Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
The computer creates an 100 MB folder in C:\Windows\Temp every 23 minutes
Message
<blockquote data-quote="Kroum" data-source="post: 514080" data-attributes="member: 53157"><p>Thank you for the fast response. For some reason I cannot upload the files. I get an error message each time I attempt to do it. That's why I have to copy and paste their contents here.</p><p>[code]</p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2016</p><p>Ran by Kroum (administrator) on KROUM-DELL (07-06-2016 08:00:46)</p><p>Running from D:\Equipment\DellComputer\Tools\FarbarRecoveryScanTool</p><p>Loaded Profiles: Kroum (Available Profiles: Kroum & Administrator)</p><p>Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: FF)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]</p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe</p><p>(AMD) C:\Windows\System32\atiesrxx.exe</p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p>(AMD) C:\Windows\System32\atieclxx.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe</p><p>(McAfee, Inc.) C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe</p><p>(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe</p><p>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE</p><p>(2BrightSparks Pte Ltd) C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe</p><p>(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>() C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe</p><p>(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe</p><p>(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe</p><p>(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe</p><p>(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe</p><p>(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe</p><p>(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe</p><p>(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe</p><p>(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe</p><p>(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe</p><p>(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe</p><p>(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe</p><p>(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe</p><p>(Microsoft Corporation) C:\Windows\System32\prevhost.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor)</p><p>HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64</p><p>HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()</p><p>HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64</p><p>HKLM\...\Run: [TortoiseHgOverlayIconServer] => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [100616 2014-03-04] ()</p><p>HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)</p><p>HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)</p><p>HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-13] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [BDRegion] => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-04-26] (cyberlink)</p><p>HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()</p><p>HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)</p><p>HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-05-18] (AVG Technologies CZ, s.r.o.)</p><p>HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-05-20] (AVG Technologies CZ, s.r.o.)</p><p>Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]</p><p>HKU\S-1-5-21-492438243-1724543470-1360378280-1000\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mstart.exe [40304 2014-10-14] (Citrix Online, a division of Citrix Systems, Inc.)</p><p>HKU\S-1-5-21-492438243-1724543470-1360378280-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)</p><p>HKU\S-1-5-21-492438243-1724543470-1360378280-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)</p><p>HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"</p><p>ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)</p><p>ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)</p><p>ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)</p><p>ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)</p><p>ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)</p><p>ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)</p><p>ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)</p><p>ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)</p><p>ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)</p><p>BootExecute: autocheck autochk * bootdelete</p><p>CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Tcpip\..\Interfaces\{1434E7FE-0B90-4C48-8881-C7CC073C2B9D}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKU\S-1-5-21-492438243-1724543470-1360378280-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/23</p><p>SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =</p><p>SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =</p><p>SearchScopes: HKU\S-1-5-21-492438243-1724543470-1360378280-1000 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =</p><p>BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)</p><p>BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-25] (Sun Microsystems, Inc.)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)</p><p>BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)</p><p>BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)</p><p>DPF: HKLM-x32 {070DC617-E3B7-468B-A29C-D4E84FAE938C} hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab</p><p>DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab</p><p>DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab</p><p>Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)</p><p>Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File</p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)</p><p>Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)</p><p>Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\d99ufqj4.default-1453307276594</p><p>FF Homepage: hxxp://[URL="http://www.foxnews.com/"]www.foxnews.com/[/URL]</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()</p><p>FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-25] (Sun Microsystems, Inc.)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled [No File]</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2013-12-18] (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)</p><p>FF Plugin HKU\S-1-5-21-492438243-1724543470-1360378280-1000: @citrixonline.com/appdetectorplugin -> D:\Users\Kroum\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-14] (Citrix Online)</p><p>FF user.js: detected! => D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\5wjiogi6.stanimir\user.js [2013-04-23]</p><p>FF SearchPlugin: D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\5wjiogi6.stanimir\searchplugins\avg-secure-search.xml [2013-09-28]</p><p>FF Extension: DOM Inspector - D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\5wjiogi6.stanimir\Extensions\inspector@mozilla.org [2011-11-16] [not signed]</p><p>FF Extension: Stylish - D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\5wjiogi6.stanimir\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2011-11-16] [not signed]</p><p>FF Extension: Video DownloadHelper - D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\d99ufqj4.default-1453307276594\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]</p><p>FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-02-26] [not signed]</p><p>FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-02-26] [not signed]</p><p>FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-02-26] [not signed]</p><p>FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]</p><p>FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird</p><p>FF Extension: AVG E-mail Scanner - C:\Program Files (x86)\AVG\AVG2012\Thunderbird [2011-12-23] [not signed]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR Profile: D:\Users\Kroum\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (YouTube) - D:\Users\Kroum\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-26]</p><p>CHR Extension: (Google Search) - D:\Users\Kroum\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-26]</p><p>CHR Extension: (Gmail) - D:\Users\Kroum\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-26]</p><p>CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-05-20] (AVG Technologies CZ, s.r.o.)</p><p>R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5164800 2016-05-20] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080592 2016-05-18] (AVG Technologies CZ, s.r.o.)</p><p>R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-05-20] (AVG Technologies CZ, s.r.o.)</p><p>S3 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)</p><p>R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)</p><p>R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)</p><p>S3 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [232944 2010-04-26] (CyberLink)</p><p>R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)</p><p>R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)</p><p>R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-06-05] (SurfRight B.V.)</p><p>R2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [144008 2016-02-24] (McAfee, Inc.)</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)</p><p>S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)</p><p>R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)</p><p>R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)</p><p>S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)</p><p>S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1072296 2016-06-01] (Enigma Software Group USA, LLC.)</p><p>R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)</p><p>R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)</p><p>R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4803344 2016-06-01] (AVG Technologies CZ, s.r.o.)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)</p><p>R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)</p><p>R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)</p><p>R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)</p><p>R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [279296 2016-05-17] (AVG Technologies CZ, s.r.o.)</p><p>R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)</p><p>R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)</p><p>R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)</p><p>S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)</p><p>S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-06-01] (Enigma Software Group USA, LLC.)</p><p>S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-01] ()</p><p>R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-05-17] (Paragon Software Group)</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)</p><p>R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-07] (Malwarebytes)</p><p>R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)</p><p>R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)</p><p>R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)</p><p>R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)</p><p>S2 TinaKey; C:\Windows\SysWow64\Drivers\TinaKey.sys [9600 1998-08-10] ()</p><p>R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-06-01] (AVG Netherlands B.V.)</p><p>R3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)</p><p>R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-07-10] (Jungo)</p><p>R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-07-10] (Xilinx, Inc.)