.0 (x32 Version: 13.0.326 - National Instruments) Hidden
    NI Curl 13.0.0 (64-bit) (Version: 13.0.324 - National Instruments) Hidden
    NI Curl 13.0.0 (x32 Version: 13.0.324 - National Instruments) Hidden
    NI DataSocket 5.1 (64-bit) (Version: 5.1.227 - National Instruments) Hidden
    NI DataSocket 5.1 (x32 Version: 5.1.227 - National Instruments) Hidden
    NI Error Reporting 2013 (x32 Version: 13.0.324 - National Instruments) Hidden
    NI Error Reporting Interface Installer 5.5 (x32 Version: 5.50.49152 - National Instruments) Hidden
    NI Error Reporting Interface Installer 5.5 for Windows 64-bit (Version: 5.50.49152 - National Instruments) Hidden
    NI EulaDepot (x32 Version: 3.20.351 - National Instruments) Hidden
    NI GMP Windows 32-bit Installer 13.0.0 (x32 Version: 13.0.45.0 - National Instruments) Hidden
    NI GMP Windows 64-bit Installer 13.0.0 (Version: 13.0.45.0 - National Instruments) Hidden
    NI Help Assistant 2.0 (64bit) (Version: 2.0.3 - National Instruments) Hidden
    NI Help Assistant 2.0 (x32 Version: 2.0.3 - National Instruments) Hidden
    NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 13.0.336 - National Instruments) Hidden
    NI LabVIEW 2013 Deployable License (x32 Version: 13.0.303 - National Instruments) Hidden
    NI LabVIEW 2013 Deployment Framework (x32 Version: 13.0.330 - National Instruments) Hidden
    NI LabVIEW 2013 Run-Time Engine Non-English Support. (x32 Version: 13.0.329 - National Instruments) Hidden
    NI LabVIEW 2013 Run-Time Engine Web Server (x32 Version: 13.0.321 - National Instruments) Hidden
    NI LabVIEW Run-Time Engine 2013 (x32 Version: 13.0.332 - National Instruments) Hidden
    NI LabVIEW Run-Time Engine Interop 2013 (x32 Version: 13.0.332 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI Launcher (x32 Version: 3.11.186 - National Instruments) Hidden
    NI License Manager (x32 Version: 3.7.53 - National Instruments) Hidden
    NI Logos 5.5 (64-bit) (Version: 5.5.293 - National Instruments) Hidden
    NI Logos 5.5 (x32 Version: 5.5.293 - National Instruments) Hidden
    NI Logos XT Support (x32 Version: 5.5.294 - National Instruments) Hidden
    NI Logos64 XT Support (Version: 5.5.294 - National Instruments) Hidden
    NI MDF Support (x32 Version: 3.20.351 - National Instruments) Hidden
    NI mDNS Responder 2.2 for Windows 64-bit (Version: 2.20.49152 - National Instruments) Hidden
    NI mDNS Responder 2.2.0 (x32 Version: 2.20.49152 - National Instruments) Hidden
    NI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) Hidden
    NI Measurement Studio ComponentWorks UI (x32 Version: 8.6.10603 - National Instruments) Hidden
    NI MXS 5.5.0 (x32 Version: 5.50.49152 - National Instruments) Hidden
    NI MXS 5.5.0 for 64 Bit Windows (Version: 5.50.49152 - National Instruments) Hidden
    NI OPC Support (x32 Version: 13.0.296 - National Instruments) Hidden
    NI OPCEnum Shared (x32 Version: 5.5.2018 - National Instruments) Hidden
    NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
    NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
    NI Service Locator 13.0 (x32 Version: 13.0.303 - National Instruments) Hidden
    NI SSL LabVIEW RTE 2013 Support (x32 Version: 13.0.317 - National Instruments) Hidden
    NI SSL Support (64-bit) (Version: 13.0.319 - National Instruments) Hidden
    NI SSL Support (x32 Version: 13.0.324 - National Instruments) Hidden
    NI System State Publisher (64-bit) (Version: 13.0.299 - National Instruments) Hidden
    NI System State Publisher (x32 Version: 13.0.304 - National Instruments) Hidden
    NI System Web Server 13.0 (x32 Version: 13.0.330 - National Instruments) Hidden
    NI System Web Server Base 13.0.0 (64-bit) (Version: 13.0.323 - National Instruments) Hidden
    NI System Web Server Base 13.0.0 (x32 Version: 13.0.323 - National Instruments) Hidden
    NI TDM Streaming 2.5 (64-bit) (Version: 2.5.36 - National Instruments) Hidden
    NI TDM Streaming 2.5 (x32 Version: 2.5.36 - National Instruments) Hidden
    NI Trace Engine (64-bit) (Version: 13.0.324 - National Instruments) Hidden
    NI Trace Engine (x32 Version: 13.0.324 - National Instruments) Hidden
    NI Uninstaller (x32 Version: 3.20.351 - National Instruments) Hidden
    NI USI 2.0.1 (x32 Version: 2.0.15249 - National Instruments) Hidden
    NI USI 2.0.1 64-Bit (Version: 2.0.15249 - National Instruments) Hidden
    NI Variable Engine (64-bit) (Version: 2.7.297 - National Instruments) Hidden
    NI Variable Engine 2.6.0 (x32 Version: 2.7.297 - National Instruments) Hidden
    NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
    NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
    NI VC2010SP1MSMs x64 (Version: 10.0.100 - National Instruments) Hidden
    NI VC2010SP1MSMs x86 (x32 Version: 10.0.100 - National Instruments) Hidden
    NI Web Application Server 13.0 (64-bit) (Version: 13.0.319 - National Instruments) Hidden
    NI Web Application Server 13.0 (x32 Version: 13.0.324 - National Instruments) Hidden
    NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden
    NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden
    NI-Mesa (Version: 12.0.7.0 - National Instruments) Hidden
    NI-Mesa (x32 Version: 12.0.7.0 - National Instruments) Hidden
    NI-RPC 4.4.0f0 (x32 Version: 4.40.49152 - National Instruments) Hidden
    NI-RPC 4.4.0f0 for 64 Bit Windows (Version: 4.40.49152 - National Instruments) Hidden
    NI-RPC 4.4.0f0 for Phar Lap ETS (x32 Version: 4.40.49152 - National Instruments) Hidden
    NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
    Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
    PC-CCID (Version: 2.0.0 - Gemalto) Hidden
    PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
    PermaCare - Global - RO12_6 (HKLM-x32\...\ST5UNST #1) (Version: - )
    Phreeqc Interactive 3.1.1-8288 (HKLM-x32\...\{AF12E5C7-F459-446D-BAA1-704EF23825AF}) (Version: 3.1.8288 - U.S. Geological Survey)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
    Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    ROSA9 (HKLM-x32\...\{A155B355-9995-4B14-BA3C-2903E59A5B95}) (Version: 9.1 - Dow Chemical)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SigmaPlot 12.5 (HKLM-x32\...\{730E22C0-A5A9-4A1B-AE66-570573DCA0E8}) (Version: 12.5 - Systat Software, Inc.)
    Simple Sticky Notes 2.5.1 (HKLM-x32\...\Simple Sticky Notes_is1) (Version: - Simnet Ltd.)
    SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.14.201410081526 - Sony Mobile Communications AB)
    Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
    SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
    SportTracks 3.1 (HKLM-x32\...\{99895EF0-B290-4B21-B1FE-FB00E1B5D195}) (Version: 3.1.5202 - Zone Five Software)
    Spotify (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)
    SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
    ThePhotobookClub.com.au (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\ThePhotobookClub.com.au) (Version: ThePhotobookClub.com.au 3.2.0 - PhotobookClub.com.au)
    toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
    TorayDS2 (HKLM-x32\...\{4E2DF308-B412-40E6-8085-135DB10C7CE2}) (Version: 2.1.98 - Toray Membrane USA)
    TorayDS2 (HKLM-x32\...\{664613D6-9485-41B8-B132-645468850604}) (Version: 2.1.58 - Toray Membrane USA)
    Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
    Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
    Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
    Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
    WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Winflows 3.1.2 (HKLM-x32\...\{EDF5CC51-924D-40DE-B81E-3A6485BB5294}) (Version: 1.0.0 - GE)
    Winflows 3.2.1 (HKLM-x32\...\{4340C834-9D2E-4FD3-B472-56BDE18349D0}) (Version: 1.0.0 - GE)
    WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    Zotero Standalone 4.0.17 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.17 (x86 en-US)) (Version: 4.0.17 - Zotero)
     
