Solved Internet explorer running ads in background with no window open

JulienR

Posts: 29   +0
Hello,

A week ago my computer started playing ad sounds randomly but I first couldn't see where it was coming from. I thought it was from a page I had opened but even with Firefox closed it kept on doing it. And it sounded like it would play only a portion of the ad, like a few seconds. Later I started seeing small ad windows and experiencing random redirections to commercial websites on Firefox. I also noticed I was using up a lot of internet data (it went up to 15 GB in a day). And finally I noticed internet explorer was open in task manager but I didn’t open open it and there was no window to be seen.

I have Kaspersky AV and ran it with no results. I ran MBAM and it found a bunch of potentially unwanted program which I all removed. I also went through my program list, googled the ones that I din’t know and uninstalled a couple that were suspicious. After that, the random sounds and ads and redirections stopped, everything seemed to be OK.

But, a couple of days ago I noticed high data usage again and checked task manager. Here it was again, internet explorer open with no visible window. There was none of the other symptoms though. I ran Kaspersky and MBAM again with no results. I also tried MBAM anti-rootkit with no luck. I installed NetWorx in order to try identifying what was using so much data. I found that avp.exe was using a lot but I later read that this was actually Kaspersky and that some programs would connect to the internet via Kaspersky hence the high data usage. Internet explorer does not use much data, if at all. I can’t end the task from the application tab in the task manager but I can end the processes in the processes tab and the internet explorer disappears from the task tab then. However, it comes back after a while.

So after desperate hours of search for a solution I found your website. Below are the logs for MBAM and DSS. I posted two logs for MBAM, the first one I got before I removed all the PUPs and a new one (clean). These were obtained while internet explorer is opened in task manager.

Thank you for your help.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/02/2015
Scan Time: 6:24:00 PM
Logfile: MBAM log 150215.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.15.01
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Reungoat

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 422887
Time Elapsed: 19 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2935964518-2361115088-2651154713-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, No Action By User, [685577a7ddada88ecc8b986f689ba759],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2935964518-2361115088-2651154713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, No Action By User, [79440519eb9f21157ff5aa45d82c01ff],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2935964518-2361115088-2651154713-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, No Action By User, [6f4ee23cc4c687af61d6b6e216ed05fb],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 63
PUP.Optional.Conduit.A, C:\Users\Reungoat\AppData\Roaming\uTorrent\ism.exe, No Action By User, [a11cea34fe8c9b9be4a4882758a98977],
PUP.Optional.Amonetize.A, C:\$Recycle.Bin\S-1-5-21-2935964518-2361115088-2651154713-1000\$RPTMVC1.exe, No Action By User, [09b487979af083b388d374f7dc2415eb],
PUP.Optional.SearchProtect.A, C:\Users\Reungoat\AppData\Local\Temp\SPSetup.exe, No Action By User, [a01d928cfe8c3402b986328212ef1de3],
PUP.Optional.Conduit.A, C:\Users\Reungoat\AppData\Local\Temp\utt6643.tmp.exe, No Action By User, [10ad3ae4bdcd340250afc97a8081af51],
PUP.Optional.SearchProtect.A, C:\Users\Reungoat\AppData\Local\Temp\nsd3D16.exe, No Action By User, [08b5e638e6a4c5713897b0a0e02102fe],
PUP.Optional.Conduit.A, C:\Users\Reungoat\AppData\Local\Temp\nsnB3A9.exe, No Action By User, [ae0f8a94e3a759dd2002486225dc8b75],
PUP.Optional.SearchProtect.A, C:\Users\Reungoat\AppData\Local\Temp\nsnF0D8.exe, No Action By User, [0bb2d34bff8bc670527dcb859c658779],
PUP.Optional.SearchProtect.A, C:\Users\Reungoat\AppData\Local\Temp\nsnF349.exe, No Action By User, [e7d6c35b4d3dce68b01fce822dd4b749],
PUP.Optional.SearchProtect.A, C:\Users\Reungoat\AppData\Local\Temp\nst3EFB.exe, No Action By User, [16a7e13d8efc40f64d822c243dc4da26],
PUP.Optional.MyStartSearch.A, C:\Users\Reungoat\AppData\Local\Temp\awh1D7C.tmp, No Action By User, [10ad4fcf6b1f92a4d6229464887df60a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc256E.exe, No Action By User, [8835f7275a309f979e313c146d9409f7],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc2F8D.exe, No Action By User, [04b9da44c9c1ca6cd2fdc38d877a50b0],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc3B6E.exe, No Action By User, [1aa3011d2a60b6804a85b7996a9703fd],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc430C.exe, No Action By User, [5865af6f7614eb4b755a222e5fa22cd4],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc4493.exe, No Action By User, [3b829c82bfcb76c0a52aafa113ee30d0],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc4609.exe, No Action By User, [8439d9455c2e5bdbf9d6b0a069984fb1],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscBDD7.exe, No Action By User, [e0dd99851b6f4de900cfd0801de4718f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss910C.exe, No Action By User, [912c5fbf6b1f2e08715e38187988c43c],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss910D.exe, No Action By User, [cdf04fcf7a101e18e5eafc5461a0847c],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssA8D1.exe, No Action By User, [08b5a07e92f83bfbce01044cad549f61],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nstE68C.exe, No Action By User, [437aea345139350124ab7bd517eaf60a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw207E.exe, No Action By User, [00bd68b647432e08bb149bb5649d42be],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw207F.exe, No Action By User, [f8c58599503a8babd3fc76da07fab64a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx4B18.exe, No Action By User, [635aed31f991a98d12bda3ad3dc42bd5],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx4B19.exe, No Action By User, [44794ad4becc2c0a1cb3a9a70100ba46],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx6202.exe, No Action By User, [4776a27c73172d096a65133d7b8637c9],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx65F8.exe, No Action By User, [87367ea08dfdc5715c7385cb60a115eb],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx73AD.exe, No Action By User, [2e8f3ee03456cf6727a8f85807fa18e8],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx8F1A.exe, No Action By User, [fcc12cf2f3973600943b4e02d22f2dd3],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsyC315.exe, No Action By User, [3a8371ad9af0f73f180a8d1d9b6617e9],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi1B71.exe, No Action By User, [e2db35e92a6059dd438cd27ecf32a15f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiAC89.exe, No Action By User, [932adc425535a096e8e7014fc23f0ff1],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiD4A0.exe, No Action By User, [ead3c35b0b7f2d09f5daa1afe51ce21e],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiD4A1.exe, No Action By User, [6e4f22fc58323600745b7dd357aa5ea2],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiE69B.exe, No Action By User, [ecd179a5f6941026dcf37ed2ec15a060],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm2F7D.exe, No Action By User, [704d2fef93f765d1d8f75af60af7ff01],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm73BC.exe, No Action By User, [912c7ca209811e183996e070c041c63a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm7F51.exe, No Action By User, [a419f42ae3a79f97daf586ca956cbc44],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmB761.exe, No Action By User, [655843dbc4c6e84e5a75d080c23fa45c],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss2E06.exe, No Action By User, [f4c9140a1872c86eca053b1550b18977],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmDA6A.exe, No Action By User, [378623fb7713c670438ce36de71a3dc3],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmF1E1.exe, No Action By User, [a21b76a8533747efb41b54fcfd04cf31],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsn321C.exe, No Action By User, [04b9c7570189310500226941907138c8],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsnA289.exe, No Action By User, [19a470aee2a86ccac260b7f3bf42956b],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr2149.exe, No Action By User, [b50850ce533744f2fbd49bb54fb2be42],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr30D3.exe, No Action By User, [29949d81d6b42e08814e68e8689940c0],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr4147.exe, No Action By User, [e7d68995602a73c3c807143cb34e916f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr4675.exe, No Action By User, [4875a37bdfab9e98d5fade726a9745bb],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr4676.exe, No Action By User, [7e3f8d91aedce452e5ea85cb56ab659b],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr5120.exe, No Action By User, [308dad71088287af02cdd08010f1e61a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr5479.exe, No Action By User, [6e4f8797f694e650755a3d136b964bb5],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsr547A.exe, No Action By User, [546945d961299c9ab41b153b9f62f50b],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsrA44E.exe, No Action By User, [fac3f32ba7e33204f6d989c7f11002fe],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsrACD6.exe, No Action By User, [24990b13b5d5d561349bd878d9282bd5],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscDA7A.exe, No Action By User, [ecd172ac4446dc5af9d62a26b849d62a],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscF599.exe, No Action By User, [635ad747800ac76f7b54cd83d52ce21e],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscF71F.exe, No Action By User, [e5d863bba3e7989e23ac450b847d11ef],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd34EA.exe, No Action By User, [3885e638d7b353e3745bff51ed14dc24],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh8B14.exe, No Action By User, [cfeedb431971e3533a95ada3f90803fd],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh9965.exe, No Action By User, [318cf9255634f4421eb1b69a4eb38c74],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh9966.exe, No Action By User, [a8154ad4e8a293a3bf1070e0728fc63a],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsi13D2.exe, No Action By User, [d3ea0b132c5e1125cc56634757aa58a8],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi1B70.exe, No Action By User, [dedf59c5f99196a06867e967946de020],

Physical Sectors: 0
(No malicious items detected)


(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/02/2015
Scan Time: 9:52:55 AM
Logfile: MBAM log 240215.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.23.09
Rootkit Database: v2015.02.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Reungoat

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 400515
Time Elapsed: 9 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
Run by Reungoat at 16:20:53 on 2015-02-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8097.2777 [GMT 10:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
C:\Windows\system32\o2flash.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\BOINC\boinc.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe
C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe
C:\Users\Reungoat\AppData\Roaming\Spotify\spotify.exe
C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
C:\Windows\System32\perfmon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
uRun: [Simple Sticky Notes] C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Google Update] "C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
uRun: [Spotify Web Helper] "C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\Users\Reungoat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Reungoat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTS~1.LNK - C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NIERRO~1.LNK - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{07F2CA96-10A6-4614-8BC8-76A37E6161B5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{07F2CA96-10A6-4614-8BC8-76A37E6161B5}\75776457475727563702D41696E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{07F2CA96-10A6-4614-8BC8-76A37E6161B5}\E4564734F6D6D60275962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{07F2CA96-10A6-4614-8BC8-76A37E6161B5}\E4564734F6D6D60275962756C65637370223835373 : DHCPNameServer = 192.168.20.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 wvauth
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
x64-Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
x64-RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\Reungoat\AppData\Local\Hola\firefox\app\vlc\npvlc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-10 20464]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2014-4-10 22128]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-6-6 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-6-6 178272]
R1 networx;networx;C:\Windows\System32\drivers\networx.sys [2015-2-23 60408]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [2014-6-6 214512]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-16 2280504]
R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-12-31 451416]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-22 13632]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-22 189608]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-22 169432]
R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2013-6-8 57696]
R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2013-5-11 260976]
R2 NISystemWebServer;NI System Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2013-6-8 57680]
R2 PDF Architect Helper Service;PDF Architect Helper Service;C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-1-9 1324104]
R2 PDF Architect Service;PDF Architect Service;C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-1-9 795208]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-12-13 560528]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-6 1679872]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-1-22 165688]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-1-22 598808]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-12-10 39976]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2013-1-22 292864]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-1-22 176096]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-12-10 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-12-10 342528]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-10 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-10 792560]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-11-29 25528]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-6-6 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2014-6-6 29280]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-2-9 129752]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2013-1-22 84712]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_Accel.sys [2014-4-10 89312]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\drivers\usb3Hub.sys [2012-11-29 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\drivers\xHCIPort.sys [2012-10-10 188896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-10-18 112496]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ggflt;SOMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2014-11-2 16088]
S3 ggsomc;SOMC USB Flash Driver;C:\Windows\System32\drivers\ggsomc.sys [2014-11-2 30424]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-11 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-11-29 35256]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2013-1-22 72808]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2013-1-22 74984]
S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2009-11-3 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2014-8-3 155824]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-1 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-17 198144]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-7-25 115296]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2013-6-8 81248]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2015-02-24 02:17:34 -------- d-----w- C:\Program Files (x86)\Common Files\OPC Foundation
2015-02-24 02:16:04 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2015-02-24 02:15:43 -------- d-----w- C:\Program Files\National Instruments
2015-02-24 02:13:23 -------- d-----w- C:\National Instruments Downloads
2015-02-24 00:23:07 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-23 00:37:23 60408 ----a-w- C:\Windows\System32\drivers\networx.sys
2015-02-23 00:37:21 -------- d-----w- C:\ProgramData\SoftPerfect
2015-02-23 00:37:21 -------- d-----w- C:\Program Files\NetWorx
2015-02-22 09:27:31 -------- d-----w- C:\Program Files\Microsoft Network Monitor 3
2015-02-21 06:59:48 -------- d-----w- C:\ProgramData\SeriousBit
2015-02-21 06:57:47 -------- d-----w- C:\Users\Reungoat\AppData\Local\Rainmaker_Software_Group_
2015-02-21 06:57:02 -------- d-----w- C:\Users\Reungoat\AppData\Roaming\Rainmaker Software Group LLC.?
2015-02-17 23:45:49 -------- d-----w- C:\Windows\pss
2015-02-15 05:15:26 -------- d-----w- C:\Users\Reungoat\AppData\Roaming\ggcenzvn
2015-02-12 02:04:21 -------- d-----w- C:\Users\Reungoat\AppData\Roaming\Uniblue
2015-02-12 02:02:18 -------- d-----w- C:\Program Files (x86)\download Manager
2015-02-11 23:01:55 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-11 23:01:55 6041600 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-11 23:01:55 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-11 23:01:54 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-11 04:56:14 -------- d-----w- C:\Users\Reungoat\.imagej
2015-02-11 02:32:05 -------- d-----w- C:\Program Files (x86)\ImageJ
2015-02-10 22:55:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-02-10 22:54:53 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-02-10 00:56:12 -------- d-----w- C:\Users\Reungoat\AppData\Local\PDFCreator
2015-02-09 00:08:59 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-09 00:08:45 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-02-09 00:08:45 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-02-09 00:08:45 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-02-09 00:08:45 -------- d-----w- C:\ProgramData\Malwarebytes
2015-02-09 00:08:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 23:34:32 -------- d-----w- C:\Users\Reungoat\AppData\Roaming\pdfforge
2015-02-08 23:34:26 114872 ----a-w- C:\Windows\System32\pdfcmon.dll
2015-02-08 23:34:25 -------- d-----w- C:\Program Files\PDFCreator
2015-01-31 04:15:11 -------- d-----w- C:\Program Files\iPod
2015-01-31 04:15:11 -------- d-----w- C:\Program Files (x86)\iTunes
2015-01-31 04:15:09 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 04:15:09 -------- d-----w- C:\Program Files\iTunes
2015-01-28 06:10:31 -------- d-----w- C:\Users\Reungoat\AppData\Local\Diagnostics
2015-01-27 06:32:35 -------- d-----w- C:\Users\Reungoat\AppData\Local\Spotify
2015-01-27 06:31:25 -------- d-----w- C:\Users\Reungoat\AppData\Roaming\Spotify
.
==================== Find3M ====================
.
2015-02-15 00:10:41 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-09 00:04:57 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-09 00:04:57 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16:29 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-02-04 03:16:20 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-02-04 03:16:16 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-02-04 03:16:14 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-02-04 03:16:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-02-04 03:16:13 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-02-04 03:13:28 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-14 06:09:27 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 06:05:30 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 06:05:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 06:04:56 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 05:44:59 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44:58 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-13 03:10:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-12 05:31:39 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-12-12 05:07:26 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-11 08:12:56 1120752 ----a-w- C:\Windows\boinc.scr
2014-12-08 03:09:05 406528 ----a-w- C:\Windows\System32\scesrv.dll
2014-12-08 02:46:05 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
.
============= FINISH: 16:21:27.91 ===============
 