</p><p>S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]</p><p>S3 VGPU; System32\drivers\rdvgkmd.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-06-07 07:30 - 2016-06-07 07:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5</p><p>2016-06-06 21:38 - 2016-06-06 21:38 - 00275224 _____ C:\Windows\Minidump\060616-35209-01.dmp</p><p>2016-06-06 21:37 - 2016-06-06 21:37 - 1432486808 _____ C:\Windows\MEMORY.DMP</p><p>2016-06-06 16:24 - 2016-06-07 08:00 - 00000000 ____D C:\FRST</p><p>2016-06-05 17:06 - 2016-06-05 17:06 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys</p><p>2016-06-05 17:02 - 2016-06-05 17:02 - 00000829 _____ C:\Users\Public\Desktop\RogueKiller.lnk</p><p>2016-06-05 17:02 - 2016-06-05 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller</p><p>2016-06-05 16:12 - 2016-06-05 16:12 - 00019902 _____ C:\Windows\system32\.crusader</p><p>2016-06-05 13:27 - 2016-06-05 13:27 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance</p><p>2016-06-05 13:21 - 2016-06-05 13:21 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk</p><p>2016-06-05 13:21 - 2016-06-05 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp</p><p>2016-06-05 13:21 - 2016-06-01 15:12 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe</p><p>2016-06-05 13:21 - 2016-06-01 15:05 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll</p><p>2016-06-05 13:21 - 2016-06-01 15:05 - 00039696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll</p><p>2016-06-05 12:26 - 2016-06-05 12:26 - 00000000 ____D C:\ProgramData\ESET</p><p>2016-06-05 12:26 - 2016-06-05 12:26 - 00000000 ____D C:\Program Files\ESET</p><p>2016-06-05 09:12 - 2016-06-05 18:17 - 00000000 ____D C:\EEK</p><p>2016-06-05 07:23 - 2016-06-05 17:02 - 00000000 ____D C:\Program Files\RogueKiller</p><p>2016-06-05 07:23 - 2016-06-05 17:00 - 00000000 ____D C:\ProgramData\RogueKiller</p><p>2016-06-05 07:00 - 2016-06-05 16:12 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2016-06-05 07:00 - 2016-06-05 07:00 - 00001864 _____ C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2016-06-05 07:00 - 2016-06-05 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2016-06-05 07:00 - 2016-06-05 07:00 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2016-06-04 23:35 - 2016-06-04 23:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2016-06-03 20:56 - 2016-06-03 20:56 - 00001945 _____ C:\Windows\epplauncher.mif</p><p>2016-06-03 20:55 - 2016-06-03 20:55 - 00002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk</p><p>2016-06-03 20:55 - 2016-06-03 20:55 - 00000000 ____D C:\Program Files\Microsoft Security Client</p><p>2016-06-03 20:55 - 2016-06-03 20:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client</p><p>2016-06-03 14:10 - 2016-06-03 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</p><p>2016-06-03 14:10 - 2016-06-03 14:10 - 00000000 ____D C:\Program Files\Common Files\AV</p><p>2016-06-03 14:08 - 2016-06-03 14:08 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk</p><p>2016-06-03 14:08 - 2016-06-03 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen</p><p>2016-06-03 09:00 - 2016-06-03 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip</p><p>2016-06-03 09:00 - 2016-06-03 09:00 - 00000000 ____D C:\Program Files\7-Zip</p><p>2016-06-03 08:24 - 2016-06-07 07:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2016-06-03 08:24 - 2016-06-04 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2016-06-03 08:23 - 2016-06-05 06:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2016-06-03 08:23 - 2016-06-03 08:23 - 00000000 ____D C:\ProgramData\Malwarebytes</p><p>2016-06-03 08:23 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2016-06-03 08:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2016-06-03 08:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys</p><p>2016-06-03 08:20 - 2016-06-03 08:20 - 00000000 ____D C:\KVRT_Data</p><p>2016-06-03 07:56 - 2016-06-03 07:56 - 00000000 ____D C:\Windows\pss</p><p>2016-06-01 20:11 - 2016-06-01 20:11 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys</p><p>2016-06-01 18:29 - 2016-06-01 21:02 - 00000000 ____D C:\Program Files\Enigma Software Group</p><p>2016-06-01 18:29 - 2016-06-01 18:29 - 00000000 ____D C:\sh4ldr</p><p>2016-06-01 18:29 - 2016-06-01 18:29 - 00000000 _____ C:\autoexec.bat</p><p>2016-05-24 23:02 - 2016-05-24 23:02 - 00002829 _____ C:\Windows\diagerr.xml</p><p>2016-05-24 23:02 - 2016-05-24 23:02 - 00001908 _____ C:\Windows\diagwrn.xml</p><p>2016-05-18 12:13 - 2016-05-18 12:13 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys</p><p>2016-05-17 10:50 - 2016-05-17 10:50 - 00279296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys</p><p>2016-05-12 22:01 - 2016-05-12 22:01 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe</p><p>2016-05-11 07:26 - 2016-04-23 13:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2016-05-11 07:26 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll</p><p>2016-05-11 07:26 - 2016-04-23 01:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2016-05-11 07:26 - 2016-04-23 01:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2016-05-11 07:26 - 2016-04-23 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2016-05-11 07:26 - 2016-04-23 01:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2016-05-11 07:26 - 2016-04-23 01:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2016-05-11 07:26 - 2016-04-23 01:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2016-05-11 07:26 - 2016-04-23 01:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec</p><p>2016-05-11 07:26 - 2016-04-23 01:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2016-05-11 07:26 - 2016-04-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2016-05-11 07:26 - 2016-04-23 00:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2016-05-11 07:26 - 2016-04-23 00:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2016-05-11 07:26 - 2016-04-23 00:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2016-05-11 07:26 - 2016-04-23 00:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2016-05-11 07:26 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec</p><p>2016-05-11 07:26 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2016-05-11 07:26 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2016-05-11 07:26 - 2016-04-23 00:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2016-05-11 07:26 - 2016-04-22 23:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2016-05-11 07:26 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2016-05-11 07:26 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll</p><p>2016-05-11 07:26 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll</p><p>2016-05-11 07:26 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll</p><p>2016-05-11 07:26 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi</p><p>2016-05-11 07:26 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe</p><p>2016-05-11 07:26 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys</p><p>2016-05-11 07:26 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi</p><p>2016-05-11 07:26 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys</p><p>2016-05-11 07:26 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys</p><p>2016-05-11 07:26 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys</p><p>2016-05-11 07:26 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</p><p>2016-05-11 07:26 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</p><p>2016-05-11 07:26 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</p><p>2016-05-11 07:26 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys</p><p>2016-05-11 07:26 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2016-05-11 07:26 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys</p><p>2016-05-11 07:26 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys</p><p>2016-05-11 07:26 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys</p><p>2016-05-11 07:26 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</p><p>2016-05-11 07:26 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</p><p>2016-05-11 07:26 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll</p><p>2016-05-11 07:26 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll</p><p>2016-05-11 07:26 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll</p><p>2016-05-11 07:26 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll</p><p>2016-05-11 07:26 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll</p><p>2016-05-11 07:26 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll</p><p>2016-05-11 07:26 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-06-07 08:01 - 2012-04-01 08:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2016-06-07 07:51 - 2014-10-14 12:23 - 00000538 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-492438243-1724543470-1360378280-1000.job</p><p>2016-06-07 07:50 - 2012-01-29 17:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2016-06-07 07:38 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2016-06-07 07:38 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2016-06-07 07:30 - 2011-11-02 12:14 - 00000000 ____D C:\ProgramData\MFAData</p><p>2016-06-07 07:29 - 2012-01-29 17:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2016-06-07 07:29 - 2011-11-16 11:10 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs</p><p>2016-06-07 07:29 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2016-06-07 00:08 - 2014-12-24 10:52 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task</p><p>2016-06-06 23:09 - 2015-05-29 23:31 - 00000634 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-492438243-1724543470-1360378280-1000.job</p><p>2016-06-06 21:38 - 2014-10-22 18:26 - 00000000 ____D C:\Windows\Minidump</p><p>2016-06-06 12:33 - 2016-03-27 16:57 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask</p><p>2016-06-05 13:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration</p><p>2016-06-04 17:47 - 2011-11-16 03:36 - 00000000 ____D D:\Users\Kroum</p><p>2016-06-03 14:09 - 2011-11-13 13:01 - 00000000 ___HD C:\$AVG</p><p>2016-06-03 14:09 - 2011-11-02 12:17 - 00000000 ____D C:\Program Files (x86)\AVG</p><p>2016-06-03 14:08 - 2015-01-25 11:04 - 00000000 ____D C:\ProgramData\AVG</p><p>2016-06-03 12:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Branding</p><p>2016-06-03 09:35 - 2011-11-04 18:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer</p><p>2016-06-03 09:20 - 2011-10-25 20:32 - 00000000 ____D C:\Program Files (x86)\Nero</p><p>2016-06-03 09:19 - 2011-10-25 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell</p><p>2016-06-03 08:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf</p><p>2016-06-02 14:53 - 2016-03-25 14:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk</p><p>2016-06-01 21:14 - 2013-03-28 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAED</p><p>2016-05-28 21:17 - 2011-11-16 09:32 - 00000000 ___RD C:\Program Files (x86)\Skype</p><p>2016-05-28 21:17 - 2011-11-16 09:32 - 00000000 ____D C:\ProgramData\Skype</p><p>2016-05-26 00:29 - 2015-04-05 00:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX</p><p>2016-05-26 00:29 - 2015-04-05 00:33 - 00000000 ___SD C:\Windows\system32\GWX</p><p>2016-05-25 10:47 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI</p><p>2016-05-24 23:01 - 2015-08-18 