  12. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 12:34 - 2015-02-25 12:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {255B06CB-3E92-4A75-83EE-BA3512CAB800} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
    Task: {51009F25-8633-46B9-AC95-AE201ABA18B0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
    Task: {5224892A-758A-4924-919E-C7BC9F8B81F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {A976DB8A-DE98-484C-89C8-15460CE1C5D0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {CDE74A73-2917-4A22-8AF0-66F387BEEB55} - System32\Tasks\Dell\Command Update => C:\Program Files (x86)\Dell\CommandUpdate\DellCommandUpdate.exe [2014-05-05] (Dell Inc.)
    Task: {D66628E2-2540-4993-90BF-578A706E5905} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {EA5219CA-967B-4715-B533-F3C926340102} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.)
    Task: {ED930701-0FDB-4EE5-8637-D555A87B7F86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
    Task: {F0F8EA82-7318-49F3-A61E-8C35D121466E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
    Task: {F1501957-74AA-4E7D-859F-47024B97B1A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
    2013-12-22 12:50 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-01-17 23:45 - 2012-01-17 23:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    2012-01-17 23:45 - 2012-01-17 23:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
    2011-10-09 14:56 - 2011-10-09 14:56 - 00003072 _____ () C:\PROGRAM FILES (X86)\NTRU CRYPTOSYSTEMS\NTRU TCG SOFTWARE STACK\BIN\TspPopup_ENU.dll
    2011-11-07 23:55 - 2011-11-07 23:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
    2006-12-09 07:42 - 2013-01-22 17:50 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
    2006-12-09 07:41 - 2013-01-22 17:50 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
    2013-01-22 19:12 - 2012-02-02 07:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2015-02-23 10:37 - 2014-12-23 13:33 - 00755200 _____ () C:\Program Files\NetWorx\sqlite.dll
    2015-02-23 10:37 - 2015-01-05 17:55 - 00146424 _____ () C:\Program Files\NetWorx\nfapi.dll
    2013-10-15 12:31 - 2013-10-15 12:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
    2013-12-13 08:36 - 2013-12-13 08:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
    2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
    2014-06-06 09:36 - 2012-12-04 21:19 - 00378368 _____ () C:\Program Files (x86)\Simnet\Simple Sticky Notes\sqlite3.dll
    2013-06-07 10:59 - 2013-06-07 10:59 - 01958560 _____ () C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll
    2012-01-26 10:36 - 2012-01-26 10:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
    2015-02-11 07:00 - 2015-02-11 07:00 - 00750080 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-02-25 14:57 - 2015-02-25 14:57 - 00043008 _____ () c:\users\reungoat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpni0jbc.dll
    2015-02-11 07:00 - 2015-02-11 07:00 - 00047616 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-02-11 07:00 - 2015-02-11 07:00 - 00865280 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-02-11 07:00 - 2015-02-11 07:00 - 00200704 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2015-02-25 14:56 - 2015-02-25 14:56 - 00098816 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32api.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00110080 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\pywintypes27.dll
    2015-02-25 14:56 - 2015-02-25 14:56 - 00364544 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\pythoncom27.dll
    2015-02-25 14:56 - 2015-02-25 14:56 - 00045568 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_socket.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 01160704 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_ssl.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00320512 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32com.shell.shell.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00713216 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_hashlib.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 01175040 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._core_.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00805888 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._gdi_.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00811008 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._windows_.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 01062400 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._controls_.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00735232 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._misc_.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00557056 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\pysqlite2._sqlite.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00128512 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_elementtree.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00127488 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\pyexpat.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00087552 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_ctypes.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00119808 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32file.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00108544 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32security.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00007168 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\hashobjs_ext.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00167936 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32gui.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00018432 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32event.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00038912 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32inet.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00011264 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32crypt.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00070656 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._html2.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00027136 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_multiprocessing.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00035840 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32process.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00686080 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\unicodedata.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00122368 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._wizard.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00024064 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32pipe.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00025600 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32pdh.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00525640 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\windows._lib_cacheinvalidation.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00010240 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\select.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00017408 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32profile.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00022528 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32ts.pyd
    2015-02-25 14:56 - 2015-02-25 14:56 - 00078336 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._animate.pyd
    2014-10-16 03:38 - 2014-10-16 03:38 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll
    2013-01-22 17:47 - 2012-05-31 05:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2014-06-10 09:01 - 2013-11-14 05:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: Media is not connected to internet.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2935964518-2361115088-2651154713-500 - Administrator - Disabled)
    Guest (S-1-5-21-2935964518-2361115088-2651154713-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-2935964518-2361115088-2651154713-1002 - Limited - Enabled)
    Reungoat (S-1-5-21-2935964518-2361115088-2651154713-1000 - Administrator - Enabled) => C:\Users\Reungoat

    ==================== Faulty Device Manager Devices =============

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-25 12:24:08.600
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-02-25 12:24:08.560
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-15 11:15:51.801
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-15 11:15:51.791
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-15 11:15:51.791
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-15 11:15:51.771
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-15 11:15:51.771
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-15 11:15:51.771
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-13 10:51:48.984
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-13 10:51:48.983
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
    Percentage of memory in use: 31%
    Total physical RAM: 8097.21 MB
    Available physical RAM: 5556.8 MB
    Total Pagefile: 16192.62 MB
    Available Pagefile: 13469.72 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:453.57 GB) (Free:160.99 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AE1759B2)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=453.6 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  14. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
    Ran by Reungoat at 2015-02-26 13:47:27 Run:1
    Running from C:\Users\Reungoat\Desktop
    Loaded Profiles: Reungoat (Available profiles: Reungoat & Guest)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000 -> {6014117C-9DB7-4581-AC82-08D337DDE4C0} URL =
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg.dll No File
    BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg32.dll No File
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg32.dll No File
    FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @hola.org/vlc,version=1.6.654 -> C:\Users\Reungoat\AppData\Local\Hola\firefox\app\vlc No File
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\FirefoxExtension
    c:\Program Files (x86)\Trend Micro
    CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 Nbdrv; system32\DRIVERS\nbdrv.sys [X]
    2013-04-07 16:19 - 2013-04-07 16:26 - 0000381 _____ () C:\Users\Reungoat\AppData\Roaming\.ptbt0
    2013-03-04 22:24 - 2013-03-13 09:27 - 0002048 _____ () C:\Users\Reungoat\AppData\Roaming\My Photo Box V3 Prefsv3
    2013-03-04 22:00 - 2013-03-12 22:25 - 0002048 _____ () C:\Users\Reungoat\AppData\Roaming\Snappy Sumo Prefsv3
    2013-07-29 15:50 - 2014-05-18 22:01 - 0003072 _____ () C:\Users\Reungoat\AppData\Roaming\ThePhotobookClub.com.au Prefsv3
    2014-01-05 20:00 - 2014-03-11 18:51 - 0007168 _____ () C:\Users\Reungoat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-05-26 10:15 - 2014-05-26 10:15 - 0000886 _____ () C:\Users\Reungoat\AppData\Local\recently-used.xbel
    2014-08-10 16:51 - 2015-02-24 16:32 - 0007601 _____ () C:\Users\Reungoat\AppData\Local\Resmon.ResmonCfg
    2013-01-30 12:27 - 2013-01-30 12:32 - 0032723 _____ () C:\Users\Reungoat\AppData\Local\WiDiSetupLog.20130130.122743.txt
    C:\Users\Reungoat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpni0jbc.dll
    C:\Users\Reungoat\AppData\Local\Temp\Quarantine.exe
    C:\Users\Reungoat\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

    *****************

    "HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6014117C-9DB7-4581-AC82-08D337DDE4C0}" => Key deleted successfully.
    HKCR\CLSID\{6014117C-9DB7-4581-AC82-08D337DDE4C0} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
    "HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
    "HKCR\PROTOCOLS\Handler\tmpx" => Key deleted successfully.
    "HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}" => Key deleted successfully.
    "HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\MozillaPlugins\@hola.org/vlc,version=1.6.654" => Key deleted successfully.
    FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @hola.org/vlc,version=1.6.654 -> C:\Users\Reungoat\AppData\Local\Hola\firefox\app\vlc No File not found.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} => value deleted successfully.
    "c:\Program Files (x86)\Trend Micro" => File/Directory not found.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihenkjeihefokohmemphikjnjbmegdik" => Key deleted successfully.
    catchme => Service deleted successfully.
    Nbdrv => Service deleted successfully.
    C:\Users\Reungoat\AppData\Roaming\.ptbt0 => Moved successfully.
    C:\Users\Reungoat\AppData\Roaming\My Photo Box V3 Prefsv3 => Moved successfully.
    C:\Users\Reungoat\AppData\Roaming\Snappy Sumo Prefsv3 => Moved successfully.
    C:\Users\Reungoat\AppData\Roaming\ThePhotobookClub.com.au Prefsv3 => Moved successfully.
    C:\Users\Reungoat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
    C:\Users\Reungoat\AppData\Local\recently-used.xbel => Moved successfully.
    C:\Users\Reungoat\AppData\Local\Resmon.ResmonCfg => Moved successfully.
    C:\Users\Reungoat\AppData\Local\WiDiSetupLog.20130130.122743.txt => Moved successfully.
    "C:\Users\Reungoat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpni0jbc.dll" => File/Directory not found.
    C:\Users\Reungoat\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Reungoat\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.