Last edited:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 30/01/2013 12:28:32 PM
System Uptime: 24/02/2015 12:20:35 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0JC5MT
Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 153.512 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&01A7\8&40F87BD&0&A0E453A54C5D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&01A7\8&40F87BD&0&A0E453A54C5D_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{232E51D8-91FF-4C24-AC0F-9EE055DA30A5}_VID&00020FCE_PID&01A7\8&40F87BD&0&A0E453A54C5D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{232E51D8-91FF-4C24-AC0F-9EE055DA30A5}_VID&00020FCE_PID&01A7\8&40F87BD&0&A0E453A54C5D_C00000000
Service:
.
==== System Restore Points ===================
.
RP243: 22/02/2015 9:01:30 PM - Scheduled Checkpoint
RP244: 24/02/2015 10:11:44 AM - Manual
.
==== Installed Programs ======================
.
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Photoshop Lightroom 5.3 64-bit
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
ANT Drivers Installer x64
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
µTorrent
BASF Sokalan RO Xpert 2013B1
BioAPI Framework
BOINC
Bonjour
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Conexant HDA D330 MDC V.92 Modem
Custom
D3DX10
Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Command | Update
Dell Custom Help
Dell Data Protection | Access
Dell Edoc Viewer
Dell Feature Enhancement Pack
Dell Touchpad
Dell Webcam Central
DellAccess
Digital Line Detect
Dropbox
Elevated Installer
EMBASSY Client Core
Garmin Express
Garmin Express Tray
GIMP 2.8.4
Google Drive
Google Update Helper
Hugin 2013.0.0
IDT Audio
ImageJ 1.48v
IMSdesign
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 16.8.45.00
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel(R) WiDi
Intel(R) Wireless Display
Intel® PROSet/Wireless Software
Intel® Trusted Connect Service Client
iTunes
iTunes Library Updater
Java 8 Update 31
Java Auto Updater
Junk Mail filter update
Kaspersky Anti-Virus
Malwarebytes Anti-Malware version 2.0.4.1028
Math Kernel Libraries
Math Kernel Libraries (64-bit)
Media Go
Media Go Network Downloader
Media Go Video Playback Engine 2.12.104.06300
Membrane Master 4 version 1.16
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Network Monitor 3.4
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 ENU
Microsoft Sync Framework 2.0 Core Components (x64) ENU
Microsoft Sync Framework 2.0 Provider Services (x64) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Modem Diagnostic Tool
Mozilla Firefox 35.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
My Photo Box V3
National Instruments Software
NetWorx 5.3.3
NI-Mesa
NI-RPC 4.4.0f0
NI-RPC 4.4.0f0 for 64 Bit Windows
NI-RPC 4.4.0f0 for Phar Lap ETS
NI ActiveX Container
NI ActiveX Container (64-bit)
NI Authentication 13.0.0
NI Authentication 13.0.0 (64-bit)
NI Curl 13.0.0
NI Curl 13.0.0 (64-bit)
NI DataSocket 5.1
NI DataSocket 5.1 (64-bit)
NI Error Reporting 2013
NI Error Reporting Interface Installer 5.5
NI Error Reporting Interface Installer 5.5 for Windows 64-bit
NI EulaDepot
NI GMP Windows 32-bit Installer 13.0.0
NI GMP Windows 64-bit Installer 13.0.0
NI Help Assistant 2.0
NI Help Assistant 2.0 (64bit)
NI LabVIEW 2012 Real-Time NBFifo
NI LabVIEW 2013 Deployable License
NI LabVIEW 2013 Deployment Framework
NI LabVIEW 2013 Run-Time Engine Non-English Support.
NI LabVIEW 2013 Run-Time Engine Web Server
NI LabVIEW Run-Time Engine 2013
NI LabVIEW Run-Time Engine Interop 2013
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
NI Launcher
NI License Manager
NI Logos 5.5
NI Logos 5.5 (64-bit)
NI Logos XT Support
NI Logos64 XT Support
NI MDF Support
NI mDNS Responder 2.2 for Windows 64-bit
NI mDNS Responder 2.2.0
NI Measurement Studio ComponentWorks 3D Graph
NI Measurement Studio ComponentWorks UI
NI MXS 5.5.0
NI MXS 5.5.0 for 64 Bit Windows
NI OPC Support
NI OPCEnum Shared
NI Security Update (KB 67L8LCQW)
NI Security Update (KB 67L8LCQW) (64-bit)
NI Service Locator 13.0
NI SSL LabVIEW RTE 2013 Support
NI SSL Support
NI SSL Support (64-bit)
NI System State Publisher
NI System State Publisher (64-bit)
NI System Web Server 13.0
NI System Web Server Base 13.0.0
NI System Web Server Base 13.0.0 (64-bit)
NI TDM Streaming 2.5
NI TDM Streaming 2.5 (64-bit)
NI Trace Engine
NI Trace Engine (64-bit)
NI Uninstaller
NI USI 2.0.1
NI USI 2.0.1 64-Bit
NI Variable Engine (64-bit)
NI Variable Engine 2.6.0
NI VC2008MSMs x64
NI VC2008MSMs x86
NI VC2010SP1MSMs x64
NI VC2010SP1MSMs x86
NI Web Application Server 13.0
NI Web Application Server 13.0 (64-bit)
NI Xerces Delay Load 2.7.3
NI Xerces Delay Load 2.7.3 64-bit
NTRU TCG Software Stack
Oracle VM VirtualBox 4.3.12
PC-CCID
PDF Architect
PDFCreator
PermaCare - Global - RO12_6
Phreeqc Interactive 3.1.1-8288
Picasa 3
Preboot Manager
Private Information Manager
QuickTime 7
ROSA9
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2956081) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2956066) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SigmaPlot 12.5
Simple Sticky Notes 2.5.1
SketchUp 8
Skype™ 7.0
Sony Mobile Update Engine
Sony PC Companion 2.10.245
SPBA 5.9
SportTracks 3.1
Spotify
ST Microelectronics 3 Axis Digital Accelerometer Solution
SyncToy 2.1 (x64)
ThePhotobookClub.com.au
toolkit32for64bit
TorayDS2
Trusted Drive Manager
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956054) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2956129) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Upek Touchchip Fingerprint Reader
VLC media player
Wave Crypto Runtime 2.0.7.0 x86
Wave Infrastructure Installer
Wave Support Software Installer
WIDCOMM Bluetooth Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
Winflows 3.1.2
Winflows 3.2.1
WinRAR 5.00 (64-bit)
Zotero Standalone 4.0.17 (x86 en-US)
.
==== Event Viewer Messages From Past Week ========
.
24/02/2015 3:26:19 PM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
24/02/2015 12:20:48 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
22/02/2015 7:35:56 PM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
22/02/2015 7:33:26 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
22/02/2015 7:15:59 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
22/02/2015 1:20:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
22/02/2015 1:19:35 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
22/02/2015 1:18:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
22/02/2015 1:18:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/02/2015 1:18:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
22/02/2015 1:18:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
22/02/2015 1:18:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
22/02/2015 1:17:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
22/02/2015 1:17:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF klpd kneps spldr VBoxDrv VBoxUSBMon Wanarpv6
21/02/2015 6:34:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2015 6:34:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
21/02/2015 5:10:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
21/02/2015 5:09:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
21/02/2015 5:09:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
21/02/2015 5:09:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache KLIF KLIM6 klpd kltdi kneps NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon vwififlt Wanarpv6 WfpLwf
21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2015 5:09:40 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2015 4:31:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
18/02/2015 9:45:49 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
17/02/2015 7:00:36 PM, Error: Schannel [36887] - The following fatal alert was received: 40.
.
==== End Of File ===========================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
 
Thank you for the quick reply. Internet explorer was not running in task manager when I did the scans for the logs below.

RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Reungoat [Administrator]
Mode : Delete -- Date : 02/25/2015 10:47:50

¤¤¤ Processes : 11 ¤¤¤
[Suspicious.Path] hadam3p_anz_6.10_windows_intelx86.exe(5100) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
[Suspicious.Path] hadam3p_anz_6.10_windows_intelx86.exe(7524) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
[Suspicious.Path] hadam3p_anz_6.10_windows_intelx86.exe(1420) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
[Suspicious.Path] hadcm3s_7.24_windows_intelx86.exe(5636) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe[-] -> Killed [TermProc]
[Suspicious.Path] hadcm3s_um_7.24_windows_intelx86.exe(3092) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe[-] -> Killed [TermProc]
[Suspicious.Path] hadam3p_anz_um_6.10_windows_intelx86.exe(4484) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
[Suspicious.Path] hadam3p_anz_um_6.10_windows_intelx86.exe(1940) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
[Suspicious.Path] hadam3p_anz_um_6.10_windows_intelx86.exe(6540) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadam3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
[Suspicious.Path] hadrm3p_anz_um_6.10_windows_intelx86.exe(1336) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
[Suspicious.Path] hadrm3p_anz_um_6.10_windows_intelx86.exe(4812) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]
[Suspicious.Path] hadrm3p_anz_um_6.10_windows_intelx86.exe(4932) -- C:\ProgramData\BOINC\projects\climateprediction.net\hadrm3p_anz_um_6.10_windows_intelx86.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -> ERROR [2]
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LX003-1AC15G +++++
--- User ---
[MBR] 914d807f4f81919bc6c6205879d325df
[BSP] c6f56563d6bb3d185dfde2c406ed89b5 : HP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_02252015_104457.log

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.02.25.01
rootkit: v2015.02.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Reungoat :: REUNGOAT-PC [administrator]

25/02/2015 10:52:12 AM
mbar-log-2015-02-25 (10-52-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 412309
Time elapsed: 12 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17633

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.591000 GHz
Memory total: 8490545152, free: 3487232000

Downloaded database version: v2015.02.25.01
Downloaded database version: v2015.02.22.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
02/25/2015 10:51:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\PBADRV.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\networx.sys
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\nm3.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\system32\DRIVERS\klpd.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Netwsw00.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ST_ACCEL.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\XHCIPort.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\CAXHWAZL.sys
\SystemRoot\system32\DRIVERS\CAX_DPV.sys
\SystemRoot\system32\DRIVERS\CAX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\usb3Hub.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\bcbtums.sys
\??\C:\Windows\system32\drivers\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\o2sdjw7x64.sys
\SystemRoot\system32\DRIVERS\XAudio64.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\ws2_32.dll
\Windows\System32\lpk.dll
\Windows\System32\nsi.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.02.25.01
rootkit: v2015.02.22.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009a43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009a43b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009a43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007651cb0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa800749c910, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80074a0050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AE1759B2

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 25485312
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 25567232 Numsec = 951197696

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-81920-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 15-02-16.01 - Reungoat 25/02/2015 11:40:18.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8097.4222 [GMT 10:00]
Running from: c:\users\Reungoat\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2015-01-25 to 2015-02-25 )))))))))))))))))))))))))))))))
.
.
2015-02-25 00:38 . 2015-02-25 00:41 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-25 00:38 . 2015-02-25 00:38 -------- d-----w- c:\programdata\RogueKiller
2015-02-24 02:17 . 2015-02-24 02:17 -------- d-----w- c:\program files (x86)\Common Files\OPC Foundation
2015-02-24 02:16 . 2015-02-24 02:17 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2015-02-24 02:15 . 2015-02-24 02:16 -------- d-----w- c:\program files\National Instruments
2015-02-24 02:13 . 2015-02-24 02:13 -------- d-----w- C:\National Instruments Downloads
2015-02-24 00:23 . 2015-02-25 01:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-23 00:37 . 2015-01-05 07:55 60408 ----a-w- c:\windows\system32\drivers\networx.sys
2015-02-23 00:37 . 2015-02-23 00:37 -------- d-----w- c:\program files\NetWorx
2015-02-23 00:37 . 2015-02-23 00:37 -------- d-----w- c:\programdata\SoftPerfect
2015-02-22 09:27 . 2015-02-22 09:27 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2015-02-21 06:59 . 2015-02-21 06:59 -------- d-----w- c:\programdata\SeriousBit
2015-02-21 06:57 . 2015-02-21 06:57 -------- d-----w- c:\users\Reungoat\AppData\Local\Rainmaker_Software_Group_
2015-02-21 06:57 . 2015-02-21 06:57 -------- d-----w- c:\users\Reungoat\AppData\Roaming\Rainmaker Software Group LLC.?
2015-02-18 23:06 . 2015-02-18 23:06 -------- d-----w- c:\users\Default\AppData\Roaming\Garmin
2015-02-15 05:15 . 2015-02-15 05:15 -------- d-----w- c:\users\Reungoat\AppData\Roaming\ggcenzvn
2015-02-15 00:11 . 2015-02-15 00:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-02-12 02:04 . 2015-02-12 02:04 -------- d-----w- c:\users\Reungoat\AppData\Roaming\Uniblue
2015-02-12 02:02 . 2015-02-12 02:02 -------- d-----w- c:\program files (x86)\download Manager
2015-02-11 23:01 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-11 23:01 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-11 23:01 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-11 23:01 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 04:56 . 2015-02-11 04:56 -------- d-----w- c:\users\Reungoat\.imagej
2015-02-11 02:32 . 2015-02-11 04:25 -------- d-----w- c:\program files (x86)\ImageJ
2015-02-10 22:55 . 2015-01-15 08:14 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-02-10 22:54 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-10 00:56 . 2015-02-10 00:56 -------- d-----w- c:\users\Reungoat\AppData\Local\PDFCreator
2015-02-09 00:08 . 2015-02-25 00:51 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-09 00:08 . 2015-02-25 00:51 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-09 00:08 . 2015-02-09 00:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-09 00:08 . 2015-02-09 00:08 -------- d-----w- c:\programdata\Malwarebytes
2015-02-09 00:08 . 2014-11-20 20:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-09 00:08 . 2014-11-20 20:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-08 23:34 . 2015-02-08 23:34 -------- d-----w- c:\users\Reungoat\AppData\Roaming\pdfforge
2015-02-08 23:34 . 2015-01-22 06:14 114872 ----a-w- c:\windows\system32\pdfcmon.dll
2015-02-08 23:34 . 2015-02-15 08:53 -------- d-----w- c:\program files\PDFCreator
2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\program files (x86)\iTunes
2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\program files\iPod
2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\program files\iTunes
2015-01-28 06:10 . 2015-02-23 23:18 -------- d-----w- c:\users\Reungoat\AppData\Local\Diagnostics
2015-01-27 06:32 . 2015-02-25 01:22 -------- d-----w- c:\users\Reungoat\AppData\Local\Spotify
2015-01-27 06:31 . 2015-02-25 01:36 -------- d-----w- c:\users\Reungoat\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-15 00:10 . 2014-11-03 22:39 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-11 11:59 . 2013-02-01 04:04 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-09 00:04 . 2013-01-22 07:29 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-09 00:04 . 2013-01-22 07:29 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-11 11:22 . 2015-01-11 11:22 493168 ----a-r- c:\users\Reungoat\AppData\Roaming\Microsoft\Installer\{84676CB3-965C-496F-AB81-EB148406E9D7}\BOINCManagerShortc_6E797A1C8FF24C29BF4BAD5AE09E4AB3.exe
2015-01-11 11:22 . 2015-01-11 11:22 493168 ----a-r- c:\users\Reungoat\AppData\Roaming\Microsoft\Installer\{84676CB3-965C-496F-AB81-EB148406E9D7}\ARPPRODUCTICON.exe
2014-12-19 03:06 . 2015-01-13 23:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 23:06 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-13 23:06 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-11 08:12 . 2014-12-11 08:12 1120752 ----a-w- c:\windows\boinc.scr
2014-12-06 04:17 . 2015-01-13 23:06 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-13 23:06 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-13 23:06 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Simple Sticky Notes"="c:\program files (x86)\Simnet\Simple Sticky Notes\ssn.exe" [2014-10-24 662384]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-01-15 23308256]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2014-12-11 9639920]
"Spotify Web Helper"="c:\users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-27 1676344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-23 292088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-20 60712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-12-31 688984]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-16 507448]
.
c:\users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-16 507448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2013-2-19 1393880]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2013-1-22 50688]
NI Error Reporting.lnk - c:\program files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2013-6-7 663896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-16 507448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys;c:\windows\SYSNATIVE\DRIVERS\nbdrv.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 networx;networx;c:\windows\system32\drivers\networx.sys;c:\windows\SYSNATIVE\drivers\networx.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 NISystemWebServer;NI System Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-22 00:04]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28 00:27]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28 00:27]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job
- c:\users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28 08:26]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job
- c:\users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28 08:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-08-16 1703424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-06-03 442352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-06-03 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-06-03 399856]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2014-12-11 67056]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-07-08 708952]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2015-02-04 6638800]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: samsungsetup.com\www
FF - ProfilePath - c:\users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
c:\windows\SysWOW64\lkads.exe
c:\program files (x86)\National Instruments\MAX\nimxs.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\program files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
c:\windows\system32\o2flash.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
**************************************************************************
.
Completion time: 2015-02-25 12:55:01 - machine was rebooted
ComboFix-quarantined-files.txt 2015-02-25 02:54
.
Pre-Run: 165,634,506,752 bytes free
Post-Run: 167,861,338,112 bytes free
.
- - End Of File - - F86B13EC37EC28E9F59301142493F247
 