11:37 - 00000000 ____D C:\Windows\Panther</p><p>2016-05-20 06:31 - 2009-07-14 00:45 - 00441776 _____ C:\Windows\system32\FNTCACHE.DAT</p><p>2016-05-19 21:50 - 2015-05-29 23:31 - 00003668 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-492438243-1724543470-1360378280-1000</p><p>2016-05-19 21:50 - 2014-10-14 12:23 - 00003572 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-492438243-1724543470-1360378280-1000</p><p>2016-05-14 07:43 - 2009-07-14 01:08 - 00032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT</p><p>2016-05-13 19:12 - 2016-02-27 18:22 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk</p><p>2016-05-13 19:12 - 2016-02-27 18:22 - 00000970 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk</p><p>2016-05-12 23:42 - 2014-12-11 08:11 - 00000000 ____D C:\Windows\system32\appraiser</p><p>2016-05-12 22:01 - 2012-04-01 08:23 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2016-05-12 22:01 - 2012-04-01 08:23 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater</p><p>2016-05-12 22:01 - 2011-10-25 19:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2016-05-12 12:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache</p><p>2016-05-12 07:40 - 2010-11-21 03:16 - 00000000 ____D C:\Program Files\Windows Journal</p><p>2016-05-12 00:05 - 2013-08-14 08:46 - 00000000 ____D C:\Windows\system32\MRT</p><p>2016-05-11 23:57 - 2011-11-07 08:38 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2016-05-10 17:45 - 2012-01-29 17:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2016-05-10 17:45 - 2012-01-29 17:26 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2016-02-25 15:41 - 2016-02-25 15:41 - 0002811 _____ () D:\Users\Kroum\AppData\Local\recently-used.xbel</p><p>2014-11-30 15:01 - 2016-04-29 20:09 - 0034133 _____ () C:\ProgramData\RulesDecks.xml</p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\dnsapi.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2016-05-28 10:04</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-06-2016</p><p>Ran by Kroum (2016-06-07 08:01:26)</p><p>Running from D:\Equipment\DellComputer\Tools\FarbarRecoveryScanTool</p><p>Windows 7 Ultimate Service Pack 1 (X64) (2011-11-02 14:32:39)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-492438243-1724543470-1360378280-500 - Administrator - Enabled) => C:\Users\Administrator</p><p>Guest (S-1-5-21-492438243-1724543470-1360378280-501 - Limited - Enabled)</p><p>HomeGroupUser$ (S-1-5-21-492438243-1724543470-1360378280-1002 - Limited - Enabled)</p><p>Kroum (S-1-5-21-492438243-1724543470-1360378280-1000 - Administrator - Enabled) => D:\Users\Kroum</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}</p><p>AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}</p><p>AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)</p><p>Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)</p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)</p><p>Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)</p><p>Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)</p><p>AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)</p><p>Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)</p><p>ArcGIS Engine Runtime 10 (HKLM-x32\...\ArcGIS Engine Runtime 10) (Version: 10.0.3600 - Environmental Systems Research Institute, Inc.)</p><p>ArcGIS Engine Runtime 10 (x32 Version: 10.0.3600 - Environmental Systems Research Institute, Inc.) Hidden</p><p>ArcGIS Engine Runtime 10 Service Pack 3 (HKLM-x32\...\ArcGIS Engine Runtime 10 SP3) (Version: - Environmental Systems Research Institute, Inc.)</p><p>ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden</p><p>Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)</p><p>AVG (HKLM\...\AvgZen) (Version: 1.61.2.12974 - AVG Technologies)</p><p>AVG (Version: 16.81.7639 - AVG Technologies) Hidden</p><p>AVG 2016 (Version: 16.0.4598 - AVG Technologies) Hidden</p><p>AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.42.2.18804 - AVG Technologies)</p><p>AVG PC TuneUp (x32 Version: 16.42.6 - AVG Technologies) Hidden</p><p>AVG Protection (HKLM\...\AVG) (Version: 2016.81.7639 - AVG Technologies)</p><p>AVG Zen (Version: 1.61.9 - AVG Technologies) Hidden</p><p>Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)</p><p>Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)</p><p>Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)</p><p>CAED 2016 (HKLM-x32\...\{93ADDCD7-52C0-4FA8-B427-C8C939F15F10}) (Version: 16.00.0000 - Statistics Canada)</p><p>calibre (HKLM-x32\...\{2C12982F-E11A-40C8-96AF-68424A18BBD0}) (Version: 2.46.0 - Kovid Goyal)</p><p>Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )</p><p>CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)</p><p>Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)</p><p>Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)</p><p>Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects)</p><p>CSAZ 2.2 (HKLM-x32\...\CSAZ_is1) (Version: - Geometrics, Inc)</p><p>CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.0.2829 - CyberLink Corp.)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden</p><p>Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)</p><p>Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)</p><p>Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)</p><p>Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)</p><p>Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)</p><p>Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)</p><p>Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)</p><p>Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)</p><p>Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)</p><p>Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)</p><p>Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)</p><p>Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden</p><p>Diagram Designer (HKLM-x32\...\Diagram Designer) (Version: - )</p><p>Digilent Software (HKLM-x32\...\Digilent Software) (Version: 1.0.198 - Digilent, Inc.)</p><p>DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden</p><p>eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)</p><p>FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)</p><p>FMW 1 (Version: 1.92.4 - AVG Technologies) Hidden</p><p>Geosoft Oasis montaj Viewer (HKLM-x32\...\{A5E91190-FFD4-4B8F-9F9F-5B1AA758BC69}) (Version: 7.5.0 - Geosoft)</p><p>GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)</p><p>Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)</p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden</p><p>GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )</p><p>GoToMeeting 7.18.0.4962 (HKU\S-1-5-21-492438243-1724543470-1360378280-1000\...\GoToMeeting) (Version: 7.18.0.4962 - CitrixOnline)</p><p>High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)</p><p>Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)</p><p>Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden</p><p>Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)</p><p>Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)</p><p>Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden</p><p>K-Lite Mega Codec Pack 11.9.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.6 - KLCP)</p><p>Kobo (HKLM-x32\...\Kobo) (Version: /Qt-5.2.0 - Kobo Inc.)</p><p>lcc-win version 1.2 (base 64 bit system) (HKLM-x32\...\lcc-win (64 bit system)_is1) (Version: - Logiciels/Informatique, Jacob Navia)</p><p>LibreOffice 5.1.0.3 (HKLM-x32\...\{2F75F86D-8362-4F49-9536-D87DCBF6ABAE}) (Version: 5.1.0.3 - The Document Foundation)</p><p>Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)</p><p>Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden</p><p>Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)</p><p>Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft OneDrive (HKU\S-1-5-21-492438243-1724543470-1360378280-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)</p><p>Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Mozilla Firefox 46.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x64 en-US)) (Version: 46.0.1 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)</p><p>Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla)</p><p>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)</p><p>Paragon Partition Manager™ 11 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)</p><p>PCBWeb Designer 2.4.56.1 (HKLM-x32\...\{DE8DDC76-87AF-408C-9763-D87E666EE3E7}_is1) (Version: 2.4.56.1 - Silicon Frameworks, LLC)</p><p>PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden</p><p>PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)</p><p>PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)</p><p>qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)</p><p>RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.)</p><p>RegHunter (HKLM-x32\...\RegHunter) (Version: 2.0.24.1985 - Enigma Software Group, LLC)</p><p>RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)</p><p>Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)</p><p>Roxio File Backup (Version: 1.3.2 - Roxio) Hidden</p><p>SA Dictionary 2008 Beta 4 (HKLM-x32\...\{055A5AF0-9FEB-440D-B00A-18935C7C171C}) (Version: 6.6.12 - Stefan Angelov)</p><p>Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)</p><p>Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)</p><p>Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden</p><p>SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.22.8.4668 - Enigma Software Group, LLC)</p><p>swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden</p><p>SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.3.13.0 - 2BrightSparks)</p><p>SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG)</p><p>TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)</p><p>THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)</p><p>Tina Pro for Windows (HKLM-x32\...\Tina Pro for Windows) (Version: - )</p><p>TortoiseHg 2.11.1 (x64) (HKLM\...\{A0A48C39-F6D7-4827-B815-C96A24AD6349}) (Version: 2.11.1 - Steve Borho and others)</p><p>TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)</p><p>Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)</p><p>Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)</p><p>Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)</p><p>Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)</p><p>Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (05/11/2012 7.12.0.7708) (HKLM\...\F08FBE1E25E15082FAFBE06F7EA2E391D8C542F4) (Version: 05/11/2012 7.12.0.7708 - Advanced Micro Devices)</p><p>Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (07/27/2012 8.982.0.0000) (HKLM\...\72F27401C8967C21EE2D72B6A8A5B5FCEE8808FE) (Version: 07/27/2012 8.982.0.0000 - Advanced Micro Devices, Inc.)</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)</p><p>Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)</p><p>Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)</p><p>WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)</p><p>WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)</p><p>Xilinx Design Tools (C:\Xilinx\14.2\ISE_DS) (HKLM\...\Xilinx Design Tools) (Version: - Xilinx, Inc.)