cestmoi1337

I tried but I get a page that says "This account has been suspended". Please advise

Hi Maurice, I've reset the setting in my browser and after that, I've successfully completed some searches and accessed the links without any problem. Thank you so much. If I see those annoying pages again I'll let you know. Thanks for your help!

Done. Deleted the mentioned.

Hello guys, I'm using a laptop computer running Windows 7 SP1 64bit. I use Chrome as a browser. Lately, most of the time a try to access a link from a search result, it takes me to a page displaying a gray screen with some cryptic message saying that my computer is infected and advising me to call a number to have it fixed, all this while making a horrendous loud beep. The screens vary but most say SYSTEM SHUTDOWN CALL SUPPORT... It takes several clicks to make it go away. Next time I try the same link it works just fine. I ran MalwareBytes free and Spybot Search & Destroy and had a few things removed but the problem persists. I have not noted any other problem. Thanks in advance for your help. The FRST.txt file is this: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-07-2016 03 Ran by grevolorio (administrator) on TRMDU2 (18-07-2016 11:05:54) Running from C:\Users\grevolorio.trmdu2\Desktop Loaded Profiles: grevolorio & (Available Profiles: grevolorio & DefaultAppPool) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe (Stardock Corporation) F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WindowFXSRV.exe () F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\wfx32.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe (hMailServer) F:\Program Files (x86)\hMailServer\Bin\hMailServer.exe () F:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (AVG Technologies) F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (AVG Technologies) F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe () C:\Program Files\Synergy\synergyd.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ZabKat) C:\Program Files\zabkat\xplorer2\xplorer2_64.exe () C:\Program Files (x86)\Calibre2\calibre.exe () C:\Program Files (x86)\Calibre2\calibre-parallel.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Apple Inc.) C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe () C:\Program Files\Synergy\synergy.exe (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\Synergy\synergys.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] () HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [AttendeeCommunicator] => C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe [12007776 2016-03-14] (Microsoft Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [164152 2016-06-01] (Apple Inc.) Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X] Winlogon\Notify\MCPClient: C:\Program Files (x86)\Common Files\stardock\MCPStub.dll [2005-01-31] (Stardock) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe -update activex HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b93f89d9-224a-11e0-afff-f04da264333e} - E:\setup.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinSnap] => C:\Program Files\WinSnap\WinSnap64.exe [3874432 2013-06-18] (NTWind Software) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent Sync] => F:\Program Files (x86)\BitTorrent Sync\BTSync.exe [5514592 2015-06-30] (BitTorrent, Inc.) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Workrave] => F:\Program Files (x86)\Workrave\lib\workrave.exe [4480000 2013-01-13] (The Workrave development team) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [HideLogonScripts] 1 HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\MountPoints2: {6e07364a-5ca0-11e5-8a8f-0002761ce121} - E:\Setup.exe HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\MountPoints2: {bcc773c2-50b0-11e0-b28d-b7985eaf7599} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6e07364a-5ca0-11e5-8a8f-0002761ce121} - E:\Setup.exe HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bcc773c2-50b0-11e0-b28d-b7985eaf7599} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe -update activex HKU\S-1-5-18\...\MountPoints2: {b93f89d9-224a-11e0-afff-f04da264333e} - E:\setup.exe Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files (x86)\Common Files\stardock\MCPCore.dll (Stardock) SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %SystemRoot%\system32\stobject.dll (Microsoft Corporation) SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [!BTSync2.0.128Done] -> {581FFA04-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [!BTSync2.0.128RO] -> {581FFA03-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [!BTSync2.0.128RW] -> {581FFA02-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128Done] -> {581FFA04-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128RO] -> {581FFA03-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128RW] -> {581FFA02-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC-2-DB.lnk [2015-09-27] ShortcutTarget: DC-2-DB.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC-3-SP.lnk [2015-09-27] ShortcutTarget: DC-3-SP.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC_1.lnk [2015-09-27] ShortcutTarget: DC_1.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Synergy.lnk [2016-03-22] ShortcutTarget: Synergy.lnk -> C:\Windows\Installer\{68C1AA13-4370-4761-B53F-1862C2CE26CB}\synergy.ico (No File) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk [2016-07-11] ShortcutTarget: BHODemon 2.0.lnk -> C:\Program Files (x86)\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calibre - E-book management.lnk [2015-06-19] ShortcutTarget: calibre - E-book management.lnk -> C:\Program Files (x86)\Calibre2\calibre.exe () Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-02] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk [2016-07-11] ShortcutTarget: BHODemon 2.0.lnk -> C:\Program Files (x86)\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calibre - E-book management.lnk [2015-06-19] ShortcutTarget: calibre - E-book management.lnk -> C:\Program Files (x86)\Calibre2\calibre.exe () Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-02] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03}: [NameServer] 75.75.75.75 Tcpip\..\Interfaces\{2E7C3C01-490F-4425-84AD-AFDD0E4D2B58}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{5AFE6685-1C35-46C8-A029-662B58E9021D}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{64CC2F48-277C-4B3F-B096-F134D5C26275}: [NameServer] 192.168.0.1,75.75.76.76 Tcpip\..\Interfaces\{75F23FE3-1277-4A15-B393-F09B6F2535B6}: [NameServer] 192.168.0.100 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1085031214-796845957-725345543-2791\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {15261C5A-E2D7-42B4-AE84-D92AE430C800} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {15261C5A-E2D7-42B4-AE84-D92AE430C800} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-outbrowse/search/redirect/?type=default&user_id=f4948b29-18ba-4e54-80f2-876cde2854e2&query={searchTerms} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2791 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-10] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-11] (LastPass) BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-10] (Oracle Corporation) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-06-19] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-25] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-11] (LastPass) BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.) BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-25] (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-11] (LastPass) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-06-19] (Siber Systems Inc.) Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-11] (LastPass) Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) IE Session Restore: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled. IE Session Restore: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009 -> is enabled. IE Session Restore: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled. DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default FF DefaultSearchEngine.US: Google FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> F:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> F:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-10] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-11] (LastPass) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-11] (LastPass) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-08-25] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-08-25] (NVIDIA Corporation) FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-08-13] (MediaMall Technologies, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\grevolorio\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-11] (Citrix Online) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: LWAPlugin15.8 -> C:\Users\grevolorio\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-09-18] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom) FF user.js: detected! => C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\user.js [2015-06-16] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2014-11-19] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginAOC.dll [2016-03-14] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Disconnect - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\2.0@disconnect.me.xpi [2015-06-16] FF Extension: Flashblock - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-05-06] FF Extension: Turn Off the Lights - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\stefanvandamme@stefanvd.net.xpi [2016-05-06] FF Extension: LastPass - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\support@lastpass.com [2016-05-06] FF Extension: Amazon Price Tracker - Keepa.com - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\amptra@keepa.com.xpi [2016-05-06] FF Extension: PriceZombie, Price Tracker & Price Comparison - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\jid1-a36dFT994VgKDA@jetpack.xpi [2015-10-08] FF Extension: PlayOn - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\playonplugin@playon.tv [2015-06-24] [not signed] FF Extension: Video DownloadHelper - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30] FF Extension: Adblock Plus - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-22] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afproxy@anchorfree.com [2015-09-23] [not signed] FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-09-23] [not signed] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2015-09-23] [not signed] FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-12-06] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-06-19] [not signed] FF HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR DefaultSearchKeyword: Default -> lp CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11] CHR Extension: (Entanglement Web App) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-11] CHR Extension: (SearchReportRecordResult Class) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-09-16] [UpdateUrl: hxxps://clients2.google/service/cnhpbmgmfaaapmaoibgdmapbjfofolig] <==== ATTENTION CHR Extension: (Google Docs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11] CHR Extension: (Send to OneNote) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokbjibjnekbfdjilfpoknnokaffoinp [2015-07-01] CHR Extension: (Google Drive) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (Turn Off the Lights) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-06-24] CHR Extension: (YouTube) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Honey) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-07-15] CHR Extension: (Adblock Plus) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-01] CHR Extension: (Incognito-Filter) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifilbmpnkjinlkchohdfcpdkmpngiik [2015-06-11] CHR Extension: (Google Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Tampermonkey) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-16] CHR Extension: (Unlimited Hotspot Tethering) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\diddhabdhahhfajjfgepdlanilmdnogk [2015-06-24] CHR Extension: (Facebook Disconnect) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2015-06-11] CHR Extension: (Photo Zoom for Facebook) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-06-11] CHR Extension: (Google Sheets) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11] CHR Extension: (Chrome Remote Desktop) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-13] CHR Extension: (Google Docs Offline) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22] CHR Extension: (Close all Tabs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcmiphoepcihlmphakgmpapfpldlleg [2015-06-11] CHR Extension: (AdBlock) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-11] CHR Extension: (Pin It Button) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-26] CHR Extension: (TinEye Reverse Image Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-06-11] CHR Extension: (LastPass: Free Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-07-15] CHR Extension: (SuperSorter) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2015-06-11] CHR Extension: (Google Keep - notes and lists) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-07-13] CHR Extension: (Google Theme) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne [2015-06-11] CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2016-03-22] CHR Extension: (Cisco WebEx Extension) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-06-11] CHR Extension: (Speed Dial 2) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-01] CHR Extension: (Reddit Enhancement Suite) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-22] CHR Extension: (The Great Suspender) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-11-02] CHR Extension: (Roomy Bookmarks Toolbar) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfbpoigddhdibjcilijiejaidggonfc [2015-08-28] CHR Extension: (Evernote Web) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-06-11] CHR Extension: (Instapaper) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh [2016-03-04] CHR Extension: (Facebook Ads Hider) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\leeebdddeggoocipdjiokmjcpidnmoah [2015-06-11] CHR Extension: (Unicorn Smasher) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmeekapjbfjachdkgabdaoccfclpaa [2016-06-17] CHR Extension: (PlayOn) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2015-09-15] CHR Extension: (Poppit!) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-06-11] CHR Extension: (Ghostery) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-03-04] CHR Extension: (SharePoint Fix) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc [2015-11-02] CHR Extension: (deviantART muro) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2015-06-11] CHR Extension: (Save to Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-07-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-28] CHR Extension: (Hover Zoom) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2016-06-01] CHR Extension: (Evernote Web Clipper) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-07-01] CHR Extension: (Gmail) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11] CHR Extension: (Privacy Badger) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-06-01] CHR Extension: (RSS Feed Reader) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-07-11] CHR Extension: (RoboForm Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-03-22] CHR Profile: C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-01] CHR Extension: (Google Docs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-01] CHR Extension: (Google Drive) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-01] CHR Extension: (YouTube) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-01] CHR Extension: (Google Sheets) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-01] CHR Extension: (Chrome Remote Desktop) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-06-01] CHR Extension: (20 Cubed) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\geghmabifcdlkmpnkapfefbbfaonhcef [2016-06-01] CHR Extension: (Google Docs Offline) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-01] CHR Extension: (AdBlock) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-10] CHR Extension: (Slinky Wood) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcaidncenfklbfikefeppfgehcbmmecn [2016-06-01] CHR Extension: (LastPass: Free Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-24] CHR Extension: (Invite All Friends on Facebook) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-06-24] CHR Extension: (Speed Dial 2) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-01] CHR Extension: (The Great Suspender) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-06-01] CHR Extension: (PlayOn) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2016-06-01] CHR Extension: (Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-06-01] CHR Extension: (SharePoint Fix) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc [2016-06-01] CHR Extension: (Save to Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-06-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-01] CHR Extension: (Context Menu Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2016-06-01] CHR Extension: (Gmail) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-01] CHR Extension: (RSS Feed Reader) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-06-25] CHR Extension: (RoboForm Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-06-01] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-09-10] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-09-24] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22] CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-09-10] StartMenuInternet: Google Chrome.HA3GT6LIC6CKERU66IYIZVETX4 - C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe [68488 2016-04-14] (Google Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation) S4 CronService; C:\Prey\platform\windows\cronsvc.exe [19968 2011-02-15] (Fork Ltd.) [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed] R2 hMailServer; F:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [4512768 2015-07-09] (hMailServer) [File not signed] R2 KinoniSvc; f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [524800 2014-11-12] () [File not signed] R2 MBAMScheduler; f:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; f:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5933872 2015-09-18] (MediaMall Technologies, Inc.) S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () S4 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [17920 2011-09-19] (Microsoft) [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4476096 2005-09-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) S3 SandraAgentSrv; f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\RpcAgentSrv.exe [73200 2014-11-05] (SiSoftware) [File not signed] R2 SDScannerService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI) [File not signed] R2 Synergy; C:\Program Files\Synergy\synergyd.exe [312488 2016-03-18] () S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH) R2 TuneUp.UtilitiesSvc; F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies) R2 VMAuthdService; F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed] S2 VMwareHostd; F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe [15680000 2012-08-15] () [File not signed] S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2013-05-16] (Stardock Corporation) [File not signed] R2 WindowFX; F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WindowFXSRV.exe [181904 2012-03-08] (Stardock Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.) R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation) S3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2014-11-12] (Windows (R) Win 7 DDK provider) S3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2014-11-12] (Windows (R) Win 7 DDK provider) S4 LMIRfsClientNP; no ImagePath R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-18] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 SANDRA; f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () U5 UnlockerDriver5; F:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation) R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.) R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-03-22] (WinISO.com) S1 bbstlqcp; \??\C:\Windows\system32\drivers\bbstlqcp.sys [X] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] S1 ekgpaanc; \??\C:\Windows\system32\drivers\ekgpaanc.sys [X] S1 emzyrjza; \??\C:\Windows\system32\drivers\emzyrjza.sys [X] S1 fzqrwich; \??\C:\Windows\system32\drivers\fzqrwich.sys [X] S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X] S1 mttwbomv; \??\C:\Windows\system32\drivers\mttwbomv.sys [X] S1 ouqyzldm; \??\C:\Windows\system32\drivers\ouqyzldm.sys [X] S1 sesugyny; \??\C:\Windows\system32\drivers\sesugyny.sys [X] S3 SliceDisk5; \??\C:\Users\grevolorio\AppData\Local\Temp\HBCD\PartitionFindAndMount\slicedisk-x64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S1 vixxdple; \??\C:\Windows\system32\drivers\vixxdple.sys [X] S2 WGX; System32\Drivers\WGX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-18 11:05 - 2016-07-18 11:07 - 00067984 _____ C:\Users\grevolorio.trmdu2\Desktop\FRST.txt 2016-07-18 11:03 - 2016-07-18 11:03 - 02391040 _____ (Farbar) C:\Users\grevolorio.trmdu2\Desktop\FRST64.exe 2016-07-18 10:07 - 2016-07-18 10:07 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-18 10:07 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-07-16 08:38 - 2016-05-09 16:48 - 00450051 _____ C:\Windows\system32\Drivers\etc\hosts.20160716-083854.backup 2016-07-13 09:49 - 2016-07-13 09:50 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\vlc 2016-07-13 09:22 - 2016-07-13 09:22 - 00000000 ____D C:\Users\grevolorio.trmdu2\Projects Series 2016-07-13 09:22 - 2016-07-13 09:22 - 00000000 ____D C:\Users\grevolorio.trmdu2\HDR Projects 4 Pro 2016-07-13 09:20 - 2016-07-13 09:20 - 00001162 _____ C:\Users\Public\Desktop\HDR projects 4 professional (64-Bit).lnk 2016-07-13 09:20 - 2016-07-13 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis 2016-07-13 09:20 - 2016-07-13 09:20 - 00000000 ____D C:\Program Files\Franzis 2016-07-11 14:07 - 2016-07-11 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-07-11 10:48 - 2016-07-11 10:48 - 00000957 _____ C:\Users\grevolorio.trmdu2\Desktop\BHODemon 2.0.lnk 2016-07-11 10:48 - 2016-07-11 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BHODemon 2.0 2016-07-11 10:48 - 2016-07-11 10:48 - 00000000 ____D C:\Program Files (x86)\BHODemon 2 2016-07-09 08:49 - 2016-07-09 08:49 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\Program Files\iTunes 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\Program Files\iPod 2016-06-24 09:43 - 2016-07-08 21:18 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-18 11:05 - 2014-01-30 12:00 - 00000548 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108.job 2016-07-18 11:05 - 2012-05-23 18:15 - 00000000 ____D C:\FRST 2016-07-18 11:05 - 2011-08-04 09:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-18 11:01 - 2014-11-04 15:34 - 00000382 _____ C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job 2016-07-18 10:55 - 2015-09-16 12:08 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-18 10:32 - 2015-07-02 10:19 - 00000644 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108.job 2016-07-18 10:21 - 2012-07-27 08:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-18 10:08 - 2015-06-30 08:58 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-07-18 10:07 - 2014-08-20 09:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-07-18 06:15 - 2009-07-14 00:45 - 00033392 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-18 06:15 - 2009-07-14 00:45 - 00033392 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-18 02:07 - 2015-06-11 15:15 - 00000000 ____D C:\ProgramData\MediaMall 2016-07-18 01:19 - 2015-06-30 08:58 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-07-17 22:59 - 2015-09-30 10:32 - 00000000 ____D C:\Program Files\KMSpico 2016-07-17 20:05 - 2011-08-04 09:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-17 09:28 - 2009-07-14 01:13 - 00845984 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-17 09:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-07-14 20:21 - 2012-07-27 08:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-14 20:21 - 2012-04-13 10:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-14 20:21 - 2011-05-20 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-13 15:39 - 2015-06-11 20:52 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Local\CrashDumps 2016-07-13 13:18 - 2011-01-21 14:14 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-07-13 12:43 - 2015-07-07 13:19 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent 2016-07-13 09:22 - 2015-06-11 14:53 - 00000000 ____D C:\Users\grevolorio.trmdu2 2016-07-12 16:21 - 2012-01-26 17:19 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-12 16:21 - 2011-01-21 11:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-11 14:08 - 2015-06-30 08:57 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-07-11 10:59 - 2012-06-11 10:02 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-07-09 08:49 - 2015-07-07 11:43 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-07-09 08:49 - 2014-02-28 10:55 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-07-07 09:58 - 2015-06-17 13:26 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Local\calibre-cache 2016-07-07 09:22 - 2015-06-17 13:25 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\calibre 2016-07-01 13:31 - 2015-11-02 15:45 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk 2016-07-01 13:31 - 2011-06-09 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2016-07-01 13:31 - 2011-06-09 14:01 - 00000000 ____D C:\Program Files (x86)\Calibre2 2016-06-27 11:21 - 2015-09-23 03:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-27 11:21 - 2012-10-10 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-06-27 10:24 - 2015-06-11 20:51 - 00000000 ____D C:\Users\grevolorio.trmdu2\.VirtualBox 2016-06-24 17:46 - 2015-06-17 09:21 - 00143848 _____ C:\Users\grevolorio.trmdu2\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-21 05:42 - 2013-11-12 12:46 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-06-21 05:41 - 2014-03-18 09:15 - 00000000 ____D C:\Program Files\Microsoft Office 15 ==================== Files in the root of some directories ======= 2012-01-30 09:55 - 2015-06-11 15:56 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-06-12 19:46 - 2015-06-12 19:46 - 0000064 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sandra.ldb 2015-06-12 19:46 - 2015-06-12 21:14 - 14417920 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sandra.mdb 2015-08-28 17:23 - 2015-08-28 17:23 - 0000020 ___SH () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sys11965 DataCollection.dat 2015-08-28 17:23 - 2015-08-28 17:23 - 0000020 ___SH () C:\Users\grevolorio.trmdu2\AppData\Roaming\System413_DataDB.ind 2015-07-04 08:40 - 2015-07-09 19:01 - 0000600 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\winscp.rnd 2015-09-28 09:21 - 2015-09-28 09:21 - 0000038 ___SH () C:\Users\grevolorio.trmdu2\AppData\Local\5678c43253f8bbb5ed82a9.59421958 2015-07-04 08:47 - 2015-07-13 11:07 - 0000600 _____ () C:\Users\grevolorio.trmdu2\AppData\Local\PUTTY.RND 2015-09-16 12:03 - 2015-09-16 12:03 - 0045957 _____ () C:\ProgramData\HELP_DECRYPT.PNG 2015-09-16 12:03 - 2015-09-16 12:03 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL 2012-08-20 10:22 - 2012-08-28 15:25 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2014-12-18 12:06 - 2014-12-18 12:06 - 0000202 _____ () C:\ProgramData\nbinst.ini 2013-11-25 17:35 - 2013-11-25 17:35 - 0000018 _____ () C:\ProgramData\ruby-uuid Files to move or delete: ==================== C:\Users\grevolorio\SyncToy_6f9d1157-50ab-4e8a-b246-c8013fe8d91a.dat C:\Users\grevolorio\SyncToy_eb83ad46-2f1d-44ad-8333-991854e5ef51.dat Some files in TEMP: ==================== C:\Users\grevolorio\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_kz8ag.dll C:\Users\grevolorio\AppData\Local\Temp\RoboForm-Setup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-07 10:41 ==================== End of FRST.txt ============================ And the Addition.txt is: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016 03 Ran by grevolorio (2016-07-18 11:08:11) Running from C:\Users\grevolorio.trmdu2\Desktop Windows 7 Professional Service Pack 1 (X64) (2012-06-05 17:59:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3578782807-1016812498-1856270605-500 - Administrator - Disabled) grevolorio (S-1-5-21-3578782807-1016812498-1856270605-1009 - Administrator - Enabled) => C:\Users\grevolorio.trmdu2 Guest (S-1-5-21-3578782807-1016812498-1856270605-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\uTorrent) (Version: 3.4.3.40466 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.40466 - BitTorrent Inc.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics) Acute Email IDs Production Engine (HKLM-x32\...\{CB72E17B-1BCA-441F-A8A0-64C6FDF09425}) (Version: 10.3.5 - SAGAWEBS.COM) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated) Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe LiveCycle Designer 7.1 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\InstallShield_{B8420E42-9664-43AF-BD01-F7B12EBA92CF}) (Version: 7.1.0000 - Adobe) Adobe Media Player (HKLM-x32\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader 64-bit fixes (HKLM\...\{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1) (Version: - Leo Davidson / Pretentious Name) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Allway Sync version 10.3.25 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc) Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6F085FCD-4B6A-4F63-AF23-B74629C40797}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies) AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.0.0 - Wacom Europe GmbH) Hidden Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden BHODemon 2.0.0.23 (HKLM-x32\...\BHODemon_is1) (Version: - Definitive Solutions, Inc.) BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 2.0.128 - BitTorrent Inc.) Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Box Edit (HKLM-x32\...\{8887D190-E3EC-45D9-A62D-DF423B53CBEE}) (Version: 3.0.25.511 - Box) Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden calibre (HKLM-x32\...\{BA623AFD-BE42-4B5F-9B8E-01FAB9BB2B51}) (Version: 2.61.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{95EB2FCC-AE0B-40E9-B804-347C6358923B}) (Version: 51.0.2704.7 - Google Inc.) Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.) Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix) ClipX (HKLM-x32\...\ClipX) (Version: - ) Color Cop 5.4.3 (HKLM-x32\...\Color Cop_is1) (Version: - Jay Prall) Color Picker (HKLM-x32\...\ST6UNST #1) (Version: - ) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden CutePDF Professional 3.3 (HKLM-x32\...\{F10D1D8F-C20C-4F0D-B243-688C0C6873F6}) (Version: 3.30.1001 - Acro Software Inc.) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation) Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) eReader (HKLM-x32\...\{453C9E55-80DF-4BD2-9885-52A1FB0D9382}) (Version: 3.0.3 - Palm Digital Media) Evernote v. 5.2 (HKLM-x32\...\{090931D6-A2F4-11E3-AD9C-00163E98E7D0}) (Version: 5.2.0.2946 - Evernote Corp.) ExtraPutty 0.22 (HKLM-x32\...\{14C76057-E495-47E1-BDF0-1A1CC1752ADF}) (Version: 0.22 - ) Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation) Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.5.6 - Telerik) FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: - LopeSoft - Rubén López Hernández) FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse) Fine Woodworking Archive (HKLM-x32\...\{84D74E02-0F71-4107-B92F-48848C06ABB0}) (Version: 2.0.1 - Taunton) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.) Git version 1.7.6-preview20110708 (HKLM-x32\...\Git_is1) (Version: 1.7.6-preview20110708 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline) Gtk# for .Net 2.12.25 (HKLM-x32\...\{889E7D77-2A98-4020-83B1-0296FA1BDE8A}) (Version: 2.12.25 - Xamarin, Inc.) HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) HDR projects 4 professional (64-Bit) (HKLM\...\HDR_PROJECTS_4_3_3BF7CE82_is1) (Version: 4.41 - Franzis Verlag GmbH) hMailServer 5.6.4-B2283 (HKLM-x32\...\hMailServer_is1) (Version: - ) huey 1.0.5 (HKLM-x32\...\huey_is1) (Version: - Pantone & GretagMacbeth) IdeaRoom (HKLM-x32\...\{9D3E0103-F902-4368-8CAE-21EE46F2DE9E}) (Version: 1.36.0070 - Sawtooth Ideas) IETester v0.4.10 (remove only) (HKLM-x32\...\IETester) (Version: 0.4.10 - Core Services) iExplorer 3.2.2.6 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) IMG to ISO (HKLM-x32\...\{F10528D1-6478-4F67-A393-CCAC1DB958C1}_is1) (Version: - imgtoiso.com) Inkscape 0.48.1 (HKLM-x32\...\Inkscape) (Version: 0.48.1 - ) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation) iPhoneBrowser (HKLM-x32\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software) IsoBuster 3.4 (HKLM-x32\...\IsoBuster_is1) (Version: 3.4 - Smart Projects) iTunes (HKLM\...\{709990D1-03DA-4302-B364-E4D9F17E2198}) (Version: 12.4.1.6 - Apple Inc.) Java 2 Runtime Environment, SE v1.4.1 (HKLM-x32\...\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}) (Version: - ) Java 2 Runtime Environment, SE v1.4.1_07 (HKLM-x32\...