    ==== End of Fixlog 13:47:28 ====
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Last scans....

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  16. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    Hi Broni,

    The Sophos scan came back clean but while it was scanning I noticed Internet Explorer was open again in the task manager. I can see the address of commercial websites and it changes often (at least once a minute). Here are the other logs.

    Results of screen317's Security Check version 0.99.97
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Kaspersky Anti-Virus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 31
    Java version 32-bit out of Date!
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.305
    Adobe Reader XI
    Mozilla Firefox 35.0.1 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avp.exe
    Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avpui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````



    Farbar Service Scanner Version: 17-01-2015
    Ran by Reungoat (administrator) on 26-02-2015 at 14:21:21
    Running from "C:\Users\Reungoat\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  17. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Give me fresh FRST logs.
    Make sure you checkmark Addition.txt box so both logs will be produced.
     
  18. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    Two internet explorer windows were open in task manager when I did the scans.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
    Ran by Reungoat (administrator) on REUNGOAT-PC on 27-02-2015 11:08:36
    Running from C:\Users\Reungoat\Desktop
    Loaded Profiles: Reungoat (Available profiles: Reungoat & Guest)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
    ( ) C:\Windows\System32\lxdncoms.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
    (O2Micro International) C:\Windows\System32\o2flash.exe
    (pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
    (pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
    (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    (Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
    (Simnet Ltd. ) C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
    (Spotify Ltd) C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Dropbox, Inc.) C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    () C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe
    () C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe
    () C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe
    () C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
    () C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe
    () C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-09] (Dell Computer Corporation)
    HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-09] (Wave Systems Corp.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
    HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-16] (Dell Inc.)
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [67056 2014-12-11] (Space Sciences Laboratory)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-09] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6638800 2015-02-04] (SoftPerfect Research)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-31] (Intel Corporation)
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-17] (Creative Technology Ltd)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [Simple Sticky Notes] => C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe [662384 2014-10-25] (Simnet Ltd. )
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9639920 2014-12-11] (Space Sciences Laboratory)
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [Spotify Web Helper] => C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-27] (Spotify Ltd)
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
    ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    Startup: C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
    ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog5 11 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
    Winsock: Catalog5-x64 11 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll (National Instruments)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\googlefrweb.xml
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\googlemaps.xml
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-english-french.xml
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-english.xml
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-french-english.xml
    FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\youtube.xml
    FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
    FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-02-10]
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
    FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-25]
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
    FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-25]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
    FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-25]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-06-06]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-06-06]
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-06-06]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-06-06] (Kaspersky Lab ZAO)
    R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-16] (Dell Inc.)
    R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-14] (Intel Corporation)
    R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
    R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
    R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
    R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
    R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-10] (National Instruments Corporation)
    R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
    S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
    R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
    S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
    R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
    R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation)
    R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
    R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [687944 2013-06-15] (National Instruments Corporation)
    R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-17] (O2Micro International)
    R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
    R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
    S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-09] () [File not signed]
    R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-06] (Wave Systems Corp.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-17] (Wave Systems Corp.) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-12-10] (Broadcom Corporation.)
    S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-11-02] (Sony Mobile Communications)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-06-06] (Kaspersky Lab ZAO)
    S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-06-06] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-06-06] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-06-06] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-06-06] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-06-06] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-06-06] (Kaspersky Lab ZAO)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-14] (Intel Corporation)
    R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2015-01-05] (NetFilterSDK.com)
    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [89312 2013-03-27] (STMicroelectronics)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-25] ()
    R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
    S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
    R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  19. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-26 17:43 - 2015-02-26 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-26 14:33 - 2015-02-26 14:33 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
    2015-02-26 14:33 - 2015-02-26 14:33 - 00000000 ____D () C:\ProgramData\Sophos
    2015-02-26 14:33 - 2015-02-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2015-02-26 14:33 - 2015-02-26 14:33 - 00000000 ____D () C:\Program Files (x86)\Sophos
    2015-02-26 14:32 - 2015-02-26 14:32 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    2015-02-26 14:27 - 2015-02-26 14:29 - 111835848 _____ (Sophos Limited) C:\Users\Reungoat\Desktop\Sophos Virus Removal Tool.exe
    2015-02-26 14:22 - 2015-02-26 14:22 - 00448512 _____ (OldTimer Tools) C:\Users\Reungoat\Desktop\TFC.exe
    2015-02-26 14:21 - 2015-02-26 14:21 - 00002754 _____ () C:\Users\Reungoat\Desktop\FSS.txt
    2015-02-26 14:20 - 2015-02-26 14:20 - 00000981 _____ () C:\Users\Reungoat\Desktop\checkup.txt
    2015-02-26 14:17 - 2015-02-26 14:17 - 00415232 _____ (Farbar) C:\Users\Reungoat\Desktop\FSS.exe
    2015-02-26 14:15 - 2015-02-26 14:15 - 00852604 _____ () C:\Users\Reungoat\Desktop\SecurityCheck.exe
    2015-02-26 14:12 - 2015-02-26 14:12 - 00001252 _____ () C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PermaCare - Global - RO12_6.LNK
    2015-02-26 14:11 - 2015-02-26 14:12 - 00000000 ____D () C:\Program Files (x86)\PermaCare - Global - RO12_6
    2015-02-26 13:47 - 2015-02-26 13:47 - 00000000 ____D () C:\Users\Reungoat\Desktop\FRST-OlderVersion
    2015-02-26 13:47 - 2015-02-26 13:47 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\CrashDumps
    2015-02-26 09:09 - 2015-01-09 13:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-26 09:09 - 2015-01-09 13:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-26 09:09 - 2015-01-09 13:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-26 09:09 - 2015-01-09 12:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-25 15:06 - 2015-02-27 11:08 - 00031058 _____ () C:\Users\Reungoat\Desktop\FRST.txt
    2015-02-25 15:06 - 2015-02-27 11:08 - 00000000 ____D () C:\FRST
    2015-02-25 15:06 - 2015-02-25 15:07 - 00043123 _____ () C:\Users\Reungoat\Desktop\Addition.txt
    2015-02-25 15:03 - 2015-02-25 15:03 - 00001623 _____ () C:\Users\Reungoat\Desktop\JRT.txt
    2015-02-25 14:57 - 2015-02-25 14:57 - 00002026 _____ () C:\Users\Reungoat\Desktop\AdwCleaner[S0].txt
    2015-02-25 14:47 - 2015-02-25 14:54 - 00000000 ____D () C:\AdwCleaner
    2015-02-25 13:49 - 2015-02-26 13:47 - 02087936 _____ (Farbar) C:\Users\Reungoat\Desktop\FRST64.exe
    2015-02-25 13:48 - 2015-02-25 13:48 - 02126848 _____ () C:\Users\Reungoat\Desktop\adwcleaner_4.111.exe
    2015-02-25 13:48 - 2015-02-25 13:48 - 01388274 _____ (Thisisu) C:\Users\Reungoat\Desktop\JRT.exe
    2015-02-25 13:47 - 2015-02-25 14:47 - 00002134 _____ () C:\Users\Reungoat\Desktop\Instructions.txt
    2015-02-25 12:55 - 2015-02-25 12:55 - 00034333 _____ () C:\Users\Reungoat\Desktop\ComboFix.txt
    2015-02-25 12:42 - 2015-02-25 12:42 - 00000552 _____ () C:\Windows\PFRO.log
    2015-02-25 12:30 - 2015-01-09 09:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-25 12:30 - 2015-01-09 09:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-02-25 11:38 - 2015-02-25 12:55 - 00000000 ____D () C:\Qoobox
    2015-02-25 11:38 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-02-25 11:38 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-02-25 11:38 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-02-25 11:38 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-02-25 11:38 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-02-25 11:38 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-02-25 11:38 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-02-25 11:38 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-02-25 11:37 - 2015-02-25 12:50 - 00000000 ____D () C:\Windows\erdnt
    2015-02-25 11:35 - 2015-02-25 11:36 - 05611903 ____R (Swearware) C:\Users\Reungoat\Desktop\ComboFix.exe
    2015-02-25 10:50 - 2015-02-25 11:09 - 00000000 ____D () C:\Users\Reungoat\Desktop\mbar
    2015-02-25 10:50 - 2015-02-25 10:50 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Reungoat\Desktop\mbar-1.09.1.1004.exe