</p><p>Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)</p><p>Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-492438243-1724543470-1360378280-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)</p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {075A1230-4E80-4912-8FAE-7D635E0F387D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe</p><p>Task: {105DB941-92A3-473E-AADD-D237B7A874B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)</p><p>Task: {113C6A13-2051-4A22-B4CC-D52BE89B0A32} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)</p><p>Task: {176A7550-57FF-4D10-97DF-1FBB6DF93FCC} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe</p><p>Task: {212A1FEE-0F6A-4E55-BB65-AD1D934F73DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)</p><p>Task: {25BCB300-C93A-497F-BBB2-77683D9D1A45} - System32\Tasks\2BrightSparks\SyncBackFree\Kroum-Dell-Kroum\SyncBackFree User Data Backup => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2013-02-25] (2BrightSparks Pte Ltd)</p><p>Task: {40390A01-E967-468F-8D10-C4AB360CE536} - System32\Tasks\2BrightSparks\SyncBackFree\Kroum-Dell-Kroum\SyncBackFree => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2013-02-25] (2BrightSparks Pte Ltd)</p><p>Task: {5582DA29-EB57-4CBC-AD49-5EE9F39C4714} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-06-01] (AVG Technologies CZ, s.r.o.)</p><p>Task: {65F7A7F2-605A-44D5-94E8-4984BFD8F584} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)</p><p>Task: {74522264-DB1F-47A2-8A17-E45BB1195267} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)</p><p>Task: {76980C2D-5027-44E7-BAE6-9CFD72B8CF07} - System32\Tasks\{06C9F9EC-B176-4DA2-AA68-80EF97A1A508} => pcalua.exe -a D:\Users\Kroum\Downloads\Xilinx\10.1\webpack\setup.exe -d D:\Users\Kroum\Downloads\Xilinx\10.1\webpack</p><p>Task: {85C5484D-FE00-4CA7-933B-7A815BA717D9} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-02-19] ()</p><p>Task: {87258C4F-368B-41CA-85C0-B0DE073071B7} - System32\Tasks\{170B9C74-E0EE-4D53-8AE4-BD317E97F5FF} => pcalua.exe -a D:\Users\Kroum\Downloads\Kobo\ADE_2.0_Installer.exe -d D:\Users\Kroum\Downloads\Kobo</p><p>Task: {88C0BAEB-5643-4336-9FBB-3DCB77B9FC36} - System32\Tasks\G2MUploadTask-S-1-5-21-492438243-1724543470-1360378280-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4962\g2mupload.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.)</p><p>Task: {9BEA69BB-178C-49A6-928E-5F4C2F7058DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)</p><p>Task: {CBE0C294-4CAB-4ADD-9623-56860310E19B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)</p><p>Task: {D60E3901-4052-4C24-AA82-DEC968652EB7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)</p><p>Task: {DAD34E8A-ADED-4CDD-9CE8-D73653C45A30} - System32\Tasks\{E52CE833-C166-4604-82C4-18C40FF7BD6D} => Firefox.exe hxxp://[URL="http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124&amp;LastError=12002"]www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124&amp;LastError=12002[/URL]</p><p>Task: {DDD95794-429E-446F-923B-65AD681209D2} - System32\Tasks\G2MUpdateTask-S-1-5-21-492438243-1724543470-1360378280-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4962\g2mupdate.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.)</p><p>Task: {E220AC8E-DE5A-4744-B4B9-5F201B2CA10A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-492438243-1724543470-1360378280-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4962\g2mupdate.exe</p><p>Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-492438243-1724543470-1360378280-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4962\g2mupload.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Shortcuts =============================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>Shortcut: C:\Users\Public\Desktop\Vivado 2012.2.lnk -> C:\Xilinx\Vivado\2012.2\bin\vivado.bat ()</p><p>Shortcut: C:\Users\Public\Desktop\Vivado HLS 2012.2.lnk -> C:\Xilinx\Vivado_HLS\2012.2\bin\vivado_hls.bat ()</p><p>Shortcut: C:\Users\Public\Desktop\Xilinx PlanAhead 14.2.lnk -> C:\Xilinx\14.2\ISE_DS\PlanAhead\bin\planAhead.bat ()</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2011-11-18 04:22 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll</p><p>2015-03-02 10:43 - 2015-03-02 10:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll</p><p>2014-03-04 09:15 - 2014-03-04 09:15 - 00100616 _____ () C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe</p><p>2012-10-27 09:28 - 2012-10-27 09:28 - 00128512 _____ () C:\Program Files\TortoiseHg\win32api.pyd</p><p>2012-10-27 09:27 - 2012-10-27 09:27 - 00137728 _____ () C:\Program Files\TortoiseHg\pywintypes27.dll</p><p>2012-10-27 09:28 - 2012-10-27 09:28 - 00223232 _____ () C:\Program Files\TortoiseHg\win32gui.pyd</p><p>2012-10-27 09:27 - 2012-10-27 09:27 - 00027648 _____ () C:\Program Files\TortoiseHg\win32pipe.pyd</p><p>2012-10-27 09:27 - 2012-10-27 09:27 - 00023040 _____ () C:\Program Files\TortoiseHg\win32event.pyd</p><p>2012-10-27 09:27 - 2012-10-27 09:27 - 00149504 _____ () C:\Program Files\TortoiseHg\win32file.pyd</p><p>2012-10-27 09:28 - 2012-10-27 09:28 - 00136192 _____ () C:\Program Files\TortoiseHg\win32security.pyd</p><p>2013-11-10 20:24 - 2013-11-10 20:24 - 00111616 _____ () C:\Program Files\TortoiseHg\_ctypes.pyd</p><p>2014-03-04 09:13 - 2014-03-04 09:13 - 00010752 _____ () C:\Program Files\TortoiseHg\mercurial.osutil.pyd</p><p>2012-10-27 09:27 - 2012-10-27 09:27 - 00044032 _____ () C:\Program Files\TortoiseHg\win32process.pyd</p><p>2012-10-27 09:29 - 2012-10-27 09:29 - 00503808 _____ () C:\Program Files\TortoiseHg\pythoncom27.dll</p><p>2012-10-27 09:31 - 2012-10-27 09:31 - 00438784 _____ () C:\Program Files\TortoiseHg\win32com.shell.shell.pyd</p><p>2016-05-12 22:01 - 2016-05-12 22:01 - 26774720 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll</p><p>2016-06-03 14:07 - 2016-06-03 14:06 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll</p><p>2016-05-12 08:59 - 2016-05-12 08:59 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll</p><p>2011-10-25 20:01 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll</p><p>2016-04-29 18:36 - 2016-04-02 23:20 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll</p><p>2016-04-29 18:36 - 2016-04-02 23:20 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"</p><p></p><p>==================== Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 22:34 - 2016-03-05 13:31 - 00000834 ____N C:\Windows\system32\Drivers\etc\hosts</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-492438243-1724543470-1360378280-1000\Control Panel\Desktop\\Wallpaper -></p><p>DNS Servers: 8.8.8.8 - 8.8.4.4</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"</p><p>MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"</p><p>MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE</p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe</p><p>FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe</p><p>FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe</p><p>FirewallRules: [{A2A8A11B-6FAD-43CC-A90F-91EE99B5A635}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe</p><p>FirewallRules: [{35DD1A6B-A351-4C58-A03E-BE85DC7765B3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe</p><p>FirewallRules: [{1C6C4C01-50EA-438E-BCFB-8D87FE1931EF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE</p><p>FirewallRules: [{99084588-B916-4479-B698-0655240A633B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe</p><p>FirewallRules: [{26382272-DAA2-48DD-B178-4DD81161AF85}] => (Allow) LPort=2869</p><p>FirewallRules: [{D23CCFC1-9A58-4AA0-9F5C-9DA8BBDDC82F}] => (Allow) LPort=1900</p><p>FirewallRules: [{52440BCD-2055-491A-844E-BA1692B111A1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe</p><p>FirewallRules: [{A1F6D2D8-9832-40C9-B51E-0CED17E52637}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe</p><p>FirewallRules: [{E814A6BA-BA12-498A-A7FE-113D4F8ACAB4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>FirewallRules: [TCP Query User{C01C11F8-DD14-4AF0-B711-D58FB599FA2A}C:\caed\sysaxftp\sysaxftp.exe] => (Allow) C:\caed\sysaxftp\sysaxftp.exe</p><p>FirewallRules: [UDP Query User{2A76E920-2F71-469B-8B7A-58D6363E46FB}C:\caed\sysaxftp\sysaxftp.exe] => (Allow) C:\caed\sysaxftp\sysaxftp.exe</p><p>FirewallRules: [TCP Query User{C32647DC-5C19-4399-84F0-6A38B2421020}C:\caed\caed.exe] => (Block) C:\caed\caed.exe</p><p>FirewallRules: [UDP Query User{0B86DEA1-32C6-42A7-A7E3-8FFE38012A6E}C:\caed\caed.exe] => (Block) C:\caed\caed.exe</p><p>FirewallRules: [{B69F7874-98C0-4A0A-8C39-A77A8DD6BCCD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{DFDC335D-12D4-4BC3-85B5-F7CFA104850E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [TCP Query User{41718F18-5BA2-4CFB-945A-4C5AF1C61266}C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe] => (Allow) C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe</p><p>FirewallRules: [UDP Query User{C674CD9D-FF72-4619-A33A-AC6C5553A302}C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe] => (Allow) C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe</p><p>FirewallRules: [{E1490EBA-957E-4827-AA10-CCC0E2952894}] => (Block) C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe</p><p>FirewallRules: [{92FACB84-684B-458B-851C-C80E91A75E44}] => (Block) C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe</p><p>FirewallRules: [{689FC7B7-3E68-4825-853B-8ECBD0041449}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{4D8BFF82-14C1-4D96-9955-6F7A6883DB7D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe</p><p>FirewallRules: [{2F4D7CB8-C43A-4925-BEA2-D56B44047C45}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe</p><p>FirewallRules: [{2BBB31B8-65E2-46BF-B26A-45D85E88DE86}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe</p><p>FirewallRules: [{8432D805-B98C-401B-8745-3F105FDCB1BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe</p><p>FirewallRules: [{3C5C949C-EDF3-4585-824E-1C761F9AE416}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe</p><p>FirewallRules: [{55AF1E2C-7803-4BF7-849C-2DA9B6FA6C34}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe</p><p>FirewallRules: [{C1AFA152-AB54-4DCA-A331-0E5BF68ED497}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe</p><p>FirewallRules: [{B4C135E1-9521-4BB8-A252-010F196919D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe</p><p>FirewallRules: [{66FEFDB8-2DE2-46A1-9698-75E1BD140C65}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe</p><p>FirewallRules: [{A7E09C4C-9474-4E1A-B9CE-857494C55499}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe</p><p>FirewallRules: [{2A734F0E-1B75-45F6-87BC-F5823980450E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe</p><p>FirewallRules: [{63A8D518-AAA4-4E11-A3B8-854855B37D3B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe</p><p>FirewallRules: [{4F661430-BD18-4B6D-88B5-EF0FE5BF9801}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe</p><p>FirewallRules: [{7CDC189B-8ACF-49BD-9B75-0DE24AC174B5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe</p><p>FirewallRules: [{8E6B222C-9963-46CC-A701-B484ED7B8948}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe</p><p>FirewallRules: [{8F378BDE-727D-4E9B-80B1-448C695C27C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe</p><p>FirewallRules: [{5002C86D-2906-4C1A-87C6-E895B699F18E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe</p><p>FirewallRules: [{29B7BE8F-4BE6-4DEC-B070-5D4B6F7752A8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe</p><p>FirewallRules: [{089FE6B1-7215-4478-8650-E73AB3D307F5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe</p><p></p><p>==================== Restore Points =========================</p><p></p><p>03-06-2016 14:08:58 Installed AVG 2016</p><p>03-06-2016 14:09:22 Installed AVG</p><p>05-06-2016 07:06:02 Checkpoint by HitmanPro</p><p>05-06-2016 07:08:51 Checkpoint by HitmanPro</p><p>05-06-2016 15:38:30 Checkpoint by HitmanPro</p><p>05-06-2016 15:40:28 Checkpoint by HitmanPro</p><p>05-06-2016 16:10:19 Checkpoint by HitmanPro</p><p>05-06-2016 16:12:09 Checkpoint by HitmanPro</p><p>06-06-2016 08:52:07 Windows Update</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (06/07/2016 07:30:33 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (06/06/2016 09:39:28 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (06/06/2016 08:30:35 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (06/06/2016 08:40:49 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (06/05/2016 07:57:13 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (06/05/2016 04:16:35 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (06/05/2016 04:12:26 PM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000260,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000281EDD0.