\{CA532E73-1BB7-11D8-9D6A-00010240CE95}) (Version: - ) Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) Java Web Start (HKLM-x32\...\Java Web Start) (Version: - ) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle) Java(TM) 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216039FF}) (Version: 6.0.390 - Oracle) Java(TM) SE Development Kit 6 Update 39 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160390}) (Version: 1.6.0.390 - Oracle) Java(TM) SE Development Kit 7 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.) join.me (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\JoinMe) (Version: 1.17.0.156 - LogMeIn, Inc.) Keywords Studio Pro (HKLM-x32\...\Keywords Studio Pro 1.0.0) (Version: 1.0.0 - intraSEO) Keywords Studio Pro (x32 Version: 1.0.0 - intraSEO) Hidden KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni) K-Lite Codec Pack 8.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.6.0 - ) KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - ) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden LAN-Fax Utilities (HKLM\...\LAN-Fax Utilities) (Version: - ) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version: - Code Jelly) LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.71 - Alliance Software Pty Ltd) Market Samurai (x32 Version: 0.93.71 - Alliance Software Pty Ltd) Hidden Maxwell for SketchUp 2014 (HKLM-x32\...\{E3FA7086-A065-4FAF-B819-400927194F80}) (Version: 3.0.11 - Next Limit Technologies) MDF to ISO version 1.0 (HKLM-x32\...\{79DDA36F-B19E-4293-A4F2-FA3EC1C06E6E}_is1) (Version: 1.0 - mdftoiso.com) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Metalogix Content Matrix Console - File Share Edition (HKLM-x32\...\{99641A98-EE9B-4521-916C-DF09AC9DD4A3}) (Version: 6.2.0302 - Metalogix Software Corp.) Metalogix Content Matrix Console - Public Folder Edition (HKLM-x32\...\{E18CB092-505F-4FE1-B4C7-C53DBBBBA938}) (Version: 6.2.0302 - Metalogix Software Corp.) Metalogix Content Matrix Console - SharePoint Edition (HKLM-x32\...\{A4E8B4B5-C6D6-414B-A513-EDDB70F58959}) (Version: 6.2.0302 - Metalogix Software Corp.) Micro-Measure (HKLM-x32\...\{75E1D518-6772-4073-A71C-354B71181391}) (Version: 1.0.0 - Brightwell) Microsoft .NET Compact Framework 1.0 SP3 Developer (HKLM-x32\...\{6C531060-84FB-4F96-8F33-29DF020632EB}) (Version: 1.0.4292 - Microsoft Corporation) Microsoft .NET Compact Framework 2.0 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.5238 - Microsoft Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation) Microsoft Device Emulator version 1.0 - ENU (HKLM-x32\...\{78B75C6D-E53C-424C-BF83-4B63BD4A6682}) (Version: 1.0.50727.42 - Microsoft Corporation) Microsoft Document Explorer 2005 (HKLM-x32\...\Microsoft Document Explorer 2005) (Version: - Microsoft Corporation) Microsoft Exchange Web Services Managed API 2.1 (HKLM-x32\...\{24CA683D-8174-4EBF-AD4D-3F2DD7814716}) (Version: 15.0.847.30 - Microsoft Corporation) Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation) Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation) Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation) Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation) Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation) Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation) Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation) Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation) Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation) Microsoft Filter Pack 1.0 (HKLM\...\{95120000-2000-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1104 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Lync 2010 Attendee (HKLM-x32\...\{09335E49-1C8F-4973-9929-941BE9C6EF33}) (Version: 4.0.7577.4498 - Microsoft Corporation) Microsoft Lync Web App Plug-in (HKLM\...\{52CAD0B7-8759-4CE5-94D7-8825BBFD7445}) (Version: 15.8.8653.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation) Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Developer Tools for Visual Studio 2013 - November 2014 Update (HKLM-x32\...\{ac415136-ae46-4301-b23e-6559062bfa7b}) (Version: 12.0.31105.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft) Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesignerR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft) Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft) Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Robocopy GUI (HKLM-x32\...\{107C666F-63C5-4263-8D40-8B9CFB5FED08}) (Version: 1.0.0 - Microsoft) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation) Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{62D2F823-0EAA-496D-B0F9-A869BFC51550}) (Version: 8.05.2312 - Microsoft Corporation) Microsoft SQL Server 2005 Books Online (English) (September 2007) (HKLM-x32\...\{6FDD4688-E063-401D-B6BE-7234E20B9173}) (Version: 9.00.3104 - Microsoft Corporation) Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (HKLM-x32\...\{1389C6A4-4965-4AEC-9175-08B54A10FA48}) (Version: 3.0.0.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Policies (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{88CB5DFD-6CE1-486F-998C-9FC090FCE5E2}) (Version: 11.1.3128.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU (HKLM\...\{75F299F3-8234-47CD-BB40-2994C1B1105E}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual Studio 2005 Premier Partner Edition - ENU (HKLM-x32\...\{C25EF637-BE7A-4761-9B45-9069989C319F}) (Version: 8.0.50728 - Microsoft Corporation) Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) (HKLM-x32\...\KB926601.T2_29ToU260_29) (Version: 1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 SharePoint Power Tools (HKLM-x32\...\{FD84580C-12DC-3BA4-ABE8-1E337F776F1D}) (Version: 10.0.30604 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{6dff50d0-3bc3-4a92-b724-bf6d6a99de4f}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation) Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation) Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation) MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.) MoSync (HKLM-x32\...\MoSync) (Version: - Mobile Sorcery) MotoHelper 2.1.32 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola) MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) Hidden Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) MSDN Library for Visual Studio 2005 (HKLM-x32\...\MSDN Library for Visual Studio 2005) (Version: 8.0.50727.42 - Microsoft) MSDN Library for Visual Studio 2005 (x32 Version: 8.0.50727.42 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyLifeOrganized v. 4.3.1 (HKLM-x32\...\MyLife Organized) (Version: 4.3.1 - MyLifeOrganized.net) MySQL Connector/ODBC 5.3 (HKLM\...\{43E572BC-B21F-4BEC-94CA-2D4AA6F53246}) (Version: 5.3.2 - Oracle Corporation) MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.) Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG) Node.js (HKLM\...\{FC4E166C-598C-48CC-BFAC-A709121D3B2C}) (Version: 0.10.22 - Joyent, Inc. and other Node contributors) Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - ) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5951 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5951 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden OutlookTools 2 (HKLM-x32\...\{E69BB189-4B20-46AE-93CF-59099F05FC3F}) (Version: 2.3.0 - HowTo-Outlook) Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 Design-Time - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) Pandora (HKLM-x32\...\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1) (Version: 2.0.5 - Pandora Media, Inc.) Pandora (x32 Version: 2.0.5 - Pandora Media, Inc.) Hidden Paprika Recipe Manager (HKLM-x32\...\{E9AC2A1E-F693-43D0-BBF4-C57A4D9BDFCF}) (Version: 1.0.4 - Hindsight Labs LLC) ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden PDFill PDF Editor with FREE PDF Writer and Tools (HKLM-x32\...\{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}) (Version: 5.0 - PlotSoft LLC) PDFill PDF Writer (HKLM-x32\...\PDFill PDF Writer) (Version: - ) Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden PlayLater (HKLM-x32\...\{B9050F2D-0F98-4530-A494-FCA63931FBE5}) (Version: 1.6.42 - MediaMall Technologies, Inc.) PlayOn (HKLM-x32\...\{8D437274-5816-474B-B57C-C28D62433F8F}) (Version: 3.10.42 - MediaMall Technologies, Inc.) Plex (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Plex) (Version: 0.9.502 - Plex, Inc) Polipo 1.0.4.1 (HKLM-x32\...