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 14:54:04
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Reungoat - REUNGOAT-PC
# Running from : C:\Users\Reungoat\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\download Manager
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Reungoat\AppData\Local\pdfforge
Folder Deleted : C:\Users\Reungoat\AppData\Local\Hola
Folder Deleted : C:\Users\Reungoat\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Reungoat\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Reungoat\Documents\ProPCCleaner

***** [ Scheduled tasks ] *****

Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKLM\SOFTWARE\Uniblue

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 en-GB)


*************************

AdwCleaner[R0].txt - [2186 bytes] - [25/02/2015 14:47:18]
AdwCleaner[S0].txt - [1887 bytes] - [25/02/2015 14:54:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1946 bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Reungoat on Wed 25/02/2015 at 15:00:14.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Reungoat\appdata\local\{4F5EAEC9-5713-4BF6-AFFD-5862DC7ECCE0}



~~~ FireFox

Emptied folder: C:\Users\Reungoat\AppData\Roaming\mozilla\firefox\profiles\7r4gvv1o.default-1423976232471\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 25/02/2015 at 15:03:04.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2015
Ran by Reungoat (administrator) on REUNGOAT-PC on 25-02-2015 15:06:22
Running from C:\Users\Reungoat\Desktop
Loaded Profiles: Reungoat (Available profiles: Reungoat & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
( ) C:\Windows\System32\lxdncoms.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Simnet Ltd. ) C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Spotify Ltd) C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dropbox, Inc.) C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-09] (Dell Computer Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-09] (Wave Systems Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-16] (Dell Inc.)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [67056 2014-12-11] (Space Sciences Laboratory)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6638800 2015-02-04] (SoftPerfect Research)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-31] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [Simple Sticky Notes] => C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe [662384 2014-10-25] (Simnet Ltd. )
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9639920 2014-12-11] (Space Sciences Laboratory)
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [Spotify Web Helper] => C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-27] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000 -> {6014117C-9DB7-4581-AC82-08D337DDE4C0} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg.dll No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg32.dll No File
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg32.dll No File
Winsock: Catalog5 11 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
Winsock: Catalog5-x64 11 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @hola.org/vlc,version=1.6.654 -> C:\Users\Reungoat\AppData\Local\Hola\firefox\app\vlc No File
FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\googlefrweb.xml
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\googlemaps.xml
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-english-french.xml
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-english.xml
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-french-english.xml
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\youtube.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-06-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-06-06] (Kaspersky Lab ZAO)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-16] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-14] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-10] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [687944 2013-06-15] (National Instruments Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-17] (O2Micro International)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-09] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-06] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-17] (Wave Systems Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-12-10] (Broadcom Corporation.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-11-02] (Sony Mobile Communications)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-06-06] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-06-06] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-06-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-06-06] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-06-06] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-06-06] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-14] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2015-01-05] (NetFilterSDK.com)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [89312 2013-03-27] (STMicroelectronics)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-25] ()
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Nbdrv; system32\DRIVERS\nbdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 15:06 - 2015-02-25 15:06 - 00031847 _____ () C:\Users\Reungoat\Desktop\FRST.txt
2015-02-25 15:06 - 2015-02-25 15:06 - 00000000 ____D () C:\FRST
2015-02-25 15:03 - 2015-02-25 15:03 - 00001623 _____ () C:\Users\Reungoat\Desktop\JRT.txt
2015-02-25 14:57 - 2015-02-25 14:57 - 00002026 _____ () C:\Users\Reungoat\Desktop\AdwCleaner[S0].txt
2015-02-25 14:47 - 2015-02-25 14:54 - 00000000 ____D () C:\AdwCleaner
2015-02-25 13:49 - 2015-02-25 13:49 - 02087424 _____ (Farbar) C:\Users\Reungoat\Desktop\FRST64.exe
2015-02-25 13:48 - 2015-02-25 13:48 - 02126848 _____ () C:\Users\Reungoat\Desktop\adwcleaner_4.111.exe
2015-02-25 13:48 - 2015-02-25 13:48 - 01388274 _____ (Thisisu) C:\Users\Reungoat\Desktop\JRT.exe
2015-02-25 13:47 - 2015-02-25 14:47 - 00002134 _____ () C:\Users\Reungoat\Desktop\Instructions.txt
2015-02-25 12:55 - 2015-02-25 12:55 - 00034333 _____ () C:\Users\Reungoat\Desktop\ComboFix.txt
2015-02-25 12:42 - 2015-02-25 12:42 - 00000552 _____ () C:\Windows\PFRO.log
2015-02-25 11:38 - 2015-02-25 12:55 - 00000000 ____D () C:\Qoobox
2015-02-25 11:38 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-25 11:38 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-25 11:38 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-25 11:38 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-25 11:38 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-25 11:38 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-25 11:38 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-25 11:38 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-25 11:37 - 2015-02-25 12:50 - 00000000 ____D () C:\Windows\erdnt
2015-02-25 11:35 - 2015-02-25 11:36 - 05611903 ____R (Swearware) C:\Users\Reungoat\Desktop\ComboFix.exe
2015-02-25 10:50 - 2015-02-25 11:09 - 00000000 ____D () C:\Users\Reungoat\Desktop\mbar
2015-02-25 10:50 - 2015-02-25 10:50 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Reungoat\Desktop\mbar-1.09.1.1004.exe
2015-02-25 10:48 - 2015-02-25 10:48 - 00004569 _____ () C:\Users\Reungoat\Desktop\RKreport_DEL_02252015_104750.log
2015-02-25 10:38 - 2015-02-25 10:41 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-25 10:38 - 2015-02-25 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-25 10:31 - 2015-02-25 10:32 - 15536728 _____ () C:\Users\Reungoat\Desktop\RogueKiller.exe
2015-02-24 16:21 - 2015-02-24 16:21 - 00036116 _____ () C:\Users\Reungoat\Desktop\dds.txt
2015-02-24 16:21 - 2015-02-24 16:21 - 00020164 _____ () C:\Users\Reungoat\Desktop\attach.txt
2015-02-24 16:19 - 2015-02-24 16:19 - 00688992 ____R (Swearware) C:\Users\Reungoat\Desktop\dds.com
2015-02-24 12:35 - 2015-02-24 12:35 - 00000000 ____D () C:\Users\Reungoat\Documents\LabVIEW Data
2015-02-24 12:15 - 2015-02-24 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
2015-02-24 12:15 - 2015-02-24 12:16 - 00000000 ____D () C:\Program Files\National Instruments
2015-02-24 10:23 - 2015-02-25 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\ProgramData\SoftPerfect
2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\Program Files\NetWorx
2015-02-23 10:37 - 2015-01-05 17:55 - 00060408 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\networx.sys
2015-02-23 10:36 - 2015-02-23 10:36 - 04210744 _____ (Softperfect Research ) C:\Users\Reungoat\Desktop\networx_setup.exe
2015-02-22 19:39 - 2015-02-22 20:00 - 00000000 ____D () C:\Users\Reungoat\Documents\Network Monitor 3
2015-02-22 19:27 - 2015-02-22 19:27 - 00000978 _____ () C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
2015-02-22 19:27 - 2015-02-22 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
2015-02-22 19:27 - 2015-02-22 19:27 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
2015-02-21 16:59 - 2015-02-21 16:59 - 00000000 ____D () C:\ProgramData\SeriousBit
2015-02-21 16:57 - 2015-02-21 16:57 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Rainmaker Software Group LLC.
2015-02-21 16:57 - 2015-02-21 16:57 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Rainmaker_Software_Group_
2015-02-20 19:09 - 2015-02-25 14:55 - 00002530 _____ () C:\Windows\setupact.log
2015-02-20 19:09 - 2015-02-20 19:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-19 09:42 - 2015-02-19 09:42 - 00001553 _____ () C:\Users\Reungoat\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-18 09:45 - 2015-02-19 09:37 - 00000000 ____D () C:\Windows\pss
2015-02-15 18:22 - 2015-02-15 18:23 - 15431256 _____ () C:\Users\Reungoat\Downloads\RogueKiller.exe
2015-02-15 15:15 - 2015-02-15 15:15 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\ggcenzvn
2015-02-15 14:57 - 2015-02-15 14:57 - 00000000 ____D () C:\Users\Reungoat\Desktop\Old Firefox Data
2015-02-12 21:03 - 2015-02-14 10:15 - 00000000 ____D () C:\Users\Reungoat\Downloads\Hola
2015-02-12 09:01 - 2015-01-23 14:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 09:01 - 2015-01-23 14:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 09:01 - 2015-01-23 13:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 09:01 - 2015-01-23 13:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 14:56 - 2015-02-11 14:56 - 00000000 ____D () C:\Users\Reungoat\.imagej
2015-02-11 12:32 - 2015-02-11 14:25 - 00000000 ____D () C:\Program Files (x86)\ImageJ
2015-02-11 12:32 - 2015-02-11 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageJ
2015-02-11 08:56 - 2015-02-04 13:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 08:56 - 2015-02-04 13:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 08:56 - 2015-02-04 13:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 08:56 - 2015-02-04 13:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 08:56 - 2015-02-04 13:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 08:56 - 2015-02-04 13:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 08:56 - 2015-02-04 13:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 08:56 - 2015-01-28 09:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 08:56 - 2015-01-14 15:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 08:56 - 2015-01-14 15:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 08:56 - 2015-01-13 13:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 08:56 - 2015-01-13 12:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:56 - 2015-01-12 13:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 08:56 - 2015-01-12 13:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 08:56 - 2015-01-12 13:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 08:56 - 2015-01-12 12:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 08:56 - 2015-01-12 12:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 08:56 - 2015-01-12 12:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 08:56 - 2015-01-12 12:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 08:56 - 2015-01-12 12:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 08:56 - 2015-01-12 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 08:56 - 2015-01-12 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 08:56 - 2015-01-12 12:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 08:56 - 2015-01-12 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 08:56 - 2015-01-12 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 08:56 - 2015-01-12 12:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 08:56 - 2015-01-12 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:56 - 2015-01-12 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 08:56 - 2015-01-12 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 08:56 - 2015-01-12 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:56 - 2015-01-12 12:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 08:56 - 2015-01-12 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 08:56 - 2015-01-12 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 08:56 - 2015-01-12 12:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 08:56 - 2015-01-12 12:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:56 - 2015-01-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:56 - 2015-01-12 12:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 08:56 - 2015-01-12 12:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 08:56 - 2015-01-12 12:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 08:56 - 2015-01-12 11:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 08:56 - 2015-01-12 11:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 08:56 - 2015-01-12 11:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 08:56 - 2015-01-12 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 08:56 - 2015-01-12 11:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 08:56 - 2015-01-12 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 08:56 - 2015-01-12 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 08:56 - 2015-01-12 11:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 08:56 - 2015-01-12 11:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 08:56 - 2015-01-12 11:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:56 - 2015-01-12 11:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 08:56 - 2015-01-12 11:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 08:56 - 2015-01-12 11:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 08:56 - 2015-01-12 11:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 08:56 - 2015-01-12 11:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 08:56 - 2015-01-12 11:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 08:56 - 2015-01-12 11:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:56 - 2015-01-12 11:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 08:56 - 2015-01-12 11:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 08:56 - 2015-01-12 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 08:56 - 2015-01-12 11:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 08:56 - 2015-01-12 10:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 08:56 - 2015-01-12 10:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 08:55 - 2015-01-15 18:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:55 - 2015-01-15 18:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 08:55 - 2015-01-15 18:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 08:55 - 2015-01-15 18:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 08:55 - 2015-01-15 18:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 08:55 - 2015-01-15 18:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 08:55 - 2015-01-15 18:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 08:55 - 2015-01-15 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 08:55 - 2015-01-15 18:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 08:55 - 2015-01-15 18:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 08:55 - 2015-01-15 18:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 08:55 - 2015-01-15 17:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 08:55 - 2015-01-15 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 08:55 - 2015-01-15 17:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 08:55 - 2015-01-15 17:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 08:55 - 2015-01-15 17:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 08:55 - 2015-01-15 17:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 08:55 - 2015-01-15 14:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 08:55 - 2015-01-14 16:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 08:55 - 2015-01-14 16:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 08:55 - 2015-01-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 08:55 - 2015-01-14 16:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 08:55 - 2015-01-14 15:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:55 - 2015-01-14 15:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:55 - 2015-01-14 15:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 08:55 - 2014-12-12 15:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 08:55 - 2014-12-12 15:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 08:55 - 2014-12-08 13:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:55 - 2014-12-08 12:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:55 - 2014-11-26 13:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:55 - 2014-11-26 13:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 08:55 - 2014-10-04 12:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 08:55 - 2014-10-04 11:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 08:55 - 2014-10-04 11:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 08:54 - 2015-01-09 12:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 10:56 - 2015-02-10 10:56 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\PDFCreator
2015-02-09 10:08 - 2015-02-25 10:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 10:08 - 2015-02-25 10:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 10:08 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 10:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-09 09:34 - 2015-02-15 18:53 - 00000000 ____D () C:\Program Files\PDFCreator