    2015-02-25 10:48 - 2015-02-25 10:48 - 00004569 _____ () C:\Users\Reungoat\Desktop\RKreport_DEL_02252015_104750.log
    2015-02-25 10:38 - 2015-02-25 10:41 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-25 10:38 - 2015-02-25 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-25 10:31 - 2015-02-25 10:32 - 15536728 _____ () C:\Users\Reungoat\Desktop\RogueKiller.exe
    2015-02-24 16:21 - 2015-02-24 16:21 - 00036116 _____ () C:\Users\Reungoat\Desktop\dds.txt
    2015-02-24 16:21 - 2015-02-24 16:21 - 00020164 _____ () C:\Users\Reungoat\Desktop\attach.txt
    2015-02-24 16:19 - 2015-02-24 16:19 - 00688992 ____R (Swearware) C:\Users\Reungoat\Desktop\dds.com
    2015-02-24 12:35 - 2015-02-24 12:35 - 00000000 ____D () C:\Users\Reungoat\Documents\LabVIEW Data
    2015-02-24 12:15 - 2015-02-24 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
    2015-02-24 12:15 - 2015-02-24 12:16 - 00000000 ____D () C:\Program Files\National Instruments
    2015-02-24 10:23 - 2015-02-25 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\ProgramData\SoftPerfect
    2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
    2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\Program Files\NetWorx
    2015-02-23 10:37 - 2015-01-05 17:55 - 00060408 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\networx.sys
    2015-02-23 10:36 - 2015-02-23 10:36 - 04210744 _____ (Softperfect Research ) C:\Users\Reungoat\Desktop\networx_setup.exe
    2015-02-22 19:39 - 2015-02-22 20:00 - 00000000 ____D () C:\Users\Reungoat\Documents\Network Monitor 3
    2015-02-22 19:27 - 2015-02-22 19:27 - 00000978 _____ () C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
    2015-02-22 19:27 - 2015-02-22 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
    2015-02-22 19:27 - 2015-02-22 19:27 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
    2015-02-21 16:59 - 2015-02-21 16:59 - 00000000 ____D () C:\ProgramData\SeriousBit
    2015-02-21 16:57 - 2015-02-21 16:57 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Rainmaker Software Group LLC.
    2015-02-21 16:57 - 2015-02-21 16:57 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Rainmaker_Software_Group_
    2015-02-20 19:09 - 2015-02-27 09:07 - 00002978 _____ () C:\Windows\setupact.log
    2015-02-20 19:09 - 2015-02-20 19:09 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-19 09:42 - 2015-02-19 09:42 - 00001553 _____ () C:\Users\Reungoat\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
    2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
    2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
    2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2015-02-18 09:45 - 2015-02-19 09:37 - 00000000 ____D () C:\Windows\pss
    2015-02-15 15:15 - 2015-02-15 15:15 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\ggcenzvn
    2015-02-15 14:57 - 2015-02-15 14:57 - 00000000 ____D () C:\Users\Reungoat\Desktop\Old Firefox Data
    2015-02-12 21:03 - 2015-02-14 10:15 - 00000000 ____D () C:\Users\Reungoat\Downloads\Hola
    2015-02-12 09:01 - 2015-01-23 14:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-12 09:01 - 2015-01-23 14:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-12 09:01 - 2015-01-23 13:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-12 09:01 - 2015-01-23 13:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-11 14:56 - 2015-02-11 14:56 - 00000000 ____D () C:\Users\Reungoat\.imagej
    2015-02-11 12:32 - 2015-02-11 14:25 - 00000000 ____D () C:\Program Files (x86)\ImageJ
    2015-02-11 12:32 - 2015-02-11 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageJ
    2015-02-11 08:56 - 2015-02-04 13:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-11 08:56 - 2015-02-04 13:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-11 08:56 - 2015-02-04 13:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-11 08:56 - 2015-02-04 13:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-11 08:56 - 2015-02-04 13:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-11 08:56 - 2015-02-04 13:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-11 08:56 - 2015-02-04 13:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-11 08:56 - 2015-01-28 09:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-11 08:56 - 2015-01-14 15:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-11 08:56 - 2015-01-14 15:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-11 08:56 - 2015-01-13 13:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-11 08:56 - 2015-01-13 12:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-11 08:56 - 2015-01-12 13:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 08:56 - 2015-01-12 13:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 08:56 - 2015-01-12 13:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-11 08:56 - 2015-01-12 12:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-11 08:56 - 2015-01-12 12:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 08:56 - 2015-01-12 12:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 08:56 - 2015-01-12 12:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-11 08:56 - 2015-01-12 12:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-11 08:56 - 2015-01-12 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 08:56 - 2015-01-12 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-11 08:56 - 2015-01-12 12:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 08:56 - 2015-01-12 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 08:56 - 2015-01-12 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-11 08:56 - 2015-01-12 12:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-11 08:56 - 2015-01-12 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-11 08:56 - 2015-01-12 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-11 08:56 - 2015-01-12 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 08:56 - 2015-01-12 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-11 08:56 - 2015-01-12 12:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-11 08:56 - 2015-01-12 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-11 08:56 - 2015-01-12 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 08:56 - 2015-01-12 12:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-11 08:56 - 2015-01-12 12:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-11 08:56 - 2015-01-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-11 08:56 - 2015-01-12 12:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 08:56 - 2015-01-12 12:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-11 08:56 - 2015-01-12 12:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-11 08:56 - 2015-01-12 11:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-11 08:56 - 2015-01-12 11:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-11 08:56 - 2015-01-12 11:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-11 08:56 - 2015-01-12 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 08:56 - 2015-01-12 11:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-11 08:56 - 2015-01-12 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 08:56 - 2015-01-12 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-11 08:56 - 2015-01-12 11:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-11 08:56 - 2015-01-12 11:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 08:56 - 2015-01-12 11:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-11 08:56 - 2015-01-12 11:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-11 08:56 - 2015-01-12 11:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-11 08:56 - 2015-01-12 11:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-11 08:56 - 2015-01-12 11:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 08:56 - 2015-01-12 11:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-11 08:56 - 2015-01-12 11:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-11 08:56 - 2015-01-12 11:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-11 08:56 - 2015-01-12 11:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-11 08:56 - 2015-01-12 11:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 08:56 - 2015-01-12 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-11 08:56 - 2015-01-12 11:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-11 08:56 - 2015-01-12 10:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-11 08:56 - 2015-01-12 10:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-11 08:56 - 2015-01-10 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-11 08:56 - 2015-01-10 16:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-11 08:55 - 2015-01-15 18:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-11 08:55 - 2015-01-15 18:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 08:55 - 2015-01-15 18:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-11 08:55 - 2015-01-15 18:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-11 08:55 - 2015-01-15 18:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-11 08:55 - 2015-01-15 18:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-11 08:55 - 2015-01-15 18:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-11 08:55 - 2015-01-15 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-11 08:55 - 2015-01-15 18:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-11 08:55 - 2015-01-15 18:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-11 08:55 - 2015-01-15 18:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-11 08:55 - 2015-01-15 17:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-11 08:55 - 2015-01-15 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-11 08:55 - 2015-01-15 17:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-11 08:55 - 2015-01-15 17:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-11 08:55 - 2015-01-15 17:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-11 08:55 - 2015-01-15 17:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-11 08:55 - 2015-01-15 14:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-11 08:55 - 2015-01-14 16:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-11 08:55 - 2015-01-14 16:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-11 08:55 - 2015-01-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-11 08:55 - 2015-01-14 16:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-11 08:55 - 2015-01-14 15:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-11 08:55 - 2015-01-14 15:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-11 08:55 - 2015-01-14 15:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-11 08:55 - 2014-12-12 15:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-11 08:55 - 2014-12-12 15:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-11 08:55 - 2014-12-08 13:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-11 08:55 - 2014-12-08 12:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-11 08:55 - 2014-11-26 13:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-11 08:55 - 2014-11-26 13:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-11 08:55 - 2014-10-04 12:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-02-11 08:55 - 2014-10-04 11:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-02-11 08:55 - 2014-10-04 11:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2015-02-11 08:54 - 2015-01-09 12:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-10 10:56 - 2015-02-10 10:56 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\PDFCreator
    2015-02-09 10:08 - 2015-02-25 10:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-09 10:08 - 2015-02-25 10:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-09 10:08 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-09 10:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-02-09 09:34 - 2015-02-15 18:53 - 00000000 ____D () C:\Program Files\PDFCreator
    2015-02-09 09:34 - 2015-02-09 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
    2015-02-09 09:34 - 2015-01-22 16:14 - 00114872 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
    2015-01-31 14:15 - 2015-01-31 14:15 - 00001715 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files\iTunes
    2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files\iPod
    2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files (x86)\iTunes