\Polipo) (Version: - ) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 2.6 pycrypto-2.3 (HKLM-x32\...\{D6242566-9EF5-426E-8F75-F4FBCC010186}) (Version: 2.3.0 - Dwayne C. Litzenberger) Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden Qdabra Rules Library (HKLM\...\{50F764E1-0DB5-4252-8AE9-780BB3A3B16C}) (Version: 2.3.0005 - Qdabra Software) Qdabra Rules Library (HKLM-x32\...\{0643AB4D-8502-47FF-AB27-FCF3649CC3C3}) (Version: 6.1.0001 - Qdabra Software) Qdabra Rules Library (HKLM-x32\...\{2CEB2CBB-6939-48B7-989A-AB01FBB6B14E}) (Version: 5.1.0000 - Qdabra Software) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RAMDisk (HKLM-x32\...\{01D5FF1F-BB19-4387-8EF1-C6319037EC12}) (Version: 3.5.130 - Dataram, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.) Recover My Files (HKLM-x32\...\Recover My Files_is1) (Version: 4.9.2.1240 - GetData Pty Ltd) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Reflector (HKLM\...\{77342B24-A2A9-4420-8C9C-C109EE201CBC}) (Version: 1.3.3.1 - Squirrels) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller 1.92 (HKLM-x32\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group) Revo Uninstaller Pro 2.4.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.4.3 - VS Revo Group, Ltd.) Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net) RoboForm 7-9-14-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-14-4 - Siber Systems) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.66.00(10/30/2014) - Samsung Electronics Co., Ltd.) Samsung M2020 Series (HKLM-x32\...\Samsung M2020 Series) (Version: 1.23 (12/24/2014) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Saver2 (HKLM-x32\...\Saver2) (Version: 1.3.2 - ZZJ) ScanSoft PDF Create! 4 (HKLM\...\{33307810-2945-4F3F-8FEA-0BF522AEFCA7}) (Version: 4.01.0069 - Nuance Communications, Inc.) Scrum Solution Starter for Microsoft Project 2010 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CC7790844E65D3F0F0686CF43FEDFB17AA666F95) (Version: 1.0.0.71 - Microsoft) SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology) Send to OneNote 2007 (HKLM-x32\...\{D0180909-85ED-4F97-B12C-C9E3129F78DC}) (Version: 1.0.0 - Microsoft Office OneNote 2007 PowerToys) SendToOneNote for Chrome (HKLM-x32\...\{62A77CC8-B17A-49C0-9BE6-E77216E86BD3}) (Version: 1.2.0 - Aspark Software) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version: - Microsoft) SharePoint Client Components (HKLM\...\{95150003-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4641.1002 - Microsoft Corporation) SharePoint Client Components (HKLM\...\{95160002-1163-0409-1000-0000000FF1CE}) (Version: 16.0.3104.1200 - Microsoft Corporation) Sharpener Pro 3.0 (HKLM-x32\...\Sharpener Pro 3.0 Stand-Alone) (Version: 3.0.0.5 - Nik Software, Inc.) Sigil 0.4.2 (HKLM\...\Sigil_is1) (Version: - John Schember) SiSoftware Sandra Business 2015 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.10.2015.1 - SiSoftware) SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited) SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited) Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0) (Version: 2.0 - Sparkol) Sparkol VideoScribe (x32 Version: 2.0 - Sparkol) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQLXML4 (HKLM\...\{DEA9F247-F832-4E36-90BF-D8EDA206521A}) (Version: 9.00.5000.00 - Microsoft Corporation) Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 8.12 - Stardock Software, Inc.) Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated) SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) Synergy (64-bit) (HKLM\...\{77865914-4067-41D2-8DE0-ACFA9C83351D}) (Version: 1.7.6 - The Synergy Project) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.62308 - TeamViewer) TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.) TopStyle (Version 3) (HKLM-x32\...\TopStyle (Version 3)) (Version: 3.1.0 - Bradbury Software, LLC) Tor 0.2.1.30 (HKLM-x32\...\Tor) (Version: - ) Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.4 - Transmission) TreeSize Free V2.6 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.6 - JAM Software) TreeSize Professional 5.3.4 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.3.4 - JAM Software) TuneUp 2.5.0.0 (HKLM-x32\...\TuneUpMedia) (Version: 2.5.0.0 - TuneUp Media, Inc.) TuneWiki (HKLM-x32\...\TuneWiki) (Version: 1.0.165.0 - TuneWiki) U2 PCAM (HKLM-x32\...\{F89DC420-FF15-485D-8254-67A27ED1313B}) (Version: 1.2.3.4 - Genesys Logic) Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft) Update or Uninstall SENukeX (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX) Update or Uninstall SENukeX (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX) Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.) Velvia Vision (HKLM-x32\...\{F02DBC56-E5AB-4F74-B995-4586F91D4BDC}) (Version: 1.0 - Fred Miranda) Vertus Fluid Mask 3 2.100.2-RC2 (HKLM-x32\...\VertusFluidMask3) (Version: 2.100.2-RC2 - ) Vidalia 0.2.12 (HKLM-x32\...\Vidalia) (Version: - ) Video Enhancer 1.9.6 (HKLM-x32\...\Video Enhancer_is1) (Version: - Infognition Co. Ltd.) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes) Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.0 - VMware, Inc) VMware Workstation (Version: 9.0.0 - VMware, Inc.) Hidden WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation) Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation) WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinDirStat 1.1.2 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - ) WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun) WindowFX (x32 Version: 5.01 - Stardock Corporation) Hidden Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5) (HKLM\...\929413420CDE2F0C2C08C06E73FF16D9CB6C9807) (Version: 09/17/2009 3.0.0.5 - Apple Inc.) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation) WinISO (HKLM-x32\...\WinISO) (Version: 6.3.0.4829 - WinISO Computing Inc.) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinSCP 4.3.5 (HKLM-x32\...\winscp3_is1) (Version: 4.3.5 - Martin Prikryl) WinSnap (HKLM-x32\...\WinSnap) (Version: 4.0.8 - NTWind Software) WinX DVD Author 5.8 (HKLM-x32\...\WinX DVD Author_is1) (Version: - FreetimeSoft, Inc.) Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version: - Rob Caelers & Raymond Penners) WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation) xplorer² professional 64 bit (HKLM\...\xplorer2p64) (Version: 2.5.0.2 - Zabkat) yEd Graph Editor 3.9.2 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.9.2 - yWorks GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для среды разработки набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\grevolorio\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\grevolorio\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01948B03-BD45-4976-8D31-7855925672EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {05C8BCBA-5173-4FD5-AB52-1671D7DC2D35} - System32\Tasks\{6D5E1E37-7B03-499C-9F90-D7F8A3F44FD4} => pcalua.exe -a "F:\Adobe CS4\Master Collection\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent Task: {0DA826DA-C315-408E-A81B-346FA731E686} - System32\Tasks\{4BD142E9-8A9E-4CF1-8E08-D7B5ABC463F4} => pcalua.exe -a "F:\kodiRelated\FTV v0.52\FTV\Amazon FireTV Utility App.exe" Task: {13009AEA-3E20-4C03-98ED-1DDAA2CBE59A} - System32\Tasks\{1E1D40DD-B7F0-437F-919E-7299C2A201C8} => pcalua.exe -a C:\Users\grevolorio\Desktop\vpnclient-win-msi-5.0.01.0600-k9.exe -d C:\Users\grevolorio\Desktop Task: {1CA54BD7-F8FE-43D7-A568-902BD730F451} - System32\Tasks\{C9D0DEFF-43BC-4715-854F-00A22264221D} => pcalua.exe -a F:\Downloads\Drawing\Pencil-Portrait-Tutorial--How-Beginners-Learn-To-Draw-Pencil-Portraits-Quickly-And-Easily.exe -d F:\Downloads\Drawing Task: {1D334B1E-CF07-488F-9133-6C6018482BF0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {220D5B9C-CC4B-43A8-BE1B-5AA45467AF92} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {2541E100-9850-45B0-8A0C-D00427497A49} - System32\Tasks\{2662DE15-9BFB-4C94-ABE1-B60C1CDBE28D} => pcalua.exe -a "C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3XG5VDK\lastpass_x64[1].exe" -d C:\Users\grevolorio\Desktop Task: {2A46E8FA-0109-4EB2-8581-D8E1CC3F8D47} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe Task: {2AC1D17C-EA09-4710-85F9-66D640AA0BF3} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {2C2A0C7C-A15F-473C-9A03-A80299CEEC13} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation) Task: {3100B96D-BB14-4990-BD3D-54ABC9D6445D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.) Task: {327B3BA7-B8A2-4705-A7D4-9A7536F0D564} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {379F9252-C770-44AA-AF2C-037D7FDACF84} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-06-19] (Siber Systems) Task: {384B22B0-4F48-47CA-A1B8-7D998C13032C} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {4D0D22B8-4C7A-44F5-B04F-96AB41E171EF} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22] () Task: {58289E57-EE9B-437E-9BF3-CCB6ABF1E425} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {59479587-6ECE-4E1C-9E21-55309D69125C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMKMGMNJLJIMKJJJCNOMMJOJKMCNLMJMIMJMCNGMLJIMPMCNLMJMPMMMMJKMLMOJKJKJPMIMJNJICMIMCNGMCNOMLMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMLMLMPMJNHICMEKMICNJJCKJNBJCMJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMKMKMFMPMJN (the data entry has 33 more characters). Task: {5B725530-FFAB-4A23-8563-A928DF68D79B} - System32\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108 => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-07-02] (Citrix Online, a division of Citrix Systems, Inc.) Task: {5D3FF025-C318-46AB-A7A4-5A8F209A70F7} - \SidebarExecute -> No File <==== ATTENTION Task: {6184FBBE-4AA1-42ED-A3A1-E6838CA95637} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {65EDF042-6E5E-4A9C-BCE8-01793ED9162F} - System32\Tasks\{DEDC4BB3-71C0-40D4-9A13-E7BEA775B519} => pcalua.exe -a F:\Downloads\AppleWirelessMouse64.exe Task: {6E0AF919-E2BB-4343-80BD-9DB7B1320AC0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {729AE2CB-D745-4FDE-AD60-D0A8A4636D78} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => F:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies) Task: {7CFEC956-1854-4D03-AC69-5FCACF3ED978} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {83A73D3C-C015-43F6-ABAB-27E7FC5C6590} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns Task: {88FD29A9-84EF-4B5D-B6F4-945733D892B5} - System32\Tasks\{A2F28A60-837B-4A08-93CF-C81107A19128} => pcalua.exe -a "F:\Downloads\Stardock Object Desktop Suite\Stardock Object Desktop Suite\WindowBlinds 5 [Enhanced] - With Crack\WindowBlinds 5 [Enhanced].exe" -d "F:\Downloads\Stardock Object Desktop Suite\Stardock Object Desktop Suite\WindowBlinds 5 [Enhanced] - With Crack" Task: {8B9FD64D-EE19-4346-AB88-F4084AA5EF60} - System32\Tasks\{E725F200-DE8A-4285-85FF-D7DA2DFE1545} => pcalua.exe -a F:\Downloads\solutoinstaller.exe Task: {90FFDBF2-C8F2-4A2B-99C2-BD4B2BA8849B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {92FC9152-3CF6-4DC4-A1FF-8B31A85EC68D} - System32\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB} => F:\Program Files\Allway Sync\Bin\syncappw.exe [2010-05-31] () Task: {93F228DA-AB4B-4BD9-B6D4-456EB46BA16D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {97F9187F-9225-4089-8965-5A446FE551E5} - System32\Tasks\{6C938882-44FC-4762-8288-22AC4957F8AB} => pcalua.exe -a "C:\Users\grevolorio\Desktop\MsiZap (1).exe" -d C:\Users\grevolorio\Desktop Task: {9D8F7C35-05F3-4098-A58A-CFDCE2571B56} - System32\Tasks\{A90FC29D-33BB-491B-AED4-86D69213CF61} => pcalua.exe -a "F:\Downloads\Microsoft Office 2010 Professional (No Key Required)\setup.exe" -d "F:\Downloads\Microsoft Office 2010 Professional (No Key Required)" Task: {A10AE438-01D3-48A2-B1F9-9CFCF67E0B22} - System32\Tasks\{E00AD51B-21C4-4D8F-A4AB-7CC5931C85E2} => pcalua.exe -a "C:\FTV\Amazon FireTV Utility App.exe" Task: {A2C753BE-80E2-4C1E-A35B-C6B17C5DE41F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {AD4D132B-F589-4AB7-9AC7-8E881E3CA6BA} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe Task: {AD684464-6AA5-4425-9D51-8804B6F5C03B} - System32\Tasks\{B40ADBCF-29B3-4A89-B5F3-2C6807F2DECB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall INFOPATHR /dll OSETUP.DLL Task: {AD9C8945-6414-46A1-B1CB-9348EE400E4F} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-21] () Task: {AFDFFF62-8D44-4454-8431-F540107AFF83} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMGMJJLJJMMMLJNJCNMMPMPMHMCNLMGMKMOJCNHMMMNJHMCNNMKJKJOMLMLMKMKJOMPMMJJJJNJICMIMCNOMCNPMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMIJNIKJJIAJDJAJNIGJAJJNKJCMJNNICMJNDJCMKJBJ" Task: {B421371D-E6A0-44B4-B84E-BEB704B7D919} - System32\Tasks\{DBF89E59-98BD-464C-821B-C714ACBF7D00} => pcalua.exe -a "C:\Users\grevolorio\AppData\Local\Temp\Temp1_Drivers for apple majic mouse.zip\Drivers for apple majic mouse\64bit driver.exe" Task: {B42859F1-52BE-4C0B-87A0-089A8A9525FE} - System32\Tasks\{A86051CA-CB2D-4CFC-AA2E-F97F003E332E} => pcalua.exe -a C:\Users\grevolorio.trmdu2\Downloads\VirtualBox-5.0.4-102546-Win.exe Task: {B6124405-83CA-4BD7-9DFD-1176D9CFEA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {B7D682DD-52E1-43BE-BBF8-FDC6840A7669} - System32\Tasks\{AEC957EE-1707-435F-9324-C5329BCEB8F2} => pcalua.exe -a F:\Downloads\AppleWirelessMouse64UNEASY.exe Task: {BA7A7309-376A-49C5-8980-876C5ACE8DDE} - System32\Tasks\DocumentsBackupToNetworkDrive => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation) Task: {BFAECEBD-7839-4DE8-825D-A11D11B4ABE5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI) Task: {C3513C86-0619-4FBC-B521-2594460A8AB7} - System32\Tasks\{5EF141E4-698E-4751-AFC4-21FB5FB4CCC4} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {C7E44BE0-CBC9-4833-85C7-DCDE3709A73A} - System32\Tasks\{3EE8355E-6EFE-4231-BA1C-0027510C8764} => pcalua.exe -a F:\Downloads\OfficeExcel2003XMLToolsAddin.exe -d F:\Downloads Task: {D6847D8E-3585-4794-AD85-56EB9F05F9FA} - System32\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108 => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupload.exe [2015-07-02] (Citrix Online, a division of Citrix Systems, Inc.) Task: {DDBE4BC3-4239-45EA-85A5-E4557D3F2AD6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {DE2F2154-92E1-40E2-8EB6-A80435CCCFB7} - System32\Tasks\{9AA97C05-331D-48E7-B2B6-393DA5DB59E3} => pcalua.exe -a F:\Downloads\Vertus_Fluid_Mask_3.2.1_MegaRapidshare.com\fluid_mask_3_setup_2.100.2-RC2.exe Task: {E121D49B-E0A6-45BA-9FBA-E6A579E8DCAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {E62AE87E-4B4E-4A62-A2A5-C62E351425B8} - System32\Tasks\{FB5637CE-774D-41E9-8A18-A66C6F08DE12} => pcalua.exe -a "F:\Downloads\windirstat1_1_2_setup (1).exe" -d F:\Downloads Task: {E86215D1-331F-46EA-B5D2-DD63481E1867} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.) Task: {E8FC4795-B64E-463C-96A9-BE0B8DBF960D} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {E96AA20C-5A24-4099-8877-9D626337E24D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {F0F929D8-853A-41D7-BF97-78FBA3A7E8E9} - System32\Tasks\{5F894392-522C-4E66-80C8-E72C3D3AD54E} => pcalua.exe -a F:\Downloads\applewirelessmouse.exe Task: {F379DF3B-1EC4-4330-84B3-57537B17F6CE} - System32\Tasks\CopyMyDocsToU_Drive => Task: {F787EACE-34DC-43A0-9DA4-440D0A487857} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {FC31E385-F59B-4071-A73F-53FC0F691907} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {FCAEA3E8-B27E-4792-96C7-DE1B513D73A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {FE0A6D57-BA94-4854-A4CF-ED585B3BB4B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job => F:\Program Files\Allway Sync\Bin\syncappw.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108.job => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108.job => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ParetoLogic Registration.job => rundll32.exe C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\grevolorio.trmdu2\Desktop\Gus - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9cc420c2be074d9\Identity API Scope Approval UI.