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p>Error: (06/05/2016 04:12:26 PM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b98,(null),0,REG_BINARY,000000000CE4DE00.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}</p><p> Writer Name: MSSearch Service Writer</p><p> Writer Instance ID: {573a60e3-143a-4d34-9ca9-66e4834c2ff8}</p><p></p><p>Error: (06/05/2016 04:12:26 PM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000328,(null),0,REG_BINARY,0000000004C9E150.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {74a54f62-0583-4fc7-a14e-ba68ada1ff3d}</p><p></p><p>Error: (06/05/2016 04:12:26 PM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000858,(null),0,REG_BINARY,0000000004A6E280.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}</p><p> Writer Name: WMI Writer</p><p> Writer Instance ID: {e15da46d-5ca3-471a-9d3b-7995f14979f8}</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (06/07/2016 07:29:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The TinaKey service depends on the Parallel port driver service which failed to start because of the following error:</p><p>%%1058</p><p></p><p>Error: (06/06/2016 09:38:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The TinaKey service depends on the Parallel port driver service which failed to start because of the following error:</p><p>%%1058</p><p></p><p>Error: (06/06/2016 09:38:13 PM) (Source: BugCheck) (EventID: 1001) (User: )</p><p>Description: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003586180, 0x0000000000000007)C:\Windows\MEMORY.DMP060616-35209-01</p><p></p><p>Error: (06/06/2016 09:38:06 PM) (Source: EventLog) (EventID: 6008) (User: )</p><p>Description: The previous system shutdown at 9:34:02 PM on 06/06/2016 was unexpected.</p><p></p><p>Error: (06/06/2016 08:29:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The TinaKey service depends on the Parallel port driver service which failed to start because of the following error:</p><p>%%1058</p><p></p><p>Error: (06/06/2016 08:27:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )</p><p>Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:</p><p>%%1056</p><p></p><p>Error: (06/06/2016 08:26:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )</p><p>Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.</p><p></p><p>Error: (06/06/2016 08:26:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (06/06/2016 08:26:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The Nero Update service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (06/06/2016 08:26:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz</p><p>Percentage of memory in use: 31%</p><p>Total physical RAM: 12278.93 MB</p><p>Available physical RAM: 8472.2 MB</p><p>Total Virtual: 24556.04 MB</p><p>Available Virtual: 20290.77 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (Apps&System) (Fixed) (Total:353.15 GB) (Free:251.92 GB) NTFS</p><p>Drive d: (User Data) (Fixed) (Total:1493.58 GB) (Free:1416.99 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 1863 GB) (Disk ID: CB59CF0B)</p><p>Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)</p><p>Partition 2: (Active) - (Size=16.2 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=353.2 GB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=1493.6 GB) - (Type=OF Extended)</p><p></p><p>==================== End of Addition.txt ============================[/code]</p></blockquote><p></p>
[QUOTE="Kroum, post: 514080, member: 53157"] Thank you for the fast response. For some reason I cannot upload the files. I get an error message each time I attempt to do it. That's why I have to copy and paste their contents here. [code] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2016 Ran by Kroum (administrator) on KROUM-DELL (07-06-2016 08:00:46) Running from D:\Equipment\DellComputer\Tools\FarbarRecoveryScanTool Loaded Profiles: Kroum (Available Profiles: Kroum & Administrator) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AMD) C:\Windows\System32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (McAfee, Inc.) C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (2BrightSparks Pte Ltd) C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-22] (Realtek Semiconductor) HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] () HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 HKLM\...\Run: [TortoiseHgOverlayIconServer] => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [100616 2014-03-04] () HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd) HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-13] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-04-26] (cyberlink) HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-05-18] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-05-20] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] HKU\S-1-5-21-492438243-1724543470-1360378280-1000\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mstart.exe [40304 2014-10-14] (Citrix Online, a division of Citrix Systems, Inc.) HKU\S-1-5-21-492438243-1724543470-1360378280-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd) HKU\S-1-5-21-492438243-1724543470-1360378280-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.) HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) BootExecute: autocheck autochk * bootdelete CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{1434E7FE-0B90-4C48-8881-C7CC073C2B9D}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Internet Explorer: ================== HKU\S-1-5-21-492438243-1724543470-1360378280-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/23 SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = SearchScopes: HKU\S-1-5-21-492438243-1724543470-1360378280-1000 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-25] (Sun Microsystems, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation) DPF: HKLM-x32 {070DC617-E3B7-468B-A29C-D4E84FAE938C} hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\d99ufqj4.default-1453307276594 FF Homepage: hxxp://[URL="http://www.foxnews.com/"]www.foxnews.com/[/URL] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-25] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-492438243-1724543470-1360378280-1000: @citrixonline.com/appdetectorplugin -> D:\Users\Kroum\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-14] (Citrix Online) FF user.js: detected! => D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\5wjiogi6.stanimir\user.js [2013-04-23] FF SearchPlugin: D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\5wjiogi6.stanimir\searchplugins\avg-secure-search.xml [2013-09-28] FF Extension: DOM Inspector - D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\5wjiogi6.stanimir\Extensions\inspector@mozilla.org [2011-11-16] [not signed] FF Extension: Stylish - D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\5wjiogi6.stanimir\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2011-11-16] [not signed] FF Extension: Video DownloadHelper - D:\Users\Kroum\AppData\Roaming\Mozilla\Firefox\Profiles\d99ufqj4.default-1453307276594\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-02-26] [not signed] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-02-26] [not signed] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-02-26] [not signed] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06] FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird FF Extension: AVG E-mail Scanner - C:\Program Files (x86)\AVG\AVG2012\Thunderbird [2011-12-23] [not signed] Chrome: ======= CHR Profile: D:\Users\Kroum\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - D:\Users\Kroum\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-26] CHR Extension: (Google Search) - D:\Users\Kroum\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-26] CHR Extension: (Gmail) - D:\Users\Kroum\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-26] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-05-20] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5164800 2016-05-20] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080592 2016-05-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-05-20] (AVG Technologies CZ, s.r.o.) S3 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) S3 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [232944 2010-04-26] (CyberLink) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-06-05] (SurfRight B.V.) R2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [144008 2016-02-24] (McAfee, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.) S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1072296 2016-06-01] (Enigma Software Group USA, LLC.) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4803344 2016-06-01] (AVG Technologies CZ, s.r.o.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [279296 2016-05-17] (AVG Technologies CZ, s.r.o.) R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.) R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation) R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-06-01] (Enigma Software Group USA, LLC.