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-27 11:08 - 2014-05-20 20:52 - 00000000 ____D () C:\ProgramData\BOINC
    2015-02-27 11:05 - 2013-01-30 12:42 - 00000000 ____D () C:\Users\Reungoat\Documents\Outlook Files
    2015-02-27 11:01 - 2013-01-22 17:28 - 01341397 _____ () C:\Windows\WindowsUpdate.log
    2015-02-27 10:54 - 2014-06-28 18:26 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job
    2015-02-27 10:54 - 2014-05-28 10:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-27 10:54 - 2013-01-22 17:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-27 09:50 - 2014-06-28 18:26 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job
    2015-02-27 09:28 - 2014-05-28 10:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-27 09:23 - 2014-07-25 10:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-02-27 09:17 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-27 09:17 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-27 09:14 - 2009-07-14 15:13 - 01060088 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-27 09:11 - 2013-01-30 14:49 - 00000000 ___RD () C:\Users\Reungoat\Documents\Dropbox
    2015-02-27 09:10 - 2014-05-28 10:32 - 00000000 ___RD () C:\Users\Reungoat\Documents\Google Drive
    2015-02-27 09:10 - 2013-01-30 14:46 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Dropbox
    2015-02-27 09:07 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-27 09:07 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-26 17:44 - 2013-01-30 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-26 14:04 - 2015-01-27 16:31 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Spotify
    2015-02-26 10:59 - 2015-01-27 16:32 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Spotify
    2015-02-25 12:55 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Default
    2015-02-25 12:43 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini
    2015-02-25 12:31 - 2009-07-14 12:34 - 89391104 _____ () C:\Windows\system32\config\SOFTWARE.bak
    2015-02-25 12:31 - 2009-07-14 12:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak
    2015-02-25 12:31 - 2009-07-14 12:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
    2015-02-25 12:31 - 2009-07-14 12:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
    2015-02-25 12:31 - 2009-07-14 12:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
    2015-02-24 15:42 - 2014-06-06 09:36 - 00000000 ____D () C:\Users\Reungoat\Documents\Simple Sticky Notes
    2015-02-24 12:17 - 2012-02-11 15:46 - 00000000 ____D () C:\ProgramData\National Instruments
    2015-02-24 12:16 - 2012-02-11 15:47 - 00000000 ____D () C:\Program Files (x86)\National Instruments
    2015-02-24 12:14 - 2012-02-11 15:52 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\National Instruments
    2015-02-22 22:12 - 2013-02-03 18:03 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Skype
    2015-02-21 16:30 - 2013-01-30 12:28 - 00000000 ____D () C:\Users\Reungoat
    2015-02-19 09:07 - 2013-08-03 16:56 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-19 09:06 - 2014-11-12 14:38 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
    2015-02-19 09:06 - 2013-08-03 16:56 - 00000000 ____D () C:\ProgramData\Garmin
    2015-02-19 09:06 - 2013-08-03 16:56 - 00000000 ____D () C:\Program Files (x86)\Garmin
    2015-02-15 18:53 - 2013-02-05 19:20 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\uTorrent
    2015-02-15 18:51 - 2014-07-25 14:23 - 00000000 ____D () C:\Windows\Minidump
    2015-02-15 18:51 - 2011-02-11 00:25 - 00000000 ____D () C:\Windows\panther
    2015-02-15 17:14 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-15 15:02 - 2013-03-20 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laser GPS
    2015-02-15 15:02 - 2013-03-20 18:45 - 00000000 ____D () C:\Program Files (x86)\Laser GPS
    2015-02-15 10:13 - 2014-05-26 16:36 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-15 10:12 - 2014-11-04 08:39 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-02-15 10:10 - 2014-11-04 08:39 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-02-15 10:10 - 2014-11-04 08:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2015-02-15 10:10 - 2014-11-04 08:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2015-02-15 10:10 - 2014-11-04 08:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-02-15 08:42 - 2009-07-14 15:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-13 11:24 - 2013-01-30 14:46 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-02-12 08:39 - 2009-07-14 14:45 - 00343728 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-12 08:38 - 2014-12-11 10:15 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-12 08:38 - 2014-05-06 19:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-12 08:37 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-11 22:08 - 2013-01-30 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-11 22:08 - 2009-07-14 12:34 - 00000478 _____ () C:\Windows\win.ini
    2015-02-11 22:05 - 2013-07-23 21:59 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-11 21:59 - 2013-02-01 14:04 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-10 08:36 - 2013-01-30 23:31 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
    2015-02-09 10:05 - 2014-08-17 11:58 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Adobe
    2015-02-09 10:04 - 2013-01-22 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-09 10:04 - 2013-01-22 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-09 10:04 - 2013-01-22 17:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-09 09:45 - 2014-06-28 18:26 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA
    2015-02-09 09:45 - 2014-06-28 18:26 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core
    2015-02-09 09:23 - 2014-05-28 10:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-09 09:23 - 2014-05-28 10:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-01 10:50 - 2014-12-07 20:26 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    2015-02-01 10:50 - 2014-05-20 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    2015-02-01 10:49 - 2013-01-22 17:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-01-31 14:15 - 2013-04-07 17:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-01-28 17:12 - 2013-02-07 13:07 - 00000000 ____D () C:\Users\Reungoat\Documents\Membrane Futures
    2015-01-28 16:10 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF

    Some content of TEMP:
    ====================
    C:\Users\Reungoat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4izx1e.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-23 14:01

    ==================== End Of Log ============================
     
  20. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
    Ran by Reungoat at 2015-02-27 11:09:29
    Running from C:\Users\Reungoat\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
    AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BASF Sokalan RO Xpert 2013B1 (HKLM-x32\...\ST5UNST #2) (Version: - )
    BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
    BOINC (HKLM\...\{84676CB3-965C-496F-AB81-EB148406E9D7}) (Version: 7.4.36 - Space Sciences Laboratory, U.C. Berkeley)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
    Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant)
    Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
    Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
    Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
    Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.009 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
    DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
    Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    Dropbox (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
    Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
    EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
    Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
    GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
    Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
    ImageJ 1.48v (HKLM-x32\...\ImageJ_is1) (Version: - NIH)
    IMSdesign (HKLM-x32\...\{69CE1F8E-0CAB-479F-A362-FC44C4A00904}) (Version: 20.12.8 - Hydranautics)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
    Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
    iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
    iTunes Library Updater (HKLM-x32\...\{38EE230F-F631-451F-8800-E29F5E5C9E7D}) (Version: 1.2.2 - N/A)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
    Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Math Kernel Libraries (64-bit) (Version: 13.0.13 - National Instruments) Hidden
    Math Kernel Libraries (x32 Version: 13.0.13 - National Instruments) Hidden
    Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
    Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
    Media Go Video Playback Engine 2.12.104.06300 (HKLM-x32\...\{9797040D-7B42-7E9F-4289-9FA87AB89771}) (Version: 2.12.104.06300 - Sony)
    Membrane Master 4 version 1.16 (HKLM-x32\...\{26A83897-CA9F-4D3F-B456-2EDD1F9FF3C0}}_is1) (Version: 1.16 - Genesys International)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
    Mozilla Firefox 36.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-GB)) (Version: 36.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Music Manager (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\MusicManager) (Version: - Google, Inc.)
    My Photo Box V3 (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\My Photo Box V3) (Version: My Photo Box V3 3.1.2 - My Photo Box)
    National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
    NetWorx 5.3.3 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
    NI ActiveX Container (64-bit) (Version: 13.0.4 - National Instruments) Hidden
    NI ActiveX Container (x32 Version: 13.0.4 - National Instruments) Hidden
    NI Authentication 13.0.0 (64-bit) (Version: 13.0.326 - National Instruments) Hidden
    NI Authentication 13.0.0 (x32 Version: 13.0.326 - National Instruments) Hidden
    NI Curl 13.0.0 (64-bit) (Version: 13.0.324 - National Instruments) Hidden
    NI Curl 13.0.0 (x32 Version: 13.0.324 - National Instruments) Hidden
    NI DataSocket 5.1 (64-bit) (Version: 5.1.227 - National Instruments) Hidden
    NI DataSocket 5.1 (x32 Version: 5.1.227 - National Instruments) Hidden
    NI Error Reporting 2013 (x32 Version: 13.0.324 - National Instruments) Hidden
    NI Error Reporting Interface Installer 5.5 (x32 Version: 5.50.49152 - National Instruments) Hidden
    NI Error Reporting Interface Installer 5.5 for Windows 64-bit (Version: 5.50.49152 - National Instruments) Hidden
    NI EulaDepot (x32 Version: 3.20.351 - National Instruments) Hidden
    NI GMP Windows 32-bit Installer 13.0.0 (x32 Version: 13.0.45.0 - National Instruments) Hidden
    NI GMP Windows 64-bit Installer 13.0.0 (Version: 13.0.45.0 - National Instruments) Hidden
    NI Help Assistant 2.0 (64bit) (Version: 2.0.3 - National Instruments) Hidden
    NI Help Assistant 2.0 (x32 Version: 2.0.3 - National Instruments) Hidden
    NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 13.0.336 - National Instruments) Hidden
    NI LabVIEW 2013 Deployable License (x32 Version: 13.0.303 - National Instruments) Hidden
    NI LabVIEW 2013 Deployment Framework (x32 Version: 13.0.330 - National Instruments) Hidden
    NI LabVIEW 2013 Run-Time Engine Non-English Support. (x32 Version: 13.0.329 - National Instruments) Hidden
    NI LabVIEW 2013 Run-Time Engine Web Server (x32 Version: 13.0.321 - National Instruments) Hidden
    NI LabVIEW Run-Time Engine 2013 (x32 Version: 13.0.332 - National Instruments) Hidden
    NI LabVIEW Run-Time Engine Interop 2013 (x32 Version: 13.0.332 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI Launcher (x32 Version: 3.11.186 - National Instruments) Hidden
    NI License Manager (x32 Version: 3.7.53 - National Instruments) Hidden
    NI Logos 5.5 (64-bit) (Version: 5.5.293 - National Instruments) Hidden
    NI Logos 5.5 (x32 Version: 5.5.293 - National Instruments) Hidden
    NI Logos XT Support (x32 Version: 5.5.294 - National Instruments) Hidden
    NI Logos64 XT Support (Version: 5.5.294 - National Instruments) Hidden
    NI MDF Support (x32 Version: 3.20.351 - National Instruments) Hidden
    NI mDNS Responder 2.2 for Windows 64-bit (Version: 2.20.49152 - National Instruments) Hidden
    NI mDNS Responder 2.2.0 (x32 Version: 2.20.49152 - National Instruments) Hidden
    NI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) Hidden
    NI Measurement Studio ComponentWorks UI (x32 Version: 8.6.10603 - National Instruments) Hidden
    NI MXS 5.5.0 (x32 Version: 5.50.49152 - National Instruments) Hidden
    NI MXS 5.5.0 for 64 Bit Windows (Version: 5.50.49152 - National Instruments) Hidden
    NI OPC Support (x32 Version: 13.0.296 - National Instruments) Hidden
    NI OPCEnum Shared (x32 Version: 5.5.2018 - National Instruments) Hidden
    NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
    NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
    NI Service Locator 13.0 (x32 Version: 13.0.303 - National Instruments) Hidden
    NI SSL LabVIEW RTE 2013 Support (x32 Version: 13.0.317 - National Instruments) Hidden
    NI SSL Support (64-bit) (Version: 13.0.319 - National Instruments) Hidden
    NI SSL Support (x32 Version: 13.0.324 - National Instruments) Hidden
    NI System State Publisher (64-bit) (Version: 13.0.299 - National Instruments) Hidden
    NI System State Publisher (x32 Version: 13.0.304 - National Instruments) Hidden
    NI System Web Server 13.0 (x32 Version: 13.0.330 - National Instruments) Hidden
    NI System Web Server Base 13.0.0 (64-bit) (Version: 13.0.323 - National Instruments) Hidden
    NI System Web Server Base 13.0.0 (x32 Version: 13.0.323 - National Instruments) Hidden
    NI TDM Streaming 2.5 (64-bit) (Version: 2.5.36 - National Instruments) Hidden
    NI TDM Streaming 2.5 (x32 Version: 2.5.36 - National Instruments) Hidden
    NI Trace Engine (64-bit) (Version: 13.0.324 - National Instruments) Hidden
    NI Trace Engine (x32 Version: 13.0.324 - National Instruments) Hidden
    NI Uninstaller (x32 Version: 3.20.351 - National Instruments) Hidden
    NI USI 2.0.1 (x32 Version: 2.0.15249 - National Instruments) Hidden
    NI USI 2.0.1 64-Bit (Version: 2.0.15249 - National Instruments) Hidden
    NI Variable Engine (64-bit) (Version: 2.7.297 - National Instruments) Hidden
    NI Variable Engine 2.6.0 (x32 Version: 2.7.297 - National Instruments) Hidden
    NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
    NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
    NI VC2010SP1MSMs x64 (Version: 10.0.100 - National Instruments) Hidden
    NI VC2010SP1MSMs x86 (x32 Version: 10.0.100 - National Instruments) Hidden
    NI Web Application Server 13.0 (64-bit) (Version: 13.0.319 - National Instruments) Hidden
    NI Web Application Server 13.0 (x32 Version: 13.0.324 - National Instruments) Hidden
    NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden
    NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden
    NI-Mesa (Version: 12.0.7.0 - National Instruments) Hidden
    NI-Mesa (x32 Version: 12.0.7.0 - National Instruments) Hidden
    NI-RPC 4.4.0f0 (x32 Version: 4.40.49152 - National Instruments) Hidden
    NI-RPC 4.4.0f0 for 64 Bit Windows (Version: 4.40.49152 - National Instruments) Hidden
    NI-RPC 4.4.0f0 for Phar Lap ETS (x32 Version: 4.40.49152 - National Instruments) Hidden
    NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
    Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
    PC-CCID (Version: 2.0.0 - Gemalto) Hidden
    PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
    PermaCare - Global - RO12_6 (HKLM-x32\...\ST5UNST #1) (Version: - )
    Phreeqc Interactive 3.1.1-8288 (HKLM-x32\...\{AF12E5C7-F459-446D-BAA1-704EF23825AF}) (Version: 3.1.8288 - U.S. Geological Survey)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
    Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    ROSA9 (HKLM-x32\...\{A155B355-9995-4B14-BA3C-2903E59A5B95}) (Version: 9.1 - Dow Chemical)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SigmaPlot 12.5 (HKLM-x32\...\{730E22C0-A5A9-4A1B-AE66-570573DCA0E8}) (Version: 12.5 - Systat Software, Inc.)
    Simple Sticky Notes 2.5.1 (HKLM-x32\...\Simple Sticky Notes_is1) (Version: - Simnet Ltd.)
    SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.14.201410081526 - Sony Mobile Communications AB)
    Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
    SportTracks 3.1 (HKLM-x32\...\{99895EF0-B290-4B21-B1FE-FB00E1B5D195}) (Version: 3.1.5202 - Zone Five Software)
    Spotify (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)
    SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
    ThePhotobookClub.com.au (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\ThePhotobookClub.com.au) (Version: ThePhotobookClub.com.au 3.2.0 - PhotobookClub.com.au)
    toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
    TorayDS2 (HKLM-x32\...\{4E2DF308-B412-40E6-8085-135DB10C7CE2}) (Version: 2.1.98 - Toray Membrane USA)
    TorayDS2 (HKLM-x32\...\{664613D6-9485-41B8-B132-645468850604}) (Version: 2.1.58 - Toray Membrane USA)
    Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
    Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
    Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
    Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
    WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Winflows 3.1.2 (HKLM-x32\...\{EDF5CC51-924D-40DE-B81E-3A6485BB5294}) (Version: 1.0.0 - GE)
    Winflows 3.2.1 (HKLM-x32\...\{4340C834-9D2E-4FD3-B472-56BDE18349D0}) (Version: 1.0.0 - GE)
    WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    Zotero Standalone 4.0.17 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.17 (x86 en-US)) (Version: 4.0.17 - Zotero)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 12:34 - 2015-02-25 12:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {255B06CB-3E92-4A75-83EE-BA3512CAB800} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
    Task: {51009F25-8633-46B9-AC95-AE201ABA18B0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
    Task: {5224892A-758A-4924-919E-C7BC9F8B81F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {A976DB8A-DE98-484C-89C8-15460CE1C5D0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {CDE74A73-2917-4A22-8AF0-66F387BEEB55} - System32\Tasks\Dell\Command Update => C:\Program Files (x86)\Dell\CommandUpdate\DellCommandUpdate.exe [2014-05-05] (Dell Inc.)
    Task: {D66628E2-2540-4993-90BF-578A706E5905} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {EA5219CA-967B-4715-B533-F3C926340102} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.)
    Task: {ED930701-0FDB-4EE5-8637-D555A87B7F86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
    Task: {F0F8EA82-7318-49F3-A61E-8C35D121466E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
    Task: {F1501957-74AA-4E7D-859F-47024B97B1A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe
     
  21. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    ==================== Loaded Modules (whitelisted) ==============