2015-02-09 09:34 - 2015-02-09 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-02-09 09:34 - 2015-01-22 16:14 - 00114872 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-01-31 14:15 - 2015-01-31 14:15 - 00001715 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files\iPod
2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-27 16:32 - 2015-02-25 11:22 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Spotify
2015-01-27 16:32 - 2015-01-27 16:32 - 00001827 _____ () C:\Users\Reungoat\Desktop\Spotify.lnk
2015-01-27 16:32 - 2015-01-27 16:32 - 00001813 _____ () C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-27 16:31 - 2015-02-25 11:36 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Spotify
2015-01-27 09:31 - 2015-01-27 09:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 15:05 - 2014-05-20 20:52 - 00000000 ____D () C:\ProgramData\BOINC
2015-02-25 15:04 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 15:04 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 15:02 - 2009-07-14 15:13 - 01060088 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 15:00 - 2013-01-22 17:28 - 01219016 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 14:59 - 2013-01-30 14:49 - 00000000 ___RD () C:\Users\Reungoat\Documents\Dropbox
2015-02-25 14:57 - 2014-05-28 10:32 - 00000000 ___RD () C:\Users\Reungoat\Documents\Google Drive
2015-02-25 14:57 - 2013-01-30 14:46 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Dropbox
2015-02-25 14:56 - 2014-07-25 10:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-25 14:56 - 2014-05-28 10:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-25 14:55 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 14:50 - 2014-06-28 18:26 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job
2015-02-25 14:43 - 2013-01-22 17:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-25 14:29 - 2014-05-28 10:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-25 12:55 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Default
2015-02-25 12:43 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-25 12:31 - 2009-07-14 12:34 - 89391104 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-25 12:31 - 2009-07-14 12:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-25 12:31 - 2009-07-14 12:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-25 12:31 - 2009-07-14 12:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-25 12:31 - 2009-07-14 12:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-25 11:36 - 2013-01-30 12:42 - 00000000 ____D () C:\Users\Reungoat\Documents\Outlook Files
2015-02-25 09:50 - 2014-06-28 18:26 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job
2015-02-24 16:32 - 2014-08-10 16:51 - 00007601 _____ () C:\Users\Reungoat\AppData\Local\Resmon.ResmonCfg
2015-02-24 15:42 - 2014-06-06 09:36 - 00000000 ____D () C:\Users\Reungoat\Documents\Simple Sticky Notes
2015-02-24 12:17 - 2012-02-11 15:46 - 00000000 ____D () C:\ProgramData\National Instruments
2015-02-24 12:16 - 2012-02-11 15:47 - 00000000 ____D () C:\Program Files (x86)\National Instruments
2015-02-24 12:14 - 2012-02-11 15:52 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\National Instruments
2015-02-22 22:12 - 2013-02-03 18:03 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Skype
2015-02-21 16:30 - 2013-01-30 12:28 - 00000000 ____D () C:\Users\Reungoat
2015-02-19 09:07 - 2013-08-03 16:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 09:06 - 2014-11-12 14:38 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-19 09:06 - 2013-08-03 16:56 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 09:06 - 2013-08-03 16:56 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-15 18:53 - 2013-02-05 19:20 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\uTorrent
2015-02-15 18:51 - 2014-07-25 14:23 - 00000000 ____D () C:\Windows\Minidump
2015-02-15 18:51 - 2011-02-11 00:25 - 00000000 ____D () C:\Windows\panther
2015-02-15 17:14 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 15:02 - 2013-03-20 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laser GPS
2015-02-15 15:02 - 2013-03-20 18:45 - 00000000 ____D () C:\Program Files (x86)\Laser GPS
2015-02-15 10:13 - 2014-05-26 16:36 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-15 10:12 - 2014-11-04 08:39 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-15 10:10 - 2014-11-04 08:39 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-15 10:10 - 2014-11-04 08:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-15 10:10 - 2014-11-04 08:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-15 10:10 - 2014-11-04 08:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-15 08:42 - 2009-07-14 15:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-13 11:24 - 2013-01-30 14:46 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 08:39 - 2009-07-14 14:45 - 00343728 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 08:38 - 2014-12-11 10:15 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 08:38 - 2014-05-06 19:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 08:37 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 22:08 - 2013-01-30 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 22:08 - 2009-07-14 12:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 22:05 - 2013-07-23 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:59 - 2013-02-01 14:04 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 08:36 - 2013-01-30 23:31 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2015-02-09 10:05 - 2014-08-17 11:58 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Adobe
2015-02-09 10:04 - 2013-01-22 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-09 10:04 - 2013-01-22 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-09 10:04 - 2013-01-22 17:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-09 09:45 - 2014-06-28 18:26 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA
2015-02-09 09:45 - 2014-06-28 18:26 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core
2015-02-09 09:23 - 2014-05-28 10:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 09:23 - 2014-05-28 10:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-01 10:50 - 2014-12-07 20:26 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-02-01 10:50 - 2014-05-20 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-02-01 10:49 - 2013-01-22 17:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-31 14:15 - 2013-04-07 17:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-28 17:12 - 2013-02-07 13:07 - 00000000 ____D () C:\Users\Reungoat\Documents\Membrane Futures
2015-01-28 16:10 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-28 10:42 - 2013-01-30 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 09:39 - 2014-05-28 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2013-04-07 16:19 - 2013-04-07 16:26 - 0000381 _____ () C:\Users\Reungoat\AppData\Roaming\.ptbt0
2013-03-04 22:24 - 2013-03-13 09:27 - 0002048 _____ () C:\Users\Reungoat\AppData\Roaming\My Photo Box V3 Prefsv3
2013-03-04 22:00 - 2013-03-12 22:25 - 0002048 _____ () C:\Users\Reungoat\AppData\Roaming\Snappy Sumo Prefsv3
2013-07-29 15:50 - 2014-05-18 22:01 - 0003072 _____ () C:\Users\Reungoat\AppData\Roaming\ThePhotobookClub.com.au Prefsv3
2014-01-05 20:00 - 2014-03-11 18:51 - 0007168 _____ () C:\Users\Reungoat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-26 10:15 - 2014-05-26 10:15 - 0000886 _____ () C:\Users\Reungoat\AppData\Local\recently-used.xbel
2014-08-10 16:51 - 2015-02-24 16:32 - 0007601 _____ () C:\Users\Reungoat\AppData\Local\Resmon.ResmonCfg
2013-01-30 12:27 - 2013-01-30 12:32 - 0032723 _____ () C:\Users\Reungoat\AppData\Local\WiDiSetupLog.20130130.122743.txt

Some content of TEMP:
====================
C:\Users\Reungoat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpni0jbc.dll
C:\Users\Reungoat\AppData\Local\Temp\Quarantine.exe
C:\Users\Reungoat\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 14:01

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2015
Ran by Reungoat at 2015-02-25 15:06:53
Running from C:\Users\Reungoat\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BASF Sokalan RO Xpert 2013B1 (HKLM-x32\...\ST5UNST #2) (Version: - )
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
BOINC (HKLM\...\{84676CB3-965C-496F-AB81-EB148406E9D7}) (Version: 7.4.36 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.009 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Dropbox (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
ImageJ 1.48v (HKLM-x32\...\ImageJ_is1) (Version: - NIH)
IMSdesign (HKLM-x32\...\{69CE1F8E-0CAB-479F-A362-FC44C4A00904}) (Version: 20.12.8 - Hydranautics)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
iTunes Library Updater (HKLM-x32\...\{38EE230F-F631-451F-8800-E29F5E5C9E7D}) (Version: 1.2.2 - N/A)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Math Kernel Libraries (64-bit) (Version: 13.0.13 - National Instruments) Hidden
Math Kernel Libraries (x32 Version: 13.0.13 - National Instruments) Hidden
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.104.06300 (HKLM-x32\...\{9797040D-7B42-7E9F-4289-9FA87AB89771}) (Version: 2.12.104.06300 - Sony)
Membrane Master 4 version 1.16 (HKLM-x32\...\{26A83897-CA9F-4D3F-B456-2EDD1F9FF3C0}}_is1) (Version: 1.16 - Genesys International)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\MusicManager) (Version: - Google, Inc.)
My Photo Box V3 (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\My Photo Box V3) (Version: My Photo Box V3 3.1.2 - My Photo Box)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
NetWorx 5.3.3 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
NI ActiveX Container (64-bit) (Version: 13.0.4 - National Instruments) Hidden
NI ActiveX Container (x32 Version: 13.0.4 - National Instruments) Hidden
NI Authentication 13.0.0 (64-bit) (Version: 13.0.326 - National Instruments) Hidden
NI Authentication 13.0.0 (x32 Version: 13.0.326 - National Instruments) Hidden
NI Curl 13.0.0 (64-bit) (Version: 13.0.324 - National Instruments) Hidden
NI Curl 13.0.0 (x32 Version: 13.0.324 - National Instruments) Hidden
NI DataSocket 5.1 (64-bit) (Version: 5.1.227 - National Instruments) Hidden
NI DataSocket 5.1 (x32 Version: 5.1.227 - National Instruments) Hidden
NI Error Reporting 2013 (x32 Version: 13.0.324 - National Instruments) Hidden
NI Error Reporting Interface Installer 5.5 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI Error Reporting Interface Installer 5.5 for Windows 64-bit (Version: 5.50.49152 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.20.351 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 13.0.0 (x32 Version: 13.0.45.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 13.0.0 (Version: 13.0.45.0 - National Instruments) Hidden
NI Help Assistant 2.0 (64bit) (Version: 2.0.3 - National Instruments) Hidden
NI Help Assistant 2.0 (x32 Version: 2.0.3 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 13.0.336 - National Instruments) Hidden
NI LabVIEW 2013 Deployable License (x32 Version: 13.0.303 - National Instruments) Hidden
NI LabVIEW 2013 Deployment Framework (x32 Version: 13.0.330 - National Instruments) Hidden
NI LabVIEW 2013 Run-Time Engine Non-English Support. (x32 Version: 13.0.329 - National Instruments) Hidden
NI LabVIEW 2013 Run-Time Engine Web Server (x32 Version: 13.0.321 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2013 (x32 Version: 13.0.332 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2013 (x32 Version: 13.0.332 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI Launcher (x32 Version: 3.11.186 - National Instruments) Hidden
NI License Manager (x32 Version: 3.7.53 - National Instruments) Hidden
NI Logos 5.5 (64-bit) (Version: 5.5.293 - National Instruments) Hidden
NI Logos 5.5 (x32 Version: 5.5.293 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.5.294 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.5.294 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.20.351 - National Instruments) Hidden
NI mDNS Responder 2.2 for Windows 64-bit (Version: 2.20.49152 - National Instruments) Hidden
NI mDNS Responder 2.2.0 (x32 Version: 2.20.49152 - National Instruments) Hidden
NI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) Hidden
NI Measurement Studio ComponentWorks UI (x32 Version: 8.6.10603 - National Instruments) Hidden
NI MXS 5.5.0 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI MXS 5.5.0 for 64 Bit Windows (Version: 5.50.49152 - National Instruments) Hidden
NI OPC Support (x32 Version: 13.0.296 - National Instruments) Hidden
NI OPCEnum Shared (x32 Version: 5.5.2018 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
NI Service Locator 13.0 (x32 Version: 13.0.303 - National Instruments) Hidden
NI SSL LabVIEW RTE 2013 Support (x32 Version: 13.0.317 - National Instruments) Hidden
NI SSL Support (64-bit) (Version: 13.0.319 - National Instruments) Hidden
NI SSL Support (x32 Version: 13.0.324 - National Instruments) Hidden
NI System State Publisher (64-bit) (Version: 13.0.299 - National Instruments) Hidden
NI System State Publisher (x32 Version: 13.0.304 - National Instruments) Hidden
NI System Web Server 13.0 (x32 Version: 13.0.330 - National Instruments) Hidden
NI System Web Server Base 13.0.0 (64-bit) (Version: 13.0.323 - National Instruments) Hidden
NI System Web Server Base 13.0.0 (x32 Version: 13.0.323 - National Instruments) Hidden
NI TDM Streaming 2.5 (64-bit) (Version: 2.5.36 - National Instruments) Hidden
NI TDM Streaming 2.5 (x32 Version: 2.5.36 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 13.0.324 - National Instruments) Hidden
NI Trace Engine (x32 Version: 13.0.324 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.20.351 - National Instruments) Hidden
NI USI 2.0.1 (x32 Version: 2.0.15249 - National Instruments) Hidden
NI USI 2.0.1 64-Bit (Version: 2.0.15249 - National Instruments) Hidden
NI Variable Engine (64-bit) (Version: 2.7.297 - National Instruments) Hidden
NI Variable Engine 2.6.0 (x32 Version: 2.7.297 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
NI VC2010SP1MSMs x64 (Version: 10.0.100 - National Instruments) Hidden
NI VC2010SP1MSMs x86 (x32 Version: 10.0.100 - National Instruments) Hidden
NI Web Application Server 13.0 (64-bit) (Version: 13.0.319 - National Instruments) Hidden
NI Web Application Server 13.0 (x32 Version: 13.0.324 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden
NI-Mesa (Version: 12.0.7.0 - National Instruments) Hidden
NI-Mesa (x32 Version: 12.0.7.0 - National Instruments) Hidden
NI-RPC 4.4.0f0 (x32 Version: 4.40.49152 - National Instruments) Hidden
NI-RPC 4.4.0f0 for 64 Bit Windows (Version: 4.40.49152 - National Instruments) Hidden
NI-RPC 4.4.0f0 for Phar Lap ETS (x32 Version: 4.40.49152 - National Instruments) Hidden
NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
PermaCare - Global - RO12_6 (HKLM-x32\...\ST5UNST #1) (Version: - )
Phreeqc Interactive 3.1.1-8288 (HKLM-x32\...\{AF12E5C7-F459-446D-BAA1-704EF23825AF}) (Version: 3.1.8288 - U.S. Geological Survey)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
ROSA9 (HKLM-x32\...\{A155B355-9995-4B14-BA3C-2903E59A5B95}) (Version: 9.1 - Dow Chemical)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SigmaPlot 12.5 (HKLM-x32\...\{730E22C0-A5A9-4A1B-AE66-570573DCA0E8}) (Version: 12.5 - Systat Software, Inc.)
Simple Sticky Notes 2.5.1 (HKLM-x32\...\Simple Sticky Notes_is1) (Version: - Simnet Ltd.)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.14.201410081526 - Sony Mobile Communications AB)
Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
SportTracks 3.1 (HKLM-x32\...\{99895EF0-B290-4B21-B1FE-FB00E1B5D195}) (Version: 3.1.5202 - Zone Five Software)
Spotify (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
ThePhotobookClub.com.au (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\ThePhotobookClub.com.au) (Version: ThePhotobookClub.com.au 3.2.0 - PhotobookClub.com.au)
toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
TorayDS2 (HKLM-x32\...\{4E2DF308-B412-40E6-8085-135DB10C7CE2}) (Version: 2.1.98 - Toray Membrane USA)
TorayDS2 (HKLM-x32\...\{664613D6-9485-41B8-B132-645468850604}) (Version: 2.1.58 - Toray Membrane USA)
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Winflows 3.1.2 (HKLM-x32\...\{EDF5CC51-924D-40DE-B81E-3A6485BB5294}) (Version: 1.0.0 - GE)
Winflows 3.2.1 (HKLM-x32\...\{4340C834-9D2E-4FD3-B472-56BDE18349D0}) (Version: 1.0.0 - GE)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zotero Standalone 4.0.17 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.17 (x86 en-US)) (Version: 4.0.17 - Zotero)
 
==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-02-25 12:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {255B06CB-3E92-4A75-83EE-BA3512CAB800} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {51009F25-8633-46B9-AC95-AE201ABA18B0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {5224892A-758A-4924-919E-C7BC9F8B81F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A976DB8A-DE98-484C-89C8-15460CE1C5D0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CDE74A73-2917-4A22-8AF0-66F387BEEB55} - System32\Tasks\Dell\Command Update => C:\Program Files (x86)\Dell\CommandUpdate\DellCommandUpdate.exe [2014-05-05] (Dell Inc.)
Task: {D66628E2-2540-4993-90BF-578A706E5905} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EA5219CA-967B-4715-B533-F3C926340102} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.)
Task: {ED930701-0FDB-4EE5-8637-D555A87B7F86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {F0F8EA82-7318-49F3-A61E-8C35D121466E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {F1501957-74AA-4E7D-859F-47024B97B1A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
2013-12-22 12:50 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 23:45 - 2012-01-17 23:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-01-17 23:45 - 2012-01-17 23:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2011-10-09 14:56 - 2011-10-09 14:56 - 00003072 _____ () C:\PROGRAM FILES (X86)\NTRU CRYPTOSYSTEMS\NTRU TCG SOFTWARE STACK\BIN\TspPopup_ENU.dll
2011-11-07 23:55 - 2011-11-07 23:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2006-12-09 07:42 - 2013-01-22 17:50 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
2006-12-09 07:41 - 2013-01-22 17:50 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