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-01] () R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37456 2011-05-17] (Paragon Software Group) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-07] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.) S2 TinaKey; C:\Windows\SysWow64\Drivers\TinaKey.sys [9600 1998-08-10] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-06-01] (AVG Netherlands B.V.) R3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-07-10] (Jungo) R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-07-10] (Xilinx, Inc.) S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-07 07:30 - 2016-06-07 07:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5 2016-06-06 21:38 - 2016-06-06 21:38 - 00275224 _____ C:\Windows\Minidump\060616-35209-01.dmp 2016-06-06 21:37 - 2016-06-06 21:37 - 1432486808 _____ C:\Windows\MEMORY.DMP 2016-06-06 16:24 - 2016-06-07 08:00 - 00000000 ____D C:\FRST 2016-06-05 17:06 - 2016-06-05 17:06 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-06-05 17:02 - 2016-06-05 17:02 - 00000829 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2016-06-05 17:02 - 2016-06-05 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2016-06-05 16:12 - 2016-06-05 16:12 - 00019902 _____ C:\Windows\system32\.crusader 2016-06-05 13:27 - 2016-06-05 13:27 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance 2016-06-05 13:21 - 2016-06-05 13:21 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk 2016-06-05 13:21 - 2016-06-05 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2016-06-05 13:21 - 2016-06-01 15:12 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe 2016-06-05 13:21 - 2016-06-01 15:05 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll 2016-06-05 13:21 - 2016-06-01 15:05 - 00039696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll 2016-06-05 12:26 - 2016-06-05 12:26 - 00000000 ____D C:\ProgramData\ESET 2016-06-05 12:26 - 2016-06-05 12:26 - 00000000 ____D C:\Program Files\ESET 2016-06-05 09:12 - 2016-06-05 18:17 - 00000000 ____D C:\EEK 2016-06-05 07:23 - 2016-06-05 17:02 - 00000000 ____D C:\Program Files\RogueKiller 2016-06-05 07:23 - 2016-06-05 17:00 - 00000000 ____D C:\ProgramData\RogueKiller 2016-06-05 07:00 - 2016-06-05 16:12 - 00000000 ____D C:\ProgramData\HitmanPro 2016-06-05 07:00 - 2016-06-05 07:00 - 00001864 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2016-06-05 07:00 - 2016-06-05 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-06-05 07:00 - 2016-06-05 07:00 - 00000000 ____D C:\Program Files\HitmanPro 2016-06-04 23:35 - 2016-06-04 23:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-06-03 20:56 - 2016-06-03 20:56 - 00001945 _____ C:\Windows\epplauncher.mif 2016-06-03 20:55 - 2016-06-03 20:55 - 00002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2016-06-03 20:55 - 2016-06-03 20:55 - 00000000 ____D C:\Program Files\Microsoft Security Client 2016-06-03 20:55 - 2016-06-03 20:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2016-06-03 14:10 - 2016-06-03 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-06-03 14:10 - 2016-06-03 14:10 - 00000000 ____D C:\Program Files\Common Files\AV 2016-06-03 14:08 - 2016-06-03 14:08 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk 2016-06-03 14:08 - 2016-06-03 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-06-03 09:00 - 2016-06-03 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-06-03 09:00 - 2016-06-03 09:00 - 00000000 ____D C:\Program Files\7-Zip 2016-06-03 08:24 - 2016-06-07 07:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-03 08:24 - 2016-06-04 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-06-03 08:23 - 2016-06-05 06:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-06-03 08:23 - 2016-06-03 08:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-06-03 08:23 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-06-03 08:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-06-03 08:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-06-03 08:20 - 2016-06-03 08:20 - 00000000 ____D C:\KVRT_Data 2016-06-03 07:56 - 2016-06-03 07:56 - 00000000 ____D C:\Windows\pss 2016-06-01 20:11 - 2016-06-01 20:11 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-06-01 18:29 - 2016-06-01 21:02 - 00000000 ____D C:\Program Files\Enigma Software Group 2016-06-01 18:29 - 2016-06-01 18:29 - 00000000 ____D C:\sh4ldr 2016-06-01 18:29 - 2016-06-01 18:29 - 00000000 _____ C:\autoexec.bat 2016-05-24 23:02 - 2016-05-24 23:02 - 00002829 _____ C:\Windows\diagerr.xml 2016-05-24 23:02 - 2016-05-24 23:02 - 00001908 _____ C:\Windows\diagwrn.xml 2016-05-18 12:13 - 2016-05-18 12:13 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2016-05-17 10:50 - 2016-05-17 10:50 - 00279296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2016-05-12 22:01 - 2016-05-12 22:01 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2016-05-11 07:26 - 2016-04-23 13:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-11 07:26 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-11 07:26 - 2016-04-23 01:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-11 07:26 - 2016-04-23 01:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-11 07:26 - 2016-04-23 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-11 07:26 - 2016-04-23 01:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-11 07:26 - 2016-04-23 01:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-11 07:26 - 2016-04-23 01:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-11 07:26 - 2016-04-23 01:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-11 07:26 - 2016-04-23 01:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-11 07:26 - 2016-04-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-11 07:26 - 2016-04-23 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-11 07:26 - 2016-04-23 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-11 07:26 - 2016-04-23 00:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-11 07:26 - 2016-04-23 00:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-11 07:26 - 2016-04-23 00:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-11 07:26 - 2016-04-23 00:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-11 07:26 - 2016-04-23 00:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-11 07:26 - 2016-04-23 00:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-11 07:26 - 2016-04-23 00:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-11 07:26 - 2016-04-23 00:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-11 07:26 - 2016-04-23 00:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-11 07:26 - 2016-04-23 00:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-11 07:26 - 2016-04-23 00:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-11 07:26 - 2016-04-23 00:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-11 07:26 - 2016-04-23 00:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-11 07:26 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-11 07:26 - 2016-04-23 00:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-11 07:26 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-11 07:26 - 2016-04-23 00:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-11 07:26 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-11 07:26 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-11 07:26 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-11 07:26 - 2016-04-23 00:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-11 07:26 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-11 07:26 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-11 07:26 - 2016-04-23 00:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-11 07:26 - 2016-04-23 00:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-11 07:26 - 2016-04-23 00:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-11 07:26 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-11 07:26 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-11 07:26 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-11 07:26 - 2016-04-23 00:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-11 07:26 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-11 07:26 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-11 07:26 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-11 07:26 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-11 07:26 - 2016-04-22 23:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-11 07:26 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-11 07:26 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-11 07:26 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-11 07:26 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-11 07:26 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-11 07:26 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-11 07:26 - 2016-04-22 23:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-11 07:26 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-11 07:26 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-11 07:26 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-11 07:26 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-11 07:26 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-11 07:26 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-11 07:26 - 2016-04-22 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-11 07:26 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-11 07:26 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-11 07:26 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-11 07:26 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-11 07:26 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-11 07:26 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-11 07:26 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-11 07:26 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-11 07:26 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-11 07:26 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-11 07:26 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-11 07:26 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-11 07:26 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-11 07:26 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-11 07:26 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-11 07:26 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-11 07:26 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-11 07:26 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-11 07:26 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-11 07:26 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-11 07:26 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-11 07:26 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-11 07:26 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-11 07:26 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-11 07:26 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-11 07:26 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-11 07:26 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-11 07:26 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-11 07:26 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-11 07:26 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-11 07:26 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-11 07:26 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-11 07:26 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-11 07:26 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-11 07:26 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-11 07:26 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-11 07:26 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-11 07:26 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-11 07:26 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-05-11 07:26 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-11 07:26 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-07 08:01 - 2012-04-01 08:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-06-07 07:51 - 2014-10-14 12:23 - 00000538 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-492438243-1724543470-1360378280-1000.job 2016-06-07 07:50 - 2012-01-29 17:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-07 07:38 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-07 07:38 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-07 07:30 - 2011-11-02 12:14 - 00000000 ____D C:\ProgramData\MFAData 2016-06-07 07:29 - 2012-01-29 17:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-07 07:29 - 2011-11-16 11:10 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2016-06-07 07:29 