    2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
    2013-12-22 12:50 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-01-17 23:45 - 2012-01-17 23:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    2012-01-17 23:45 - 2012-01-17 23:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
    2011-10-09 14:56 - 2011-10-09 14:56 - 00003072 _____ () C:\PROGRAM FILES (X86)\NTRU CRYPTOSYSTEMS\NTRU TCG SOFTWARE STACK\BIN\TspPopup_ENU.dll
    2011-11-07 23:55 - 2011-11-07 23:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
    2006-12-09 07:42 - 2013-01-22 17:50 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
    2006-12-09 07:41 - 2013-01-22 17:50 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
    2013-01-22 19:12 - 2012-02-02 07:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2015-02-23 10:37 - 2014-12-23 13:33 - 00755200 _____ () C:\Program Files\NetWorx\sqlite.dll
    2015-02-23 10:37 - 2015-01-05 17:55 - 00146424 _____ () C:\Program Files\NetWorx\nfapi.dll
    2013-10-15 12:31 - 2013-10-15 12:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
    2014-08-19 09:42 - 2014-08-19 09:42 - 00784384 _____ () C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe
    2014-08-19 09:54 - 2014-07-17 00:40 - 04596224 _____ () C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe
    2012-12-18 17:53 - 2012-12-18 17:53 - 01861120 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ricaz0UR.dll
    2013-12-13 08:36 - 2013-12-13 08:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
    2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
    2014-06-06 09:36 - 2012-12-04 21:19 - 00378368 _____ () C:\Program Files (x86)\Simnet\Simple Sticky Notes\sqlite3.dll
    2013-06-07 10:59 - 2013-06-07 10:59 - 01958560 _____ () C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll
    2012-01-26 10:36 - 2012-01-26 10:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
    2015-02-11 07:00 - 2015-02-11 07:00 - 00750080 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-02-27 09:10 - 2015-02-27 09:10 - 00043008 _____ () c:\users\reungoat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4izx1e.dll
    2015-02-11 07:00 - 2015-02-11 07:00 - 00047616 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-02-11 07:00 - 2015-02-11 07:00 - 00865280 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-02-11 07:00 - 2015-02-11 07:00 - 00200704 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2015-02-11 07:00 - 2015-02-11 07:00 - 00118784 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll
    2015-02-27 09:09 - 2015-02-27 09:09 - 00098816 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32api.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00110080 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\pywintypes27.dll
    2015-02-27 09:09 - 2015-02-27 09:09 - 00364544 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\pythoncom27.dll
    2015-02-27 09:09 - 2015-02-27 09:09 - 00045568 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_socket.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 01160704 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_ssl.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00320512 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32com.shell.shell.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00713216 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_hashlib.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 01175040 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._core_.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00805888 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._gdi_.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00811008 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._windows_.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 01062400 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._controls_.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00735232 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._misc_.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00557056 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\pysqlite2._sqlite.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00128512 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_elementtree.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00127488 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\pyexpat.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00087552 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_ctypes.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00119808 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32file.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00108544 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32security.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00007168 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\hashobjs_ext.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00167936 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32gui.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00018432 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32event.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00038912 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32inet.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00011264 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32crypt.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00070656 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._html2.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00027136 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_multiprocessing.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00035840 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32process.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00686080 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\unicodedata.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00122368 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._wizard.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00024064 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32pipe.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00025600 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32pdh.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00525640 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\windows._lib_cacheinvalidation.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00010240 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\select.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00017408 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32profile.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00022528 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32ts.pyd
    2015-02-27 09:09 - 2015-02-27 09:09 - 00078336 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._animate.pyd
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
    2015-02-15 15:15 - 2015-02-15 15:15 - 00133120 _____ () C:\Users\Reungoat\AppData\Roaming\ggcenzvn\colers.dll
    2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
    2014-10-16 03:38 - 2014-10-16 03:38 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll
    2013-01-22 17:47 - 2012-05-31 05:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2014-06-10 09:01 - 2013-11-14 05:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-02-09 10:04 - 2015-02-09 10:04 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2935964518-2361115088-2651154713-500 - Administrator - Disabled)
    Guest (S-1-5-21-2935964518-2361115088-2651154713-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-2935964518-2361115088-2651154713-1002 - Limited - Enabled)
    Reungoat (S-1-5-21-2935964518-2361115088-2651154713-1000 - Administrator - Enabled) => C:\Users\Reungoat

    ==================== Faulty Device Manager Devices =============

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Bluetooth Peripheral Device
    Description: Bluetooth Peripheral Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2074

    Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2074

    Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

    Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1045

    Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/27/2015 09:09:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
    Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

    Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
    Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

    Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
    Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0


    System errors:
    =============
    Error: (02/27/2015 09:07:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (02/27/2015 09:06:57 AM) (Source: volsnap) (EventID: 27) (User: )
    Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

    Error: (02/27/2015 09:06:53 AM) (Source: volsnap) (EventID: 27) (User: )
    Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

    Error: (02/27/2015 09:04:30 AM) (Source: volsnap) (EventID: 25) (User: )
    Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

    Error: (02/26/2015 02:23:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Cisco AnyConnect Secure Mobility Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (02/26/2015 09:03:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (02/25/2015 03:27:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (02/25/2015 03:10:22 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


    Microsoft Office Sessions:
    =========================
    Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2074

    Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2074

    Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

    Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1045

    Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/27/2015 09:09:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
    Description: Eap method DLL path name43900

    Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
    Description: Eap method DLL path name25900

    Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
    Description: Eap method DLL path name17900


    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-25 12:24:08.600
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-02-25 12:24:08.560
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-15 11:15:51.801
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-15 11:15:51.791
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-15 11:15:51.791
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-15 11:15:51.771
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-15 11:15:51.771
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-15 11:15:51.771
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-13 10:51:48.984
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-10-13 10:51:48.983
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
    Percentage of memory in use: 53%
    Total physical RAM: 8097.21 MB
    Available physical RAM: 3770.89 MB
    Total Pagefile: 16192.62 MB
    Available Pagefile: 11474.01 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:453.57 GB) (Free:159.99 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AE1759B2)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=453.6 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Is IE actually open when you see iexplore.exe in Task Manager?
     
  23. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    No, I can't see any IE window open, there is no sound or pop-up windows either. I never use IE myself, I use Firefox.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Definitely nothing malicious there.
    I can see iexplore.exe running but I suspect it's caused by one of your programs.
    Which one I'm not sure.

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as Autoruns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Paste content of Autoruns.txt file into your next reply.
     
  25. JulienR

    JulienR TS Rookie Topic Starter Posts: 29

    The only program I installed recently that I think could cause that is Spotify but IE is running in task manager even when Spotify is not open.