2013-01-22 19:12 - 2012-02-02 07:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-23 10:37 - 2014-12-23 13:33 - 00755200 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-02-23 10:37 - 2015-01-05 17:55 - 00146424 _____ () C:\Program Files\NetWorx\nfapi.dll
2013-10-15 12:31 - 2013-10-15 12:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2013-12-13 08:36 - 2013-12-13 08:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2014-06-06 09:36 - 2012-12-04 21:19 - 00378368 _____ () C:\Program Files (x86)\Simnet\Simple Sticky Notes\sqlite3.dll
2013-06-07 10:59 - 2013-06-07 10:59 - 01958560 _____ () C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll
2012-01-26 10:36 - 2012-01-26 10:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
2015-02-11 07:00 - 2015-02-11 07:00 - 00750080 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-25 14:57 - 2015-02-25 14:57 - 00043008 _____ () c:\users\reungoat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpni0jbc.dll
2015-02-11 07:00 - 2015-02-11 07:00 - 00047616 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 07:00 - 2015-02-11 07:00 - 00865280 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 07:00 - 2015-02-11 07:00 - 00200704 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-25 14:56 - 2015-02-25 14:56 - 00098816 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32api.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00110080 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\pywintypes27.dll
2015-02-25 14:56 - 2015-02-25 14:56 - 00364544 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\pythoncom27.dll
2015-02-25 14:56 - 2015-02-25 14:56 - 00045568 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_socket.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 01160704 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_ssl.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00320512 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32com.shell.shell.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00713216 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_hashlib.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 01175040 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._core_.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00805888 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._gdi_.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00811008 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._windows_.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 01062400 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._controls_.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00735232 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._misc_.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00557056 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\pysqlite2._sqlite.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00128512 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_elementtree.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00127488 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\pyexpat.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00087552 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_ctypes.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00119808 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32file.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00108544 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32security.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00007168 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\hashobjs_ext.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00167936 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32gui.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00018432 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32event.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00038912 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32inet.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00011264 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32crypt.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00070656 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._html2.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00027136 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\_multiprocessing.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00035840 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32process.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00686080 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\unicodedata.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00122368 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._wizard.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00024064 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32pipe.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00025600 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32pdh.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00525640 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\windows._lib_cacheinvalidation.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00010240 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\select.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00017408 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32profile.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00022528 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\win32ts.pyd
2015-02-25 14:56 - 2015-02-25 14:56 - 00078336 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI55522\wx._animate.pyd
2014-10-16 03:38 - 2014-10-16 03:38 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll
2013-01-22 17:47 - 2012-05-31 05:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-06-10 09:01 - 2013-11-14 05:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-2935964518-2361115088-2651154713-500 - Administrator - Disabled)
Guest (S-1-5-21-2935964518-2361115088-2651154713-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2935964518-2361115088-2651154713-1002 - Limited - Enabled)
Reungoat (S-1-5-21-2935964518-2361115088-2651154713-1000 - Administrator - Enabled) => C:\Users\Reungoat

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-02-25 12:24:08.600
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-25 12:24:08.560
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-15 11:15:51.801
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 11:15:51.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 11:15:51.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 11:15:51.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 11:15:51.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 11:15:51.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-13 10:51:48.984
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-13 10:51:48.983
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 31%
Total physical RAM: 8097.21 MB
Available physical RAM: 5556.8 MB
Total Pagefile: 16192.62 MB
Available Pagefile: 13469.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.57 GB) (Free:160.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AE1759B2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.6 KB · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Reungoat at 2015-02-26 13:47:27 Run:1
Running from C:\Users\Reungoat\Desktop
Loaded Profiles: Reungoat (Available profiles: Reungoat & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000 -> {6014117C-9DB7-4581-AC82-08D337DDE4C0} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\TmIEPlg32.dll No File
FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @hola.org/vlc,version=1.6.654 -> C:\Users\Reungoat\AppData\Local\Hola\firefox\app\vlc No File
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1083\FirefoxExtension
c:\Program Files (x86)\Trend Micro
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Nbdrv; system32\DRIVERS\nbdrv.sys [X]
2013-04-07 16:19 - 2013-04-07 16:26 - 0000381 _____ () C:\Users\Reungoat\AppData\Roaming\.ptbt0
2013-03-04 22:24 - 2013-03-13 09:27 - 0002048 _____ () C:\Users\Reungoat\AppData\Roaming\My Photo Box V3 Prefsv3
2013-03-04 22:00 - 2013-03-12 22:25 - 0002048 _____ () C:\Users\Reungoat\AppData\Roaming\Snappy Sumo Prefsv3
2013-07-29 15:50 - 2014-05-18 22:01 - 0003072 _____ () C:\Users\Reungoat\AppData\Roaming\ThePhotobookClub.com.au Prefsv3
2014-01-05 20:00 - 2014-03-11 18:51 - 0007168 _____ () C:\Users\Reungoat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-26 10:15 - 2014-05-26 10:15 - 0000886 _____ () C:\Users\Reungoat\AppData\Local\recently-used.xbel
2014-08-10 16:51 - 2015-02-24 16:32 - 0007601 _____ () C:\Users\Reungoat\AppData\Local\Resmon.ResmonCfg
2013-01-30 12:27 - 2013-01-30 12:32 - 0032723 _____ () C:\Users\Reungoat\AppData\Local\WiDiSetupLog.20130130.122743.txt
C:\Users\Reungoat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpni0jbc.dll
C:\Users\Reungoat\AppData\Local\Temp\Quarantine.exe
C:\Users\Reungoat\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

*****************

"HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6014117C-9DB7-4581-AC82-08D337DDE4C0}" => Key deleted successfully.
HKCR\CLSID\{6014117C-9DB7-4581-AC82-08D337DDE4C0} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
"HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\tmpx" => Key deleted successfully.
"HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}" => Key deleted successfully.
"HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\MozillaPlugins\@hola.org/vlc,version=1.6.654" => Key deleted successfully.
FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @hola.org/vlc,version=1.6.654 -> C:\Users\Reungoat\AppData\Local\Hola\firefox\app\vlc No File not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} => value deleted successfully.
"c:\Program Files (x86)\Trend Micro" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihenkjeihefokohmemphikjnjbmegdik" => Key deleted successfully.
catchme => Service deleted successfully.
Nbdrv => Service deleted successfully.
C:\Users\Reungoat\AppData\Roaming\.ptbt0 => Moved successfully.
C:\Users\Reungoat\AppData\Roaming\My Photo Box V3 Prefsv3 => Moved successfully.
C:\Users\Reungoat\AppData\Roaming\Snappy Sumo Prefsv3 => Moved successfully.
C:\Users\Reungoat\AppData\Roaming\ThePhotobookClub.com.au Prefsv3 => Moved successfully.
C:\Users\Reungoat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Reungoat\AppData\Local\recently-used.xbel => Moved successfully.
C:\Users\Reungoat\AppData\Local\Resmon.ResmonCfg => Moved successfully.
C:\Users\Reungoat\AppData\Local\WiDiSetupLog.20130130.122743.txt => Moved successfully.
"C:\Users\Reungoat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpni0jbc.dll" => File/Directory not found.
C:\Users\Reungoat\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Reungoat\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.

==== End of Fixlog 13:47:28 ====
 
Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Hi Broni,

The Sophos scan came back clean but while it was scanning I noticed Internet Explorer was open again in the task manager. I can see the address of commercial websites and it changes often (at least once a minute). Here are the other logs.

Results of screen317's Security Check version 0.99.97
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox 35.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avp.exe
Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



Farbar Service Scanner Version: 17-01-2015
Ran by Reungoat (administrator) on 26-02-2015 at 14:21:21
Running from "C:\Users\Reungoat\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Give me fresh FRST logs.
Make sure you checkmark Addition.txt box so both logs will be produced.
 
Two internet explorer windows were open in task manager when I did the scans.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Reungoat (administrator) on REUNGOAT-PC on 27-02-2015 11:08:36
Running from C:\Users\Reungoat\Desktop
Loaded Profiles: Reungoat (Available profiles: Reungoat & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
( ) C:\Windows\System32\lxdncoms.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Simnet Ltd. ) C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Spotify Ltd) C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dropbox, Inc.) C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
() C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-09] (Dell Computer Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-09] (Wave Systems Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-16] (Dell Inc.)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [67056 2014-12-11] (Space Sciences Laboratory)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6638800 2015-02-04] (SoftPerfect Research)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-31] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [Simple Sticky Notes] => C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe [662384 2014-10-25] (Simnet Ltd. )
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9639920 2014-12-11] (Space Sciences Laboratory)
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Run: [Spotify Web Helper] => C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-27] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 11 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
Winsock: Catalog5-x64 11 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2935964518-2361115088-2651154713-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\googlefrweb.xml
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\googlemaps.xml
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-english-french.xml
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-english.xml
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\wr-french-english.xml
FF SearchPlugin: C:\Users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\searchplugins\youtube.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-02-10]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-25]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-06-06]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\virtkbd.crx [2014-06-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2014-06-06] (Kaspersky Lab ZAO)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-16] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-14] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [83768 2013-06-10] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [687944 2013-06-15] (National Instruments Corporation)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-17] (O2Micro International)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-09] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-06] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-17] (Wave Systems Corp.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-12-10] (Broadcom Corporation.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-11-02] (Sony Mobile Communications)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-06-06] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-06-06] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-06-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-06-06] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-06-06] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-06-06] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-14] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [60408 2015-01-05] (NetFilterSDK.com)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [89312 2013-03-27] (STMicroelectronics)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-25] ()
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 17:43 - 2015-02-26 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-26 14:33 - 2015-02-26 14:33 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-02-26 14:33 - 2015-02-26 14:33 - 00000000 ____D () C:\ProgramData\Sophos
2015-02-26 14:33 - 2015-02-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-02-26 14:33 - 2015-02-26 14:33 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-02-26 14:32 - 2015-02-26 14:32 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-02-26 14:27 - 2015-02-26 14:29 - 111835848 _____ (Sophos Limited) C:\Users\Reungoat\Desktop\Sophos Virus Removal Tool.exe
2015-02-26 14:22 - 2015-02-26 14:22 - 00448512 _____ (OldTimer Tools) C:\Users\Reungoat\Desktop\TFC.exe
2015-02-26 14:21 - 2015-02-26 14:21 - 00002754 _____ () C:\Users\Reungoat\Desktop\FSS.txt
2015-02-26 14:20 - 2015-02-26 14:20 - 00000981 _____ () C:\Users\Reungoat\Desktop\checkup.txt
2015-02-26 14:17 - 2015-02-26 14:17 - 00415232 _____ (Farbar) C:\Users\Reungoat\Desktop\FSS.exe
2015-02-26 14:15 - 2015-02-26 14:15 - 00852604 _____ () C:\Users\Reungoat\Desktop\SecurityCheck.exe
2015-02-26 14:12 - 2015-02-26 14:12 - 00001252 _____ () C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PermaCare - Global - RO12_6.LNK
2015-02-26 14:11 - 2015-02-26 14:12 - 00000000 ____D () C:\Program Files (x86)\PermaCare - Global - RO12_6
2015-02-26 13:47 - 2015-02-26 13:47 - 00000000 ____D () C:\Users\Reungoat\Desktop\FRST-OlderVersion
2015-02-26 13:47 - 2015-02-26 13:47 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\CrashDumps
2015-02-26 09:09 - 2015-01-09 13:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-26 09:09 - 2015-01-09 13:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-26 09:09 - 2015-01-09 13:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-26 09:09 - 2015-01-09 12:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 15:06 - 2015-02-27 11:08 - 00031058 _____ () C:\Users\Reungoat\Desktop\FRST.txt
2015-02-25 15:06 - 2015-02-27 11:08 - 00000000 ____D () C:\FRST
2015-02-25 15:06 - 2015-02-25 15:07 - 00043123 _____ () C:\Users\Reungoat\Desktop\Addition.txt
2015-02-25 15:03 - 2015-02-25 15:03 - 00001623 _____ () C:\Users\Reungoat\Desktop\JRT.txt
2015-02-25 14:57 - 2015-02-25 14:57 - 00002026 _____ () C:\Users\Reungoat\Desktop\AdwCleaner[S0].txt
2015-02-25 14:47 - 2015-02-25 14:54 - 00000000 ____D () C:\AdwCleaner
2015-02-25 13:49 - 2015-02-26 13:47 - 02087936 _____ (Farbar) C:\Users\Reungoat\Desktop\FRST64.exe
2015-02-25 13:48 - 2015-02-25 13:48 - 02126848 _____ () C:\Users\Reungoat\Desktop\adwcleaner_4.111.exe