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-07 00:08 - 2014-12-24 10:52 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-06-06 23:09 - 2015-05-29 23:31 - 00000634 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-492438243-1724543470-1360378280-1000.job 2016-06-06 21:38 - 2014-10-22 18:26 - 00000000 ____D C:\Windows\Minidump 2016-06-06 12:33 - 2016-03-27 16:57 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2016-06-05 13:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2016-06-04 17:47 - 2011-11-16 03:36 - 00000000 ____D D:\Users\Kroum 2016-06-03 14:09 - 2011-11-13 13:01 - 00000000 ___HD C:\$AVG 2016-06-03 14:09 - 2011-11-02 12:17 - 00000000 ____D C:\Program Files (x86)\AVG 2016-06-03 14:08 - 2015-01-25 11:04 - 00000000 ____D C:\ProgramData\AVG 2016-06-03 12:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Branding 2016-06-03 09:35 - 2011-11-04 18:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-06-03 09:20 - 2011-10-25 20:32 - 00000000 ____D C:\Program Files (x86)\Nero 2016-06-03 09:19 - 2011-10-25 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2016-06-03 08:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-06-02 14:53 - 2016-03-25 14:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-06-01 21:14 - 2013-03-28 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAED 2016-05-28 21:17 - 2011-11-16 09:32 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-28 21:17 - 2011-11-16 09:32 - 00000000 ____D C:\ProgramData\Skype 2016-05-26 00:29 - 2015-04-05 00:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-05-26 00:29 - 2015-04-05 00:33 - 00000000 ___SD C:\Windows\system32\GWX 2016-05-25 10:47 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-24 23:01 - 2015-08-18 11:37 - 00000000 ____D C:\Windows\Panther 2016-05-20 06:31 - 2009-07-14 00:45 - 00441776 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-19 21:50 - 2015-05-29 23:31 - 00003668 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-492438243-1724543470-1360378280-1000 2016-05-19 21:50 - 2014-10-14 12:23 - 00003572 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-492438243-1724543470-1360378280-1000 2016-05-14 07:43 - 2009-07-14 01:08 - 00032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-05-13 19:12 - 2016-02-27 18:22 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-05-13 19:12 - 2016-02-27 18:22 - 00000970 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2016-05-12 23:42 - 2014-12-11 08:11 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-12 22:01 - 2012-04-01 08:23 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-12 22:01 - 2012-04-01 08:23 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-12 22:01 - 2011-10-25 19:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-12 12:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2016-05-12 07:40 - 2010-11-21 03:16 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-12 00:05 - 2013-08-14 08:46 - 00000000 ____D C:\Windows\system32\MRT 2016-05-11 23:57 - 2011-11-07 08:38 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-10 17:45 - 2012-01-29 17:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-10 17:45 - 2012-01-29 17:26 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2016-02-25 15:41 - 2016-02-25 15:41 - 0002811 _____ () D:\Users\Kroum\AppData\Local\recently-used.xbel 2014-11-30 15:01 - 2016-04-29 20:09 - 0034133 _____ () C:\ProgramData\RulesDecks.xml ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-28 10:04 Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-06-2016 Ran by Kroum (2016-06-07 08:01:26) Running from D:\Equipment\DellComputer\Tools\FarbarRecoveryScanTool Windows 7 Ultimate Service Pack 1 (X64) (2011-11-02 14:32:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-492438243-1724543470-1360378280-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-492438243-1724543470-1360378280-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-492438243-1724543470-1360378280-1002 - Limited - Enabled) Kroum (S-1-5-21-492438243-1724543470-1360378280-1000 - Administrator - Enabled) => D:\Users\Kroum ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ArcGIS Engine Runtime 10 (HKLM-x32\...\ArcGIS Engine Runtime 10) (Version: 10.0.3600 - Environmental Systems Research Institute, Inc.) ArcGIS Engine Runtime 10 (x32 Version: 10.0.3600 - Environmental Systems Research Institute, Inc.) Hidden ArcGIS Engine Runtime 10 Service Pack 3 (HKLM-x32\...\ArcGIS Engine Runtime 10 SP3) (Version: - Environmental Systems Research Institute, Inc.) ATI AVIVO64 Codecs (Version: 11.6.0.10419 - ATI Technologies Inc.) Hidden Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd) AVG (HKLM\...\AvgZen) (Version: 1.61.2.12974 - AVG Technologies) AVG (Version: 16.81.7639 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4598 - AVG Technologies) Hidden AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.42.2.18804 - AVG Technologies) AVG PC TuneUp (x32 Version: 16.42.6 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.81.7639 - AVG Technologies) AVG Zen (Version: 1.61.9 - AVG Technologies) Hidden Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.) Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.) Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.) CAED 2016 (HKLM-x32\...\{93ADDCD7-52C0-4FA8-B427-C8C939F15F10}) (Version: 16.00.0000 - Statistics Canada) calibre (HKLM-x32\...\{2C12982F-E11A-40C8-96AF-68424A18BBD0}) (Version: 2.46.0 - Kovid Goyal) Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform) Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix) Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.) Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects) CSAZ 2.2 (HKLM-x32\...\CSAZ_is1) (Version: - Geometrics, Inc) CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.0.2829 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft) Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell) Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.) Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden Diagram Designer (HKLM-x32\...\Diagram Designer) (Version: - ) Digilent Software (HKLM-x32\...\Digilent Software) (Version: 1.0.198 - Digilent, Inc.) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.) FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse) FMW 1 (Version: 1.92.4 - AVG Technologies) Hidden Geosoft Oasis montaj Viewer (HKLM-x32\...\{A5E91190-FFD4-4B8F-9F9F-5B1AA758BC69}) (Version: 7.5.0 - Geosoft) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - ) GoToMeeting 7.18.0.4962 (HKU\S-1-5-21-492438243-1724543470-1360378280-1000\...\GoToMeeting) (Version: 7.18.0.4962 - CitrixOnline) High-Definition Video Playback (x32 Version: 7.3.10000.0.0 - Nero AG) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Mega Codec Pack 11.9.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.6 - KLCP) Kobo (HKLM-x32\...\Kobo) (Version: /Qt-5.2.0 - Kobo Inc.) lcc-win version 1.2 (base 64 bit system) (HKLM-x32\...\lcc-win (64 bit system)_is1) (Version: - Logiciels/Informatique, Jacob Navia) LibreOffice 5.1.0.3 (HKLM-x32\...\{2F75F86D-8362-4F49-9536-D87DCBF6ABAE}) (Version: 5.1.0.3 - The Document Foundation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-492438243-1724543470-1360378280-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x64 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) Mozilla Thunderbird 38.7.2 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 en-US)) (Version: 38.7.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team) Paragon Partition Manager™ 11 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software) PCBWeb Designer 2.4.56.1 (HKLM-x32\...\{DE8DDC76-87AF-408C-9763-D87E666EE3E7}_is1) (Version: 2.4.56.1 - Silicon Frameworks, LLC) PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.) RegHunter (HKLM-x32\...\RegHunter) (Version: 2.0.24.1985 - Enigma Software Group, LLC) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden SA Dictionary 2008 Beta 4 (HKLM-x32\...\{055A5AF0-9FEB-440D-B00A-18935C7C171C}) (Version: 6.6.12 - Stefan Angelov) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.22.8.4668 - Enigma Software Group, LLC) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.3.13.0 - 2BrightSparks) SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer) THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited) Tina Pro for Windows (HKLM-x32\...\Tina Pro for Windows) (Version: - ) TortoiseHg 2.11.1 (x64) (HKLM\...\{A0A48C39-F6D7-4827-B815-C96A24AD6349}) (Version: 2.11.1 - Steve Borho and others) TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (05/11/2012 7.12.0.7708) (HKLM\...\F08FBE1E25E15082FAFBE06F7EA2E391D8C542F4) (Version: 05/11/2012 7.12.0.7708 - Advanced Micro Devices) Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (07/27/2012 8.982.0.0000) (HKLM\...\72F27401C8967C21EE2D72B6A8A5B5FCEE8808FE) (Version: 07/27/2012 8.982.0.0000 - Advanced Micro Devices, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation) WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software) WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) Xilinx Design Tools (C:\Xilinx\14.2\ISE_DS) (HKLM\...\Xilinx Design Tools) (Version: - Xilinx, Inc.) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-492438243-1724543470-1360378280-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {075A1230-4E80-4912-8FAE-7D635E0F387D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {105DB941-92A3-473E-AADD-D237B7A874B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd) Task: {113C6A13-2051-4A22-B4CC-D52BE89B0A32} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.) Task: {176A7550-57FF-4D10-97DF-1FBB6DF93FCC} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {212A1FEE-0F6A-4E55-BB65-AD1D934F73DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {25BCB300-C93A-497F-BBB2-77683D9D1A45} - System32\Tasks\2BrightSparks\SyncBackFree\Kroum-Dell-Kroum\SyncBackFree User Data Backup => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2013-02-25] (2BrightSparks Pte Ltd) Task: {40390A01-E967-468F-8D10-C4AB360CE536} - System32\Tasks\2BrightSparks\SyncBackFree\Kroum-Dell-Kroum\SyncBackFree => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2013-02-25] (2BrightSparks Pte Ltd) Task: {5582DA29-EB57-4CBC-AD49-5EE9F39C4714} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-06-01] (AVG Technologies CZ, s.r.o.) Task: {65F7A7F2-605A-44D5-94E8-4984BFD8F584} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {74522264-DB1F-47A2-8A17-E45BB1195267} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.) Task: {76980C2D-5027-44E7-BAE6-9CFD72B8CF07} - System32\Tasks\{06C9F9EC-B176-4DA2-AA68-80EF97A1A508} => pcalua.exe -a D:\Users\Kroum\Downloads\Xilinx\10.1\webpack\setup.exe -d D:\Users\Kroum\Downloads\Xilinx\10.1\webpack Task: {85C5484D-FE00-4CA7-933B-7A815BA717D9} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-02-19] () Task: {87258C4F-368B-41CA-85C0-B0DE073071B7} - System32\Tasks\{170B9C74-E0EE-4D53-8AE4-BD317E97F5FF} => pcalua.exe -a D:\Users\Kroum\Downloads\Kobo\ADE_2.0_Installer.exe -d D:\Users\Kroum\Downloads\Kobo Task: {88C0BAEB-5643-4336-9FBB-3DCB77B9FC36} - System32\Tasks\G2MUploadTask-S-1-5-21-492438243-1724543470-1360378280-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4962\g2mupload.