    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "25/02/2015 12:42 PM" ""
    + "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe" "8/07/2013 4:00 PM" ""
    + "boinctray" "BOINC System Tray for Windows" "Space Sciences Laboratory" "c:\program files\boinc\boinctray.exe" "12/12/2014 9:01 AM" ""
    + "DBRMTray" "DBRM_Toaster" "Dell Computer Corporation" "c:\dell\dbrm\reminder\dbrmtrayicon.exe" "9/03/2011 5:52 AM" ""
    + "DFEPApplication" "Dell Feature Enhancement Pack" "Dell Inc." "c:\program files\dell\feature enhancement pack\dfepapplication.exe" "16/08/2012 7:24 AM" ""
    + "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe" "21/03/2014 1:39 AM" ""
    + "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe" "21/03/2014 1:40 AM" ""
    + "NetWorx" "NetWorx Application (64-bit)" "SoftPerfect Research" "c:\program files\networx\networx.exe" "4/02/2015 5:38 PM" ""
    + "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe" "21/03/2014 1:39 AM" ""
    + "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe" "16/08/2013 8:39 PM" ""
    + "TdmNotify" "Trusted Drive Manager User Notifier" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmnotify.exe" "9/12/2011 4:45 AM" ""
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "25/02/2015 11:38 AM" ""
    + "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" "21/01/2015 7:28 AM" ""
    + "Dell Webcam Central" "WebcamDell2.exe" "Creative Technology Ltd" "c:\program files (x86)\dell webcam\dell webcam central\webcamdell2.exe" "16/12/2011 5:17 PM" ""
    + "IAStorIcon" "Delayed launcher" "Intel Corporation" "c:\program files (x86)\intel\intel(r) rapid storage technology\iastoriconlaunch.exe" "8/06/2012 5:18 AM" ""
    + "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe" "3/10/2014 6:54 AM" ""
    + "USB3MON" "Intel(R) USB 3.0 Monitor" "Intel Corporation" "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe" "22/02/2013 10:38 PM" ""
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "24/02/2015 12:17 PM" ""
    + "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe" "20/02/2013 6:52 AM" ""
    + "Digital Line Detect.lnk" "Digital Line Detection" "Avanquest Software " "c:\program files (x86)\digital line detect\dlg.exe" "22/09/2006 5:35 PM" ""
    + "NI Error Reporting.lnk" "NI Error Reporting Server" "National Instruments Corporation" "c:\program files (x86)\national instruments\shared\ni error reporting\nierserver.exe" "8/06/2013 1:58 AM" ""
    "C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "26/02/2015 2:12 PM" ""
    + "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\reungoat\appdata\roaming\dropbox\bin\dropbox.exe" "11/02/2015 6:58 AM" ""
    + "Smart Settings.lnk" "DellSmartSettings" "Dell Inc." "c:\program files\dell\feature enhancement pack\smartsettings.exe" "16/08/2012 7:22 AM" ""
    "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "25/02/2015 12:55 PM" ""
    + "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14/07/2009 9:58 AM" ""
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "25/02/2015 12:55 PM" ""
    + "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "14/07/2009 9:42 AM" ""
    "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "25/02/2015 12:28 PM" ""
    + "boincmgr" "BOINC Manager for Windows" "Space Sciences Laboratory" "c:\program files\boinc\boincmgr.exe" "12/12/2014 9:02 AM" ""
    + "GoogleDriveSync" "Google Drive" "Google" "c:\program files (x86)\google\drive\googledrivesync.exe" "3/11/2012 5:03 AM" ""
    + "Simple Sticky Notes" "Simple Sticky Notes " "Simnet Ltd. " "c:\program files (x86)\simnet\simple sticky notes\ssn.exe" "25/10/2014 8:11 AM" ""
    + "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\users\reungoat\appdata\roaming\spotify\data\spotifywebhelper.exe" "4/12/2014 8:46 PM" ""
    "HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "30/01/2013 12:01 PM" ""
    + "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll" "28/02/2010 7:24 PM" ""
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
    + "GDContextMenu" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\contextmenu64.dll" "16/01/2015 10:57 AM" ""
    + "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\shellex.dll" "11/12/2014 7:56 PM" ""
    + "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "22/08/2013 11:01 PM" ""
    "HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
    + "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\shellex.dll" "11/12/2014 8:02 PM" ""
    + "PDFArchitectExtension" "PDF Architect Shell Extension" "pdfforge GbR" "c:\program files (x86)\pdf architect\contextmenuext.dll" "10/01/2013 12:30 AM" ""
    + "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll" "22/08/2013 11:01 PM" ""
    "HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
    + "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\shellex.dll" "11/12/2014 7:56 PM" ""
    "HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
    + "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\shellex.dll" "11/12/2014 8:02 PM" ""
    "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
    + "GDContextMenu" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\contextmenu64.dll" "16/01/2015 10:57 AM" ""
    + "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\shellex.dll" "11/12/2014 7:56 PM" ""
    "HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
    + "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\shellex.dll" "11/12/2014 8:02 PM" ""
    "HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" "10/12/2013 8:37 AM" ""
    + "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btncopy.dll" "20/02/2013 6:55 AM" ""
    "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "22/01/2013 7:24 PM" ""
    + "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "14/07/2009 11:32 AM" ""
    + "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "21/03/2014 1:39 AM" ""
    "HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "22/01/2013 7:24 PM" ""
    + "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll" "14/07/2009 11:09 AM" ""
    "HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "31/01/2013 12:46 PM" ""
    + "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "11/05/2013 7:34 PM" ""
    "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2014 10:11 AM" ""
    + "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\shellex.dll" "11/12/2014 7:56 PM" ""
    + "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "22/08/2013 11:01 PM" ""
    "HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2014 10:11 AM" ""
    + "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\shellex.dll" "11/12/2014 8:02 PM" ""
    + "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll" "22/08/2013 11:01 PM" ""
    "HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "18/09/2013 10:29 AM" ""
    + "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "22/08/2013 11:01 PM" ""
    "HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "18/09/2013 10:29 AM" ""
    + "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll" "22/08/2013 11:01 PM" ""
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "28/05/2014 10:28 AM" ""
    + "EnabledUnlockedFDEIconOverlay" "TDM Icon Overlay" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmiconoverlay.dll" "9/12/2011 4:43 AM" ""
    + "GDriveBlacklistedOverlay" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\googledrivesync64.dll" "16/01/2015 10:56 AM" ""
    + "GDriveSharedEditOverlay" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\googledrivesync64.dll" "16/01/2015 10:56 AM" ""
    + "GDriveSharedViewOverlay" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\googledrivesync64.dll" "16/01/2015 10:56 AM" ""
    + "GDriveSyncedOverlay" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\googledrivesync64.dll" "16/01/2015 10:56 AM" ""
    + "GDriveSyncingOverlay" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\googledrivesync64.dll" "16/01/2015 10:56 AM" ""
    + "UninitializedFdeIconOverlay" "TDM Icon Overlay" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmiconoverlay.dll" "9/12/2011 4:43 AM" ""
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "26/02/2015 1:47 PM" ""
    + "Content Blocker Plugin" "Content Blocker Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\contentblocker\ie_content_blocker_plugin.dll" "5/11/2013 12:07 AM" ""
    + "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll" "6/03/2013 5:39 PM" ""
    + "Safe Money Plugin" "Safe Money Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\onlinebanking\online_banking_bho.dll" "14/12/2013 1:27 AM" ""
    + "URL Advisor Plugin" "URL Advisor Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\urladvisor\klwtbbho.dll" "11/02/2014 2:43 AM" ""
    + "Virtual Keyboard Plugin" "Virtual Keyboard Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll" "11/12/2014 8:00 PM" ""
    + "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll" "22/09/2010 7:47 AM" ""
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "26/02/2015 1:47 PM" ""
    + "Content Blocker Plugin" "Content Blocker Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\contentblocker\ie_content_blocker_plugin.dll" "5/11/2013 12:09 AM" ""
    + "Java(tm) Plug-In 2 SSV Helper" "Java(TM) Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_31\bin\jp2ssv.dll" "18/12/2014 3:31 PM" ""
    + "Java(tm) Plug-In SSV Helper" "Java(TM) Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_31\bin\ssv.dll" "18/12/2014 3:31 PM" ""
    + "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll" "6/03/2013 5:38 PM" ""
    + "PDF Architect Helper" "PDF Architect Helper" "pdfforge GbR" "c:\program files (x86)\pdf architect\pdfiehelper.dll" "10/01/2013 12:27 AM" ""
    + "Safe Money Plugin" "Safe Money Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\onlinebanking\online_banking_bho.dll" "14/12/2013 1:29 AM" ""
    + "URL Advisor Plugin" "URL Advisor Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\urladvisor\klwtbbho.dll" "11/02/2014 2:46 AM" ""
    + "Virtual Keyboard Plugin" "Virtual Keyboard Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll" "11/12/2014 8:02 PM" ""
    + "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll" "22/09/2010 7:01 AM" ""
    "HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "25/07/2014 10:11 AM" ""
    + "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll" "6/03/2013 7:37 PM" ""
    + "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll" "13/08/2013 5:58 AM" ""
    + "URLs check" "URL Advisor Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\urladvisor\klwtbbho.dll" "11/02/2014 2:43 AM" ""
    + "Virtual Keyboard" "Virtual Keyboard Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll" "11/12/2014 8:00 PM" ""
    "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "25/07/2014 10:11 AM" ""
    + "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll" "10/11/2010 8:03 PM" ""
    + "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll" "6/03/2013 7:25 PM" ""
    + "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll" "13/08/2013 5:46 AM" ""
    + "URLs check" "URL Advisor Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\urladvisor\klwtbbho.dll" "11/02/2014 2:46 AM" ""
    + "Virtual Keyboard" "Virtual Keyboard Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll" "11/12/2014 8:02 PM" ""
    "Task Scheduler" "" "" "" "" ""
    + "\Adobe Acrobat Update Task" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "20/12/2014 2:43 AM" ""
    + "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 16.0 r0" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "3/02/2015 8:07 AM" ""
    + "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe" "2/06/2011 10:46 AM" ""
    + "\Dell\Command Update" "Dell Command | Update" "Dell Inc." "c:\program files (x86)\dell\commandupdate\dellcommandupdate.exe" "6/05/2014 2:45 AM" ""
    + "\GarminUpdaterTask" "GarminSelfUpdater" "" "c:\program files (x86)\garmin\express self updater\expressselfupdater.exe" "1/01/2015 2:30 AM" ""
    + "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
    + "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
    + "\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core" "Google Installer" "Google Inc." "c:\users\reungoat\appdata\local\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
    + "\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA" "Google Installer" "Google Inc." "c:\users\reungoat\appdata\local\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
    + "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll" "10/11/2010 8:02 PM" ""
    + "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "11/06/2009 6:36 AM" ""
    + "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "14/07/2009 10:24 AM" ""
    "HKLM\System\CurrentControlSet\Services" "" "" "" "26/02/2015 5:20 PM" ""
    + "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "20/12/2014 2:43 AM" ""
    + "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "3/02/2015 8:07 AM" ""
    + "Apple Mobile Device Service" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe" "19/12/2014 10:38 PM" ""
    + "AVP" "Provides computer protection against viruses, dangerous software, network attacks, internet fraud and spam." "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\avp.exe" "30/09/2013 1:13 AM" ""
    + "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "31/08/2011 3:52 PM" ""
    + "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwdins.exe" "20/02/2013 6:55 AM" ""
    + "cphs" "Intel(R) Content Protection HECI Service - enables communication with the Content Protection FW" "Intel Corporation" "c:\windows\syswow64\intelcphecisvc.exe" "9/02/2013 6:26 AM" ""
    + "DFEPService" "Dell Feature Enhancement Pack Service" "Dell Inc." "c:\program files\dell\feature enhancement pack\dfepservice.exe" "16/08/2012 7:25 AM" ""
    + "EmbassyService" "EmbassyServer Application" "" "c:\program files\dell\dell data protection\access\advanced\wave\embassy client core\embassyserver.exe" "17/01/2012 9:37 PM" ""
    + "Garmin Core Update Service" "Keeps the software and content on your Garmin devices and the Garmin software on your PC up to date." "Garmin Ltd or its subsidiaries" "c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe" "1/01/2015 2:30 AM" ""
    + "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
    + "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
    + "gusvc" "gusvc" "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe" "14/12/2006 3:55 PM" ""
    + "HsfXAudioService" "User-mode gate for HSF Modem" "Conexant Systems, Inc." "c:\windows\syswow64\xaudio64.dll" "30/04/2009 4:21 AM" ""
    + "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe" "31/05/2012 6:55 AM" ""
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...