2015-02-25 13:48 - 2015-02-25 13:48 - 01388274 _____ (Thisisu) C:\Users\Reungoat\Desktop\JRT.exe
2015-02-25 13:47 - 2015-02-25 14:47 - 00002134 _____ () C:\Users\Reungoat\Desktop\Instructions.txt
2015-02-25 12:55 - 2015-02-25 12:55 - 00034333 _____ () C:\Users\Reungoat\Desktop\ComboFix.txt
2015-02-25 12:42 - 2015-02-25 12:42 - 00000552 _____ () C:\Windows\PFRO.log
2015-02-25 12:30 - 2015-01-09 09:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 12:30 - 2015-01-09 09:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 11:38 - 2015-02-25 12:55 - 00000000 ____D () C:\Qoobox
2015-02-25 11:38 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-25 11:38 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-25 11:38 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-25 11:38 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-25 11:38 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-25 11:38 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-25 11:38 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-25 11:38 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-25 11:37 - 2015-02-25 12:50 - 00000000 ____D () C:\Windows\erdnt
2015-02-25 11:35 - 2015-02-25 11:36 - 05611903 ____R (Swearware) C:\Users\Reungoat\Desktop\ComboFix.exe
2015-02-25 10:50 - 2015-02-25 11:09 - 00000000 ____D () C:\Users\Reungoat\Desktop\mbar
2015-02-25 10:50 - 2015-02-25 10:50 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Reungoat\Desktop\mbar-1.09.1.1004.exe
2015-02-25 10:48 - 2015-02-25 10:48 - 00004569 _____ () C:\Users\Reungoat\Desktop\RKreport_DEL_02252015_104750.log
2015-02-25 10:38 - 2015-02-25 10:41 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-25 10:38 - 2015-02-25 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-25 10:31 - 2015-02-25 10:32 - 15536728 _____ () C:\Users\Reungoat\Desktop\RogueKiller.exe
2015-02-24 16:21 - 2015-02-24 16:21 - 00036116 _____ () C:\Users\Reungoat\Desktop\dds.txt
2015-02-24 16:21 - 2015-02-24 16:21 - 00020164 _____ () C:\Users\Reungoat\Desktop\attach.txt
2015-02-24 16:19 - 2015-02-24 16:19 - 00688992 ____R (Swearware) C:\Users\Reungoat\Desktop\dds.com
2015-02-24 12:35 - 2015-02-24 12:35 - 00000000 ____D () C:\Users\Reungoat\Documents\LabVIEW Data
2015-02-24 12:15 - 2015-02-24 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
2015-02-24 12:15 - 2015-02-24 12:16 - 00000000 ____D () C:\Program Files\National Instruments
2015-02-24 10:23 - 2015-02-25 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\ProgramData\SoftPerfect
2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2015-02-23 10:37 - 2015-02-23 10:37 - 00000000 ____D () C:\Program Files\NetWorx
2015-02-23 10:37 - 2015-01-05 17:55 - 00060408 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\networx.sys
2015-02-23 10:36 - 2015-02-23 10:36 - 04210744 _____ (Softperfect Research ) C:\Users\Reungoat\Desktop\networx_setup.exe
2015-02-22 19:39 - 2015-02-22 20:00 - 00000000 ____D () C:\Users\Reungoat\Documents\Network Monitor 3
2015-02-22 19:27 - 2015-02-22 19:27 - 00000978 _____ () C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
2015-02-22 19:27 - 2015-02-22 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
2015-02-22 19:27 - 2015-02-22 19:27 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
2015-02-21 16:59 - 2015-02-21 16:59 - 00000000 ____D () C:\ProgramData\SeriousBit
2015-02-21 16:57 - 2015-02-21 16:57 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Rainmaker Software Group LLC.
2015-02-21 16:57 - 2015-02-21 16:57 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Rainmaker_Software_Group_
2015-02-20 19:09 - 2015-02-27 09:07 - 00002978 _____ () C:\Windows\setupact.log
2015-02-20 19:09 - 2015-02-20 19:09 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-19 09:42 - 2015-02-19 09:42 - 00001553 _____ () C:\Users\Reungoat\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2015-02-19 09:06 - 2015-02-19 09:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-18 09:45 - 2015-02-19 09:37 - 00000000 ____D () C:\Windows\pss
2015-02-15 15:15 - 2015-02-15 15:15 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\ggcenzvn
2015-02-15 14:57 - 2015-02-15 14:57 - 00000000 ____D () C:\Users\Reungoat\Desktop\Old Firefox Data
2015-02-12 21:03 - 2015-02-14 10:15 - 00000000 ____D () C:\Users\Reungoat\Downloads\Hola
2015-02-12 09:01 - 2015-01-23 14:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 09:01 - 2015-01-23 14:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 09:01 - 2015-01-23 13:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 09:01 - 2015-01-23 13:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 14:56 - 2015-02-11 14:56 - 00000000 ____D () C:\Users\Reungoat\.imagej
2015-02-11 12:32 - 2015-02-11 14:25 - 00000000 ____D () C:\Program Files (x86)\ImageJ
2015-02-11 12:32 - 2015-02-11 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageJ
2015-02-11 08:56 - 2015-02-04 13:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 08:56 - 2015-02-04 13:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 08:56 - 2015-02-04 13:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 08:56 - 2015-02-04 13:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 08:56 - 2015-02-04 13:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 08:56 - 2015-02-04 13:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 08:56 - 2015-02-04 13:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 08:56 - 2015-01-28 09:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 08:56 - 2015-01-14 15:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 08:56 - 2015-01-14 15:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 08:56 - 2015-01-13 13:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 08:56 - 2015-01-13 12:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:56 - 2015-01-12 13:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 08:56 - 2015-01-12 13:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 08:56 - 2015-01-12 13:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 08:56 - 2015-01-12 12:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 08:56 - 2015-01-12 12:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 08:56 - 2015-01-12 12:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 08:56 - 2015-01-12 12:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 08:56 - 2015-01-12 12:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 08:56 - 2015-01-12 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 08:56 - 2015-01-12 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 08:56 - 2015-01-12 12:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 08:56 - 2015-01-12 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 08:56 - 2015-01-12 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 08:56 - 2015-01-12 12:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 08:56 - 2015-01-12 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:56 - 2015-01-12 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 08:56 - 2015-01-12 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 08:56 - 2015-01-12 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:56 - 2015-01-12 12:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 08:56 - 2015-01-12 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 08:56 - 2015-01-12 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 08:56 - 2015-01-12 12:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 08:56 - 2015-01-12 12:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:56 - 2015-01-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:56 - 2015-01-12 12:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 08:56 - 2015-01-12 12:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 08:56 - 2015-01-12 12:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 08:56 - 2015-01-12 11:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 08:56 - 2015-01-12 11:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 08:56 - 2015-01-12 11:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 08:56 - 2015-01-12 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 08:56 - 2015-01-12 11:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 08:56 - 2015-01-12 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 08:56 - 2015-01-12 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 08:56 - 2015-01-12 11:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 08:56 - 2015-01-12 11:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 08:56 - 2015-01-12 11:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:56 - 2015-01-12 11:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 08:56 - 2015-01-12 11:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 08:56 - 2015-01-12 11:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 08:56 - 2015-01-12 11:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 08:56 - 2015-01-12 11:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 08:56 - 2015-01-12 11:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 08:56 - 2015-01-12 11:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:56 - 2015-01-12 11:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 08:56 - 2015-01-12 11:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 08:56 - 2015-01-12 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 08:56 - 2015-01-12 11:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 08:56 - 2015-01-12 10:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 08:56 - 2015-01-12 10:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 08:56 - 2015-01-10 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 08:56 - 2015-01-10 16:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 08:55 - 2015-01-15 18:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:55 - 2015-01-15 18:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 08:55 - 2015-01-15 18:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 08:55 - 2015-01-15 18:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 08:55 - 2015-01-15 18:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 08:55 - 2015-01-15 18:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 08:55 - 2015-01-15 18:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 08:55 - 2015-01-15 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 08:55 - 2015-01-15 18:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 08:55 - 2015-01-15 18:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 08:55 - 2015-01-15 18:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 08:55 - 2015-01-15 17:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 08:55 - 2015-01-15 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 08:55 - 2015-01-15 17:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 08:55 - 2015-01-15 17:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 08:55 - 2015-01-15 17:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 08:55 - 2015-01-15 17:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 08:55 - 2015-01-15 14:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 08:55 - 2015-01-14 16:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 08:55 - 2015-01-14 16:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 08:55 - 2015-01-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 08:55 - 2015-01-14 16:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 08:55 - 2015-01-14 15:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:55 - 2015-01-14 15:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:55 - 2015-01-14 15:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 08:55 - 2014-12-12 15:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 08:55 - 2014-12-12 15:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 08:55 - 2014-12-08 13:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 08:55 - 2014-12-08 12:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 08:55 - 2014-11-26 13:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 08:55 - 2014-11-26 13:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 08:55 - 2014-10-04 12:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 08:55 - 2014-10-04 11:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 08:55 - 2014-10-04 11:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 08:54 - 2015-01-09 12:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 10:56 - 2015-02-10 10:56 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\PDFCreator
2015-02-09 10:08 - 2015-02-25 10:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 10:08 - 2015-02-25 10:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 10:08 - 2015-02-09 10:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-09 10:08 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 10:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-09 09:34 - 2015-02-15 18:53 - 00000000 ____D () C:\Program Files\PDFCreator
2015-02-09 09:34 - 2015-02-09 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-02-09 09:34 - 2015-01-22 16:14 - 00114872 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-01-31 14:15 - 2015-01-31 14:15 - 00001715 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files\iPod
2015-01-31 14:15 - 2015-01-31 14:15 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 11:08 - 2014-05-20 20:52 - 00000000 ____D () C:\ProgramData\BOINC
2015-02-27 11:05 - 2013-01-30 12:42 - 00000000 ____D () C:\Users\Reungoat\Documents\Outlook Files
2015-02-27 11:01 - 2013-01-22 17:28 - 01341397 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 10:54 - 2014-06-28 18:26 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job
2015-02-27 10:54 - 2014-05-28 10:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-27 10:54 - 2013-01-22 17:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-27 09:50 - 2014-06-28 18:26 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job
2015-02-27 09:28 - 2014-05-28 10:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 09:23 - 2014-07-25 10:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-27 09:17 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 09:17 - 2009-07-14 14:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-27 09:14 - 2009-07-14 15:13 - 01060088 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-27 09:11 - 2013-01-30 14:49 - 00000000 ___RD () C:\Users\Reungoat\Documents\Dropbox
2015-02-27 09:10 - 2014-05-28 10:32 - 00000000 ___RD () C:\Users\Reungoat\Documents\Google Drive
2015-02-27 09:10 - 2013-01-30 14:46 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Dropbox
2015-02-27 09:07 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 09:07 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\tracing
2015-02-26 17:44 - 2013-01-30 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 14:04 - 2015-01-27 16:31 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Spotify
2015-02-26 10:59 - 2015-01-27 16:32 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Spotify
2015-02-25 12:55 - 2009-07-14 13:20 - 00000000 __RHD () C:\Users\Default
2015-02-25 12:43 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-25 12:31 - 2009-07-14 12:34 - 89391104 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-25 12:31 - 2009-07-14 12:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-25 12:31 - 2009-07-14 12:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-25 12:31 - 2009-07-14 12:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-25 12:31 - 2009-07-14 12:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-24 15:42 - 2014-06-06 09:36 - 00000000 ____D () C:\Users\Reungoat\Documents\Simple Sticky Notes
2015-02-24 12:17 - 2012-02-11 15:46 - 00000000 ____D () C:\ProgramData\National Instruments
2015-02-24 12:16 - 2012-02-11 15:47 - 00000000 ____D () C:\Program Files (x86)\National Instruments
2015-02-24 12:14 - 2012-02-11 15:52 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\National Instruments
2015-02-22 22:12 - 2013-02-03 18:03 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Skype
2015-02-21 16:30 - 2013-01-30 12:28 - 00000000 ____D () C:\Users\Reungoat
2015-02-19 09:07 - 2013-08-03 16:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 09:06 - 2014-11-12 14:38 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-19 09:06 - 2013-08-03 16:56 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 09:06 - 2013-08-03 16:56 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-15 18:53 - 2013-02-05 19:20 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\uTorrent
2015-02-15 18:51 - 2014-07-25 14:23 - 00000000 ____D () C:\Windows\Minidump
2015-02-15 18:51 - 2011-02-11 00:25 - 00000000 ____D () C:\Windows\panther
2015-02-15 17:14 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2015-02-15 15:02 - 2013-03-20 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laser GPS
2015-02-15 15:02 - 2013-03-20 18:45 - 00000000 ____D () C:\Program Files (x86)\Laser GPS
2015-02-15 10:13 - 2014-05-26 16:36 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-15 10:12 - 2014-11-04 08:39 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-15 10:10 - 2014-11-04 08:39 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-15 10:10 - 2014-11-04 08:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-15 10:10 - 2014-11-04 08:39 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-15 10:10 - 2014-11-04 08:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-15 08:42 - 2009-07-14 15:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-13 11:24 - 2013-01-30 14:46 - 00000000 ____D () C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 08:39 - 2009-07-14 14:45 - 00343728 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 08:38 - 2014-12-11 10:15 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 08:38 - 2014-05-06 19:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 08:37 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 22:08 - 2013-01-30 11:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 22:08 - 2009-07-14 12:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 22:05 - 2013-07-23 21:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:59 - 2013-02-01 14:04 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 08:36 - 2013-01-30 23:31 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2015-02-09 10:05 - 2014-08-17 11:58 - 00000000 ____D () C:\Users\Reungoat\AppData\Local\Adobe