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.) Task: {9BEA69BB-178C-49A6-928E-5F4C2F7058DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {CBE0C294-4CAB-4ADD-9623-56860310E19B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {D60E3901-4052-4C24-AA82-DEC968652EB7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.) Task: {DAD34E8A-ADED-4CDD-9CE8-D73653C45A30} - System32\Tasks\{E52CE833-C166-4604-82C4-18C40FF7BD6D} => Firefox.exe hxxp://[URL="http://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.124&LastError=12002"]www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.124&LastError=12002[/URL] Task: {DDD95794-429E-446F-923B-65AD681209D2} - System32\Tasks\G2MUpdateTask-S-1-5-21-492438243-1724543470-1360378280-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4962\g2mupdate.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.) Task: {E220AC8E-DE5A-4744-B4B9-5F201B2CA10A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-492438243-1724543470-1360378280-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4962\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-492438243-1724543470-1360378280-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4962\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Public\Desktop\Vivado 2012.2.lnk -> C:\Xilinx\Vivado\2012.2\bin\vivado.bat () Shortcut: C:\Users\Public\Desktop\Vivado HLS 2012.2.lnk -> C:\Xilinx\Vivado_HLS\2012.2\bin\vivado_hls.bat () Shortcut: C:\Users\Public\Desktop\Xilinx PlanAhead 14.2.lnk -> C:\Xilinx\14.2\ISE_DS\PlanAhead\bin\planAhead.bat () ==================== Loaded Modules (Whitelisted) ============== 2011-11-18 04:22 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll 2015-03-02 10:43 - 2015-03-02 10:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-03-04 09:15 - 2014-03-04 09:15 - 00100616 _____ () C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe 2012-10-27 09:28 - 2012-10-27 09:28 - 00128512 _____ () C:\Program Files\TortoiseHg\win32api.pyd 2012-10-27 09:27 - 2012-10-27 09:27 - 00137728 _____ () C:\Program Files\TortoiseHg\pywintypes27.dll 2012-10-27 09:28 - 2012-10-27 09:28 - 00223232 _____ () C:\Program Files\TortoiseHg\win32gui.pyd 2012-10-27 09:27 - 2012-10-27 09:27 - 00027648 _____ () C:\Program Files\TortoiseHg\win32pipe.pyd 2012-10-27 09:27 - 2012-10-27 09:27 - 00023040 _____ () C:\Program Files\TortoiseHg\win32event.pyd 2012-10-27 09:27 - 2012-10-27 09:27 - 00149504 _____ () C:\Program Files\TortoiseHg\win32file.pyd 2012-10-27 09:28 - 2012-10-27 09:28 - 00136192 _____ () C:\Program Files\TortoiseHg\win32security.pyd 2013-11-10 20:24 - 2013-11-10 20:24 - 00111616 _____ () C:\Program Files\TortoiseHg\_ctypes.pyd 2014-03-04 09:13 - 2014-03-04 09:13 - 00010752 _____ () C:\Program Files\TortoiseHg\mercurial.osutil.pyd 2012-10-27 09:27 - 2012-10-27 09:27 - 00044032 _____ () C:\Program Files\TortoiseHg\win32process.pyd 2012-10-27 09:29 - 2012-10-27 09:29 - 00503808 _____ () C:\Program Files\TortoiseHg\pythoncom27.dll 2012-10-27 09:31 - 2012-10-27 09:31 - 00438784 _____ () C:\Program Files\TortoiseHg\win32com.shell.shell.pyd 2016-05-12 22:01 - 2016-05-12 22:01 - 26774720 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll 2016-06-03 14:07 - 2016-06-03 14:06 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll 2016-05-12 08:59 - 2016-05-12 08:59 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll 2011-10-25 20:01 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2016-04-29 18:36 - 2016-04-02 23:20 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2016-04-29 18:36 - 2016-04-02 23:20 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2016-03-05 13:31 - 00000834 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-492438243-1724543470-1360378280-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [{A2A8A11B-6FAD-43CC-A90F-91EE99B5A635}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe FirewallRules: [{35DD1A6B-A351-4C58-A03E-BE85DC7765B3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{1C6C4C01-50EA-438E-BCFB-8D87FE1931EF}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [{99084588-B916-4479-B698-0655240A633B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{26382272-DAA2-48DD-B178-4DD81161AF85}] => (Allow) LPort=2869 FirewallRules: [{D23CCFC1-9A58-4AA0-9F5C-9DA8BBDDC82F}] => (Allow) LPort=1900 FirewallRules: [{52440BCD-2055-491A-844E-BA1692B111A1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{A1F6D2D8-9832-40C9-B51E-0CED17E52637}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{E814A6BA-BA12-498A-A7FE-113D4F8ACAB4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{C01C11F8-DD14-4AF0-B711-D58FB599FA2A}C:\caed\sysaxftp\sysaxftp.exe] => (Allow) C:\caed\sysaxftp\sysaxftp.exe FirewallRules: [UDP Query User{2A76E920-2F71-469B-8B7A-58D6363E46FB}C:\caed\sysaxftp\sysaxftp.exe] => (Allow) C:\caed\sysaxftp\sysaxftp.exe FirewallRules: [TCP Query User{C32647DC-5C19-4399-84F0-6A38B2421020}C:\caed\caed.exe] => (Block) C:\caed\caed.exe FirewallRules: [UDP Query User{0B86DEA1-32C6-42A7-A7E3-8FFE38012A6E}C:\caed\caed.exe] => (Block) C:\caed\caed.exe FirewallRules: [{B69F7874-98C0-4A0A-8C39-A77A8DD6BCCD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DFDC335D-12D4-4BC3-85B5-F7CFA104850E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{41718F18-5BA2-4CFB-945A-4C5AF1C61266}C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe] => (Allow) C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe FirewallRules: [UDP Query User{C674CD9D-FF72-4619-A33A-AC6C5553A302}C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe] => (Allow) C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe FirewallRules: [{E1490EBA-957E-4827-AA10-CCC0E2952894}] => (Block) C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe FirewallRules: [{92FACB84-684B-458B-851C-C80E91A75E44}] => (Block) C:\xilinx\14.2\ise_ds\ise\bin\nt64\_fpga_editor.exe FirewallRules: [{689FC7B7-3E68-4825-853B-8ECBD0041449}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{4D8BFF82-14C1-4D96-9955-6F7A6883DB7D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{2F4D7CB8-C43A-4925-BEA2-D56B44047C45}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{2BBB31B8-65E2-46BF-B26A-45D85E88DE86}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{8432D805-B98C-401B-8745-3F105FDCB1BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3C5C949C-EDF3-4585-824E-1C761F9AE416}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{55AF1E2C-7803-4BF7-849C-2DA9B6FA6C34}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C1AFA152-AB54-4DCA-A331-0E5BF68ED497}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B4C135E1-9521-4BB8-A252-010F196919D4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{66FEFDB8-2DE2-46A1-9698-75E1BD140C65}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A7E09C4C-9474-4E1A-B9CE-857494C55499}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{2A734F0E-1B75-45F6-87BC-F5823980450E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{63A8D518-AAA4-4E11-A3B8-854855B37D3B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{4F661430-BD18-4B6D-88B5-EF0FE5BF9801}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{7CDC189B-8ACF-49BD-9B75-0DE24AC174B5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{8E6B222C-9963-46CC-A701-B484ED7B8948}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{8F378BDE-727D-4E9B-80B1-448C695C27C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{5002C86D-2906-4C1A-87C6-E895B699F18E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{29B7BE8F-4BE6-4DEC-B070-5D4B6F7752A8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{089FE6B1-7215-4478-8650-E73AB3D307F5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe ==================== Restore Points ========================= 03-06-2016 14:08:58 Installed AVG 2016 03-06-2016 14:09:22 Installed AVG 05-06-2016 07:06:02 Checkpoint by HitmanPro 05-06-2016 07:08:51 Checkpoint by HitmanPro 05-06-2016 15:38:30 Checkpoint by HitmanPro 05-06-2016 15:40:28 Checkpoint by HitmanPro 05-06-2016 16:10:19 Checkpoint by HitmanPro 05-06-2016 16:12:09 Checkpoint by HitmanPro 06-06-2016 08:52:07 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/07/2016 07:30:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/06/2016 09:39:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/06/2016 08:30:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/06/2016 08:40:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/05/2016 07:57:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/05/2016 04:16:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/05/2016 04:12:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000260,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000281EDD0.72). hr = 0x80070005, Access is denied. . Error: (06/05/2016 04:12:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b98,(null),0,REG_BINARY,000000000CE4DE00.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {573a60e3-143a-4d34-9ca9-66e4834c2ff8} Error: (06/05/2016 04:12:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000328,(null),0,REG_BINARY,0000000004C9E150.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {74a54f62-0583-4fc7-a14e-ba68ada1ff3d} Error: (06/05/2016 04:12:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000858,(null),0,REG_BINARY,0000000004A6E280.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {e15da46d-5ca3-471a-9d3b-7995f14979f8} System errors: ============= Error: (06/07/2016 07:29:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The TinaKey service depends on the Parallel port driver service which failed to start because of the following error: %%1058 Error: (06/06/2016 09:38:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The TinaKey service depends on the Parallel port driver service which failed to start because of the following error: %%1058 Error: (06/06/2016 09:38:13 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff88003586180, 0x0000000000000007)C:\Windows\MEMORY.DMP060616-35209-01 Error: (06/06/2016 09:38:06 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:34:02 PM on 06/06/2016 was unexpected. Error: (06/06/2016 08:29:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The TinaKey service depends on the Parallel port driver service which failed to start because of the following error: %%1058 Error: (06/06/2016 08:27:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (06/06/2016 08:26:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/06/2016 08:26:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s). Error: (06/06/2016 08:26:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Nero Update service terminated unexpectedly. It has done this 1 time(s). Error: (06/06/2016 08:26:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz Percentage of memory in use: 31% Total physical RAM: 12278.93 MB Available physical RAM: 8472.2 MB Total Virtual: 24556.04 MB Available Virtual: 20290.77 MB ==================== Drives ================================ Drive c: (Apps&System) (Fixed) (Total:353.15 GB) (Free:251.92 GB) NTFS Drive d: (User Data) (Fixed) (Total:1493.58 GB) (Free:1416.99 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: CB59CF0B) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=16.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=353.2 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1493.6 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================[/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top