2015-02-09 10:04 - 2013-01-22 17:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-09 10:04 - 2013-01-22 17:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-09 10:04 - 2013-01-22 17:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-09 09:45 - 2014-06-28 18:26 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA
2015-02-09 09:45 - 2014-06-28 18:26 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core
2015-02-09 09:23 - 2014-05-28 10:28 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 09:23 - 2014-05-28 10:28 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-01 10:50 - 2014-12-07 20:26 - 00002028 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-02-01 10:50 - 2014-05-20 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-02-01 10:49 - 2013-01-22 17:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-31 14:15 - 2013-04-07 17:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-28 17:12 - 2013-02-07 13:07 - 00000000 ____D () C:\Users\Reungoat\Documents\Membrane Futures
2015-01-28 16:10 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\Reungoat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4izx1e.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 14:01

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Reungoat at 2015-02-27 11:09:29
Running from C:\Users\Reungoat\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BASF Sokalan RO Xpert 2013B1 (HKLM-x32\...\ST5UNST #2) (Version: - )
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
BOINC (HKLM\...\{84676CB3-965C-496F-AB81-EB148406E9D7}) (Version: 7.4.36 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.009 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Dropbox (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
ImageJ 1.48v (HKLM-x32\...\ImageJ_is1) (Version: - NIH)
IMSdesign (HKLM-x32\...\{69CE1F8E-0CAB-479F-A362-FC44C4A00904}) (Version: 20.12.8 - Hydranautics)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
iTunes Library Updater (HKLM-x32\...\{38EE230F-F631-451F-8800-E29F5E5C9E7D}) (Version: 1.2.2 - N/A)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Math Kernel Libraries (64-bit) (Version: 13.0.13 - National Instruments) Hidden
Math Kernel Libraries (x32 Version: 13.0.13 - National Instruments) Hidden
Media Go (HKLM-x32\...\{AF06B8FA-B916-4001-AE51-6645488DEF09}) (Version: 2.8.303 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.12.104.06300 (HKLM-x32\...\{9797040D-7B42-7E9F-4289-9FA87AB89771}) (Version: 2.12.104.06300 - Sony)
Membrane Master 4 version 1.16 (HKLM-x32\...\{26A83897-CA9F-4D3F-B456-2EDD1F9FF3C0}}_is1) (Version: 1.16 - Genesys International)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Mozilla Firefox 36.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-GB)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\MusicManager) (Version: - Google, Inc.)
My Photo Box V3 (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\My Photo Box V3) (Version: My Photo Box V3 3.1.2 - My Photo Box)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
NetWorx 5.3.3 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
NI ActiveX Container (64-bit) (Version: 13.0.4 - National Instruments) Hidden
NI ActiveX Container (x32 Version: 13.0.4 - National Instruments) Hidden
NI Authentication 13.0.0 (64-bit) (Version: 13.0.326 - National Instruments) Hidden
NI Authentication 13.0.0 (x32 Version: 13.0.326 - National Instruments) Hidden
NI Curl 13.0.0 (64-bit) (Version: 13.0.324 - National Instruments) Hidden
NI Curl 13.0.0 (x32 Version: 13.0.324 - National Instruments) Hidden
NI DataSocket 5.1 (64-bit) (Version: 5.1.227 - National Instruments) Hidden
NI DataSocket 5.1 (x32 Version: 5.1.227 - National Instruments) Hidden
NI Error Reporting 2013 (x32 Version: 13.0.324 - National Instruments) Hidden
NI Error Reporting Interface Installer 5.5 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI Error Reporting Interface Installer 5.5 for Windows 64-bit (Version: 5.50.49152 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.20.351 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 13.0.0 (x32 Version: 13.0.45.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 13.0.0 (Version: 13.0.45.0 - National Instruments) Hidden
NI Help Assistant 2.0 (64bit) (Version: 2.0.3 - National Instruments) Hidden
NI Help Assistant 2.0 (x32 Version: 2.0.3 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 13.0.336 - National Instruments) Hidden
NI LabVIEW 2013 Deployable License (x32 Version: 13.0.303 - National Instruments) Hidden
NI LabVIEW 2013 Deployment Framework (x32 Version: 13.0.330 - National Instruments) Hidden
NI LabVIEW 2013 Run-Time Engine Non-English Support. (x32 Version: 13.0.329 - National Instruments) Hidden
NI LabVIEW 2013 Run-Time Engine Web Server (x32 Version: 13.0.321 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2013 (x32 Version: 13.0.332 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2013 (x32 Version: 13.0.332 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI Launcher (x32 Version: 3.11.186 - National Instruments) Hidden
NI License Manager (x32 Version: 3.7.53 - National Instruments) Hidden
NI Logos 5.5 (64-bit) (Version: 5.5.293 - National Instruments) Hidden
NI Logos 5.5 (x32 Version: 5.5.293 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.5.294 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.5.294 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.20.351 - National Instruments) Hidden
NI mDNS Responder 2.2 for Windows 64-bit (Version: 2.20.49152 - National Instruments) Hidden
NI mDNS Responder 2.2.0 (x32 Version: 2.20.49152 - National Instruments) Hidden
NI Measurement Studio ComponentWorks 3D Graph (x32 Version: 8.6.10603 - National Instruments) Hidden
NI Measurement Studio ComponentWorks UI (x32 Version: 8.6.10603 - National Instruments) Hidden
NI MXS 5.5.0 (x32 Version: 5.50.49152 - National Instruments) Hidden
NI MXS 5.5.0 for 64 Bit Windows (Version: 5.50.49152 - National Instruments) Hidden
NI OPC Support (x32 Version: 13.0.296 - National Instruments) Hidden
NI OPCEnum Shared (x32 Version: 5.5.2018 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (x32 Version: 1.0.29.0 - National Instruments) Hidden
NI Service Locator 13.0 (x32 Version: 13.0.303 - National Instruments) Hidden
NI SSL LabVIEW RTE 2013 Support (x32 Version: 13.0.317 - National Instruments) Hidden
NI SSL Support (64-bit) (Version: 13.0.319 - National Instruments) Hidden
NI SSL Support (x32 Version: 13.0.324 - National Instruments) Hidden
NI System State Publisher (64-bit) (Version: 13.0.299 - National Instruments) Hidden
NI System State Publisher (x32 Version: 13.0.304 - National Instruments) Hidden
NI System Web Server 13.0 (x32 Version: 13.0.330 - National Instruments) Hidden
NI System Web Server Base 13.0.0 (64-bit) (Version: 13.0.323 - National Instruments) Hidden
NI System Web Server Base 13.0.0 (x32 Version: 13.0.323 - National Instruments) Hidden
NI TDM Streaming 2.5 (64-bit) (Version: 2.5.36 - National Instruments) Hidden
NI TDM Streaming 2.5 (x32 Version: 2.5.36 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 13.0.324 - National Instruments) Hidden
NI Trace Engine (x32 Version: 13.0.324 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.20.351 - National Instruments) Hidden
NI USI 2.0.1 (x32 Version: 2.0.15249 - National Instruments) Hidden
NI USI 2.0.1 64-Bit (Version: 2.0.15249 - National Instruments) Hidden
NI Variable Engine (64-bit) (Version: 2.7.297 - National Instruments) Hidden
NI Variable Engine 2.6.0 (x32 Version: 2.7.297 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
NI VC2010SP1MSMs x64 (Version: 10.0.100 - National Instruments) Hidden
NI VC2010SP1MSMs x86 (x32 Version: 10.0.100 - National Instruments) Hidden
NI Web Application Server 13.0 (64-bit) (Version: 13.0.319 - National Instruments) Hidden
NI Web Application Server 13.0 (x32 Version: 13.0.324 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden
NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden
NI-Mesa (Version: 12.0.7.0 - National Instruments) Hidden
NI-Mesa (x32 Version: 12.0.7.0 - National Instruments) Hidden
NI-RPC 4.4.0f0 (x32 Version: 4.40.49152 - National Instruments) Hidden
NI-RPC 4.4.0f0 for 64 Bit Windows (Version: 4.40.49152 - National Instruments) Hidden
NI-RPC 4.4.0f0 for Phar Lap ETS (x32 Version: 4.40.49152 - National Instruments) Hidden
NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
PermaCare - Global - RO12_6 (HKLM-x32\...\ST5UNST #1) (Version: - )
Phreeqc Interactive 3.1.1-8288 (HKLM-x32\...\{AF12E5C7-F459-446D-BAA1-704EF23825AF}) (Version: 3.1.8288 - U.S. Geological Survey)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
ROSA9 (HKLM-x32\...\{A155B355-9995-4B14-BA3C-2903E59A5B95}) (Version: 9.1 - Dow Chemical)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SigmaPlot 12.5 (HKLM-x32\...\{730E22C0-A5A9-4A1B-AE66-570573DCA0E8}) (Version: 12.5 - Systat Software, Inc.)
Simple Sticky Notes 2.5.1 (HKLM-x32\...\Simple Sticky Notes_is1) (Version: - Simnet Ltd.)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.14.201410081526 - Sony Mobile Communications AB)
Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
SportTracks 3.1 (HKLM-x32\...\{99895EF0-B290-4B21-B1FE-FB00E1B5D195}) (Version: 3.1.5202 - Zone Five Software)
Spotify (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
ThePhotobookClub.com.au (HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\...\ThePhotobookClub.com.au) (Version: ThePhotobookClub.com.au 3.2.0 - PhotobookClub.com.au)
toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
TorayDS2 (HKLM-x32\...\{4E2DF308-B412-40E6-8085-135DB10C7CE2}) (Version: 2.1.98 - Toray Membrane USA)
TorayDS2 (HKLM-x32\...\{664613D6-9485-41B8-B132-645468850604}) (Version: 2.1.58 - Toray Membrane USA)
Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Winflows 3.1.2 (HKLM-x32\...\{EDF5CC51-924D-40DE-B81E-3A6485BB5294}) (Version: 1.0.0 - GE)
Winflows 3.2.1 (HKLM-x32\...\{4340C834-9D2E-4FD3-B472-56BDE18349D0}) (Version: 1.0.0 - GE)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zotero Standalone 4.0.17 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.17 (x86 en-US)) (Version: 4.0.17 - Zotero)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Reungoat\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2935964518-2361115088-2651154713-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-02-25 12:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {255B06CB-3E92-4A75-83EE-BA3512CAB800} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {51009F25-8633-46B9-AC95-AE201ABA18B0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {5224892A-758A-4924-919E-C7BC9F8B81F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A976DB8A-DE98-484C-89C8-15460CE1C5D0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CDE74A73-2917-4A22-8AF0-66F387BEEB55} - System32\Tasks\Dell\Command Update => C:\Program Files (x86)\Dell\CommandUpdate\DellCommandUpdate.exe [2014-05-05] (Dell Inc.)
Task: {D66628E2-2540-4993-90BF-578A706E5905} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EA5219CA-967B-4715-B533-F3C926340102} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.)
Task: {ED930701-0FDB-4EE5-8637-D555A87B7F86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {F0F8EA82-7318-49F3-A61E-8C35D121466E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28] (Google Inc.)
Task: {F1501957-74AA-4E7D-859F-47024B97B1A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job => C:\Users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============

2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
2013-12-22 12:50 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 23:45 - 2012-01-17 23:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2012-01-17 23:45 - 2012-01-17 23:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2011-10-09 14:56 - 2011-10-09 14:56 - 00003072 _____ () C:\PROGRAM FILES (X86)\NTRU CRYPTOSYSTEMS\NTRU TCG SOFTWARE STACK\BIN\TspPopup_ENU.dll
2011-11-07 23:55 - 2011-11-07 23:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2006-12-09 07:42 - 2013-01-22 17:50 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
2006-12-09 07:41 - 2013-01-22 17:50 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
2013-01-22 19:12 - 2012-02-02 07:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-23 10:37 - 2014-12-23 13:33 - 00755200 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-02-23 10:37 - 2015-01-05 17:55 - 00146424 _____ () C:\Program Files\NetWorx\nfapi.dll
2013-10-15 12:31 - 2013-10-15 12:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2014-08-19 09:42 - 2014-08-19 09:42 - 00784384 _____ () C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_7.24_windows_intelx86.exe
2014-08-19 09:54 - 2014-07-17 00:40 - 04596224 _____ () C:\ProgramData\BOINC\projects\climateprediction.net\hadcm3s_um_7.24_windows_intelx86.exe
2012-12-18 17:53 - 2012-12-18 17:53 - 01861120 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ricaz0UR.dll
2013-12-13 08:36 - 2013-12-13 08:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\kpcengine.2.3.dll
2014-06-06 09:36 - 2012-12-04 21:19 - 00378368 _____ () C:\Program Files (x86)\Simnet\Simple Sticky Notes\sqlite3.dll
2013-06-07 10:59 - 2013-06-07 10:59 - 01958560 _____ () C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll
2012-01-26 10:36 - 2012-01-26 10:36 - 00278528 ____R () C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\xerces-depdom_2_6.dll
2015-02-11 07:00 - 2015-02-11 07:00 - 00750080 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-27 09:10 - 2015-02-27 09:10 - 00043008 _____ () c:\users\reungoat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4izx1e.dll
2015-02-11 07:00 - 2015-02-11 07:00 - 00047616 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 07:00 - 2015-02-11 07:00 - 00865280 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 07:00 - 2015-02-11 07:00 - 00200704 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-11 07:00 - 2015-02-11 07:00 - 00118784 _____ () C:\Users\Reungoat\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll
2015-02-27 09:09 - 2015-02-27 09:09 - 00098816 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32api.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00110080 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\pywintypes27.dll
2015-02-27 09:09 - 2015-02-27 09:09 - 00364544 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\pythoncom27.dll
2015-02-27 09:09 - 2015-02-27 09:09 - 00045568 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_socket.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 01160704 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_ssl.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00320512 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32com.shell.shell.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00713216 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_hashlib.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 01175040 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._core_.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00805888 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._gdi_.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00811008 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._windows_.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 01062400 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._controls_.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00735232 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._misc_.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00557056 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\pysqlite2._sqlite.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00128512 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_elementtree.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00127488 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\pyexpat.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00087552 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_ctypes.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00119808 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32file.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00108544 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32security.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00007168 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\hashobjs_ext.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00167936 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32gui.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00018432 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32event.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00038912 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32inet.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00011264 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32crypt.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00070656 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._html2.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00027136 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\_multiprocessing.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00035840 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32process.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00686080 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\unicodedata.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00122368 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._wizard.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00024064 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32pipe.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00025600 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32pdh.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00525640 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\windows._lib_cacheinvalidation.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00010240 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\select.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00017408 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32profile.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00022528 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\win32ts.pyd
2015-02-27 09:09 - 2015-02-27 09:09 - 00078336 _____ () C:\Users\Reungoat\AppData\Local\Temp\_MEI56282\wx._animate.pyd
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-02-15 15:15 - 2015-02-15 15:15 - 00133120 _____ () C:\Users\Reungoat\AppData\Roaming\ggcenzvn\colers.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-10-16 03:38 - 2014-10-16 03:38 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2dace9622c68c6ce58d55a6950eeaa95\IsdiInterop.ni.dll
2013-01-22 17:47 - 2012-05-31 05:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-06-10 09:01 - 2013-11-14 05:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-09 10:04 - 2015-02-09 10:04 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2935964518-2361115088-2651154713-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-2935964518-2361115088-2651154713-500 - Administrator - Disabled)
Guest (S-1-5-21-2935964518-2361115088-2651154713-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2935964518-2361115088-2651154713-1002 - Limited - Enabled)
Reungoat (S-1-5-21-2935964518-2361115088-2651154713-1000 - Administrator - Enabled) => C:\Users\Reungoat

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2074

Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2074

Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/27/2015 09:09:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (02/27/2015 09:07:54 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/27/2015 09:06:57 AM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

Error: (02/27/2015 09:06:53 AM) (Source: volsnap) (EventID: 27) (User: )
Description: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.

Error: (02/27/2015 09:04:30 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (02/26/2015 02:23:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Cisco AnyConnect Secure Mobility Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/26/2015 09:03:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/25/2015 03:27:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/25/2015 03:10:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2074

Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2074

Error: (02/27/2015 10:09:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (02/27/2015 10:09:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/27/2015 09:09:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name43900

Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name25900

Error: (02/27/2015 09:07:53 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path name17900


CodeIntegrity Errors:
===================================
Date: 2015-02-25 12:24:08.600
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-02-25 12:24:08.560
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-15 11:15:51.801
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 11:15:51.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 11:15:51.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 11:15:51.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 11:15:51.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 11:15:51.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-13 10:51:48.984
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-13 10:51:48.983
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 53%
Total physical RAM: 8097.21 MB
Available physical RAM: 3770.89 MB
Total Pagefile: 16192.62 MB
Available Pagefile: 11474.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.57 GB) (Free:159.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AE1759B2)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
No, I can't see any IE window open, there is no sound or pop-up windows either. I never use IE myself, I use Firefox.
 
Definitely nothing malicious there.
I can see iexplore.exe running but I suspect it's caused by one of your programs.
Which one I'm not sure.

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as Autoruns.txt file to know location.
You must select Text from drop-down menu as a file type:

p4436801.gif


Paste content of Autoruns.txt file into your next reply.
 
The only program I installed recently that I think could cause that is Spotify but IE is running in task manager even when Spotify is not open.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "25/02/2015 12:42 PM" ""
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe" "8/07/2013 4:00 PM" ""
+ "boinctray" "BOINC System Tray for Windows" "Space Sciences Laboratory" "c:\program files\boinc\boinctray.exe" "12/12/2014 9:01 AM" ""
+ "DBRMTray" "DBRM_Toaster" "Dell Computer Corporation" "c:\dell\dbrm\reminder\dbrmtrayicon.exe" "9/03/2011 5:52 AM" ""
+ "DFEPApplication" "Dell Feature Enhancement Pack" "Dell Inc." "c:\program files\dell\feature enhancement pack\dfepapplication.exe" "16/08/2012 7:24 AM" ""
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe" "21/03/2014 1:39 AM" ""
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe" "21/03/2014 1:40 AM" ""
+ "NetWorx" "NetWorx Application (64-bit)" "SoftPerfect Research" "c:\program files\networx\networx.exe" "4/02/2015 5:38 PM" ""
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe" "21/03/2014 1:39 AM" ""
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe" "16/08/2013 8:39 PM" ""
+ "TdmNotify" "Trusted Drive Manager User Notifier" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmnotify.exe" "9/12/2011 4:45 AM" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" "25/02/2015 11:38 AM" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" "21/01/2015 7:28 AM" ""
+ "Dell Webcam Central" "WebcamDell2.exe" "Creative Technology Ltd" "c:\program files (x86)\dell webcam\dell webcam central\webcamdell2.exe" "16/12/2011 5:17 PM" ""
+ "IAStorIcon" "Delayed launcher" "Intel Corporation" "c:\program files (x86)\intel\intel(r) rapid storage technology\iastoriconlaunch.exe" "8/06/2012 5:18 AM" ""
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe" "3/10/2014 6:54 AM" ""
+ "USB3MON" "Intel(R) USB 3.0 Monitor" "Intel Corporation" "c:\program files (x86)\intel\intel(r) usb 3.0 extensible host controller driver\application\iusb3mon.exe" "22/02/2013 10:38 PM" ""
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "24/02/2015 12:17 PM" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe" "20/02/2013 6:52 AM" ""
+ "Digital Line Detect.lnk" "Digital Line Detection" "Avanquest Software " "c:\program files (x86)\digital line detect\dlg.exe" "22/09/2006 5:35 PM" ""
+ "NI Error Reporting.lnk" "NI Error Reporting Server" "National Instruments Corporation" "c:\program files (x86)\national instruments\shared\ni error reporting\nierserver.exe" "8/06/2013 1:58 AM" ""
"C:\Users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" "" "26/02/2015 2:12 PM" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\reungoat\appdata\roaming\dropbox\bin\dropbox.exe" "11/02/2015 6:58 AM" ""
+ "Smart Settings.lnk" "DellSmartSettings" "Dell Inc." "c:\program files\dell\feature enhancement pack\smartsettings.exe" "16/08/2012 7:22 AM" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" "25/02/2015 12:55 PM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "14/07/2009 9:58 AM" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" "25/02/2015 12:55 PM" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "14/07/2009 9:42 AM" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" "25/02/2015 12:28 PM" ""
+ "boincmgr" "BOINC Manager for Windows" "Space Sciences Laboratory" "c:\program files\boinc\boincmgr.exe" "12/12/2014 9:02 AM" ""
+ "GoogleDriveSync" "Google Drive" "Google" "c:\program files (x86)\google\drive\googledrivesync.exe" "3/11/2012 5:03 AM" ""
+ "Simple Sticky Notes" "Simple Sticky Notes " "Simnet Ltd. " "c:\program files (x86)\simnet\simple sticky notes\ssn.exe" "25/10/2014 8:11 AM" ""
+ "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\users\reungoat\appdata\roaming\spotify\data\spotifywebhelper.exe" "4/12/2014 8:46 PM" ""
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" "" "30/01/2013 12:01 PM" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll" "28/02/2010 7:24 PM" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
+ "GDContextMenu" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\contextmenu64.dll" "16/01/2015 10:57 AM" ""
+ "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\shellex.dll" "11/12/2014 7:56 PM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "22/08/2013 11:01 PM" ""
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
+ "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\shellex.dll" "11/12/2014 8:02 PM" ""
+ "PDFArchitectExtension" "PDF Architect Shell Extension" "pdfforge GbR" "c:\program files (x86)\pdf architect\contextmenuext.dll" "10/01/2013 12:30 AM" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll" "22/08/2013 11:01 PM" ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
+ "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\shellex.dll" "11/12/2014 7:56 PM" ""
"HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
+ "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\shellex.dll" "11/12/2014 8:02 PM" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
+ "GDContextMenu" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\contextmenu64.dll" "16/01/2015 10:57 AM" ""
+ "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\shellex.dll" "11/12/2014 7:56 PM" ""
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "25/02/2015 12:28 PM" ""
+ "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\shellex.dll" "11/12/2014 8:02 PM" ""
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" "" "10/12/2013 8:37 AM" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btncopy.dll" "20/02/2013 6:55 AM" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "22/01/2013 7:24 PM" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" "14/07/2009 11:32 AM" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll" "21/03/2014 1:39 AM" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "22/01/2013 7:24 PM" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll" "14/07/2009 11:09 AM" ""
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "31/01/2013 12:46 PM" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll" "11/05/2013 7:34 PM" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2014 10:11 AM" ""
+ "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\shellex.dll" "11/12/2014 7:56 PM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "22/08/2013 11:01 PM" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "25/07/2014 10:11 AM" ""
+ "Kaspersky Anti-Virus" "Shell Extension" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\shellex.dll" "11/12/2014 8:02 PM" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll" "22/08/2013 11:01 PM" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "18/09/2013 10:29 AM" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll" "22/08/2013 11:01 PM" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "18/09/2013 10:29 AM" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll" "22/08/2013 11:01 PM" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "28/05/2014 10:28 AM" ""
+ "EnabledUnlockedFDEIconOverlay" "TDM Icon Overlay" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmiconoverlay.dll" "9/12/2011 4:43 AM" ""
+ "GDriveBlacklistedOverlay" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\googledrivesync64.dll" "16/01/2015 10:56 AM" ""
+ "GDriveSharedEditOverlay" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\googledrivesync64.dll" "16/01/2015 10:56 AM" ""
+ "GDriveSharedViewOverlay" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\googledrivesync64.dll" "16/01/2015 10:56 AM" ""
+ "GDriveSyncedOverlay" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\googledrivesync64.dll" "16/01/2015 10:56 AM" ""
+ "GDriveSyncingOverlay" "Google Drive shell extension" "Google" "c:\program files (x86)\google\drive\googledrivesync64.dll" "16/01/2015 10:56 AM" ""
+ "UninitializedFdeIconOverlay" "TDM Icon Overlay" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmiconoverlay.dll" "9/12/2011 4:43 AM" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "26/02/2015 1:47 PM" ""
+ "Content Blocker Plugin" "Content Blocker Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\contentblocker\ie_content_blocker_plugin.dll" "5/11/2013 12:07 AM" ""
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll" "6/03/2013 5:39 PM" ""
+ "Safe Money Plugin" "Safe Money Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\onlinebanking\online_banking_bho.dll" "14/12/2013 1:27 AM" ""
+ "URL Advisor Plugin" "URL Advisor Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\urladvisor\klwtbbho.dll" "11/02/2014 2:43 AM" ""
+ "Virtual Keyboard Plugin" "Virtual Keyboard Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll" "11/12/2014 8:00 PM" ""
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll" "22/09/2010 7:47 AM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "26/02/2015 1:47 PM" ""
+ "Content Blocker Plugin" "Content Blocker Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\contentblocker\ie_content_blocker_plugin.dll" "5/11/2013 12:09 AM" ""
+ "Java(tm) Plug-In 2 SSV Helper" "Java(TM) Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_31\bin\jp2ssv.dll" "18/12/2014 3:31 PM" ""
+ "Java(tm) Plug-In SSV Helper" "Java(TM) Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre1.8.0_31\bin\ssv.dll" "18/12/2014 3:31 PM" ""
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll" "6/03/2013 5:38 PM" ""
+ "PDF Architect Helper" "PDF Architect Helper" "pdfforge GbR" "c:\program files (x86)\pdf architect\pdfiehelper.dll" "10/01/2013 12:27 AM" ""
+ "Safe Money Plugin" "Safe Money Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\onlinebanking\online_banking_bho.dll" "14/12/2013 1:29 AM" ""
+ "URL Advisor Plugin" "URL Advisor Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\urladvisor\klwtbbho.dll" "11/02/2014 2:46 AM" ""
+ "Virtual Keyboard Plugin" "Virtual Keyboard Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll" "11/12/2014 8:02 PM" ""
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll" "22/09/2010 7:01 AM" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" "" "25/07/2014 10:11 AM" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll" "6/03/2013 7:37 PM" ""
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll" "13/08/2013 5:58 AM" ""
+ "URLs check" "URL Advisor Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\urladvisor\klwtbbho.dll" "11/02/2014 2:43 AM" ""
+ "Virtual Keyboard" "Virtual Keyboard Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\x64\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll" "11/12/2014 8:00 PM" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" "" "25/07/2014 10:11 AM" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll" "10/11/2010 8:03 PM" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll" "6/03/2013 7:25 PM" ""
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll" "13/08/2013 5:46 AM" ""
+ "URLs check" "URL Advisor Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\urladvisor\klwtbbho.dll" "11/02/2014 2:46 AM" ""
+ "Virtual Keyboard" "Virtual Keyboard Plugin" "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll" "11/12/2014 8:02 PM" ""
"Task Scheduler" "" "" "" "" ""
+ "\Adobe Acrobat Update Task" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe" "20/12/2014 2:43 AM" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 16.0 r0" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "3/02/2015 8:07 AM" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe" "2/06/2011 10:46 AM" ""
+ "\Dell\Command Update" "Dell Command | Update" "Dell Inc." "c:\program files (x86)\dell\commandupdate\dellcommandupdate.exe" "6/05/2014 2:45 AM" ""
+ "\GarminUpdaterTask" "GarminSelfUpdater" "" "c:\program files (x86)\garmin\express self updater\expressselfupdater.exe" "1/01/2015 2:30 AM" ""
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
+ "\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core" "Google Installer" "Google Inc." "c:\users\reungoat\appdata\local\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
+ "\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA" "Google Installer" "Google Inc." "c:\users\reungoat\appdata\local\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll" "10/11/2010 8:02 PM" ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" "11/06/2009 6:36 AM" ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" "14/07/2009 10:24 AM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "26/02/2015 5:20 PM" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe" "20/12/2014 2:43 AM" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe" "3/02/2015 8:07 AM" ""
+ "Apple Mobile Device Service" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe" "19/12/2014 10:38 PM" ""
+ "AVP" "Provides computer protection against viruses, dangerous software, network attacks, internet fraud and spam." "Kaspersky Lab ZAO" "c:\program files (x86)\kaspersky lab\kaspersky anti-virus 14.0.0\avp.exe" "30/09/2013 1:13 AM" ""
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe" "31/08/2011 3:52 PM" ""
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwdins.exe" "20/02/2013 6:55 AM" ""
+ "cphs" "Intel(R) Content Protection HECI Service - enables communication with the Content Protection FW" "Intel Corporation" "c:\windows\syswow64\intelcphecisvc.exe" "9/02/2013 6:26 AM" ""
+ "DFEPService" "Dell Feature Enhancement Pack Service" "Dell Inc." "c:\program files\dell\feature enhancement pack\dfepservice.exe" "16/08/2012 7:25 AM" ""
+ "EmbassyService" "EmbassyServer Application" "" "c:\program files\dell\dell data protection\access\advanced\wave\embassy client core\embassyserver.exe" "17/01/2012 9:37 PM" ""
+ "Garmin Core Update Service" "Keeps the software and content on your Garmin devices and the Garmin software on your PC up to date." "Garmin Ltd or its subsidiaries" "c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe" "1/01/2015 2:30 AM" ""
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe" "16/02/2012 12:43 PM" ""
+ "gusvc" "gusvc" "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe" "14/12/2006 3:55 PM" ""
+ "HsfXAudioService" "User-mode gate for HSF Modem" "Conexant Systems, Inc." "c:\windows\syswow64\xaudio64.dll" "30/04/2009 4:21 AM" ""
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe" "31/05/2012 6:55 AM" ""
 
Back