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ahjaciijnoiaklcomgnblndopackapon ==================== Loaded Modules (Whitelisted) ============== 2012-05-15 13:12 - 2012-05-15 13:12 - 00385680 _____ () F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WFX32.exe 2011-01-11 10:52 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll 2015-08-28 15:35 - 2014-10-30 08:18 - 00029184 ____C () C:\Windows\System32\ssj2mlm.dll 2014-11-12 05:20 - 2014-11-12 05:20 - 00524800 _____ () f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe 2015-08-04 08:26 - 2015-08-04 08:26 - 00718040 _____ () F:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 00018600 _____ () C:\Program Files\Synergy\synwinhk.DLL 2016-03-16 06:17 - 2016-03-16 06:17 - 00052912 _____ () F:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () F:\Program Files (x86)\Unlocker\UnlockerCOM.dll 2011-02-14 17:55 - 2009-06-21 08:52 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-08-04 08:26 - 2015-08-04 08:26 - 00861912 _____ () F:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll 2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 00312488 _____ () C:\Program Files\Synergy\synergyd.exe 2015-07-08 16:59 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2010-11-08 11:15 - 2010-11-08 11:15 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll 2015-06-30 08:24 - 2015-06-30 08:24 - 00408576 _____ () F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll 2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 00171520 ____R () C:\Program Files (x86)\Calibre2\calibre.exe 2016-07-01 08:50 - 2016-07-01 08:50 - 00024576 ____R () C:\Program Files (x86)\Calibre2\calibre-parallel.exe 2016-06-17 17:07 - 2016-06-15 04:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-17 17:07 - 2016-06-15 04:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 01881256 _____ () C:\Program Files\Synergy\synergy.exe 2016-03-18 14:52 - 2016-03-18 14:52 - 00979112 _____ () C:\Program Files\Synergy\synergys.exe 2014-08-20 09:47 - 2014-05-13 12:04 - 00109400 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-20 09:47 - 2014-05-13 12:04 - 00416600 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-20 09:47 - 2014-05-13 12:04 - 00167768 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-08-20 09:47 - 2012-08-23 10:38 - 00574840 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-08-20 09:47 - 2012-04-03 17:06 - 00565640 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2012-08-15 14:11 - 2012-08-15 14:11 - 01222656 _____ () F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\libxml2.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00037376 ____R () C:\Program Files (x86)\Calibre2\calibre-launcher.dll 2014-05-03 23:25 - 2014-05-03 23:25 - 00110080 ____R () C:\Program Files (x86)\Calibre2\DLLs\pywintypes27.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00057344 ____R () C:\Program Files (x86)\Calibre2\plugins2\progress_indicator.pyd 2016-07-01 08:47 - 2016-07-01 08:47 - 00069632 ____R () C:\Program Files (x86)\Calibre2\plugins2\imageops.pyd 2016-07-01 08:50 - 2016-07-01 08:50 - 00176128 ____R () C:\Program Files (x86)\Calibre2\DLLs\libxslt.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 01069568 ____R () C:\Program Files (x86)\Calibre2\DLLs\libxml2.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 00064000 ____R () C:\Program Files (x86)\Calibre2\DLLs\libexslt.dll 2014-12-10 12:23 - 2014-12-10 12:23 - 00426496 ____R () C:\Program Files (x86)\Calibre2\DLLs\sqlite3.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00035840 ____R () C:\Program Files (x86)\Calibre2\plugins2\wpd.pyd 2014-05-03 23:29 - 2014-05-03 23:29 - 00396800 ____R () C:\Program Files (x86)\Calibre2\DLLs\pythoncom27.dll 2016-07-01 08:46 - 2016-07-01 08:46 - 00262144 ____R () C:\Program Files (x86)\Calibre2\plugins2\hunspell.pyd 2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-30 05:53 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2016-05-12 19:57 - 2016-06-06 21:58 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-07-11 14:07 - 2016-06-06 21:59 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-05-12 19:57 - 2016-06-06 21:58 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-05-12 19:57 - 2016-07-05 14:00 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-05-12 19:57 - 2016-06-06 21:59 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-07-11 14:07 - 2016-06-06 22:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-07-11 14:07 - 2016-06-06 21:59 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-07-11 14:07 - 2016-06-06 22:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-07-11 14:07 - 2016-07-05 14:00 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-07-11 14:07 - 2016-07-05 14:00 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-05-12 19:57 - 2016-06-06 21:59 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2014-08-20 09:47 - 2014-04-25 14:11 - 02972112 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll 2016-03-08 09:04 - 2016-03-08 09:04 - 02415104 _____ () C:\Program Files\Synergy\QtCore4.dll 2009-01-10 10:32 - 2009-01-10 10:32 - 00011362 _____ () C:\Program Files\Synergy\mingwm10.dll 2009-06-22 18:42 - 2009-06-22 18:42 - 00043008 _____ () C:\Program Files\Synergy\libgcc_s_dw2-1.dll 2010-02-10 14:43 - 2010-02-10 14:43 - 09515520 _____ () C:\Program Files\Synergy\QtGui4.dll 2010-02-10 14:10 - 2010-02-10 14:10 - 01148416 _____ () C:\Program Files\Synergy\QtNetwork4.dll 2013-12-17 04:42 - 2013-12-17 04:42 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows: [108] AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [125] AlternateDataStreams: C:\Users\grevolorio.trmdu2\.DS_Store:AFP_AfpInfo [122] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\bunker -> hxxps://bunker IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\calshr01 -> hxxp://calshr01 IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\calshr02 -> hxxp://calshr02 IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\emmarx.com -> hxxp://reports.emmarx.com IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\inrangesystems.com -> hxxp://intranet.inrangesystems.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-se.com -> 1-se.com There are 11773 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\greenskybrands.com -> hxxp://intranet.greenskybrands.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\greenskybrands.com -> hxxp://intranet.greenskybrands.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2011-10-28 15:03 - 2016-07-16 08:38 - 00450173 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15466 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\sharepointadmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 192.168.0.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: CronService => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: sdAuxService => 3 MSCONFIG\Services: sdCoreService => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^monitorpad.lnk => C:\Windows\pss\monitorpad.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tor.lnk => C:\Windows\pss\Tor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^grevolorio.trmdu2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup MSCONFIG\startupfolder: C:^Users^grevolorio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLO.lnk => C:\Windows\pss\MLO.lnk.Startup MSCONFIG\startupfolder: C:^Users^grevolorio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyLife Organized.lnk => C:\Windows\pss\MyLife Organized.lnk.Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplePhotoStreams => MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: AttendeeCommunicator => "C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe" /fromrunkey MSCONFIG\startupreg: BackupAndRecoveryMonitor.exe => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe MSCONFIG\startupreg: Box Edit => C:\Users\grevolorio.trmdu2\AppData\Local\Box\Box Edit\Box Edit.exe MSCONFIG\startupreg: Box Local Com Server => C:\ProgramData\Box\ComServer\Box Local Com Service.exe MSCONFIG\startupreg: ccApp => "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" MSCONFIG\startupreg: ClipToOneNote => MSCONFIG\startupreg: EEDSpeedLauncher => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MSCONFIG\startupreg: Google Desktop Search => MSCONFIG\startupreg: iCloudServices => MSCONFIG\startupreg: itype => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe MSCONFIG\startupreg: MobileDocuments => MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start MSCONFIG\startupreg: PlayOn => C:\Program Files (x86)\MediaMall\PlayOn.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SDTray => "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: Spybot-S&D Cleaning => "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: uTorrent => "C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: Vidalia => "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" MSCONFIG\startupreg: vmware-tray => MSCONFIG\startupreg: vmware-tray.exe => "F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-tray.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{2C84D7A8-185F-48F0-997F-3A814FEB1212}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe FirewallRules: [UDP Query User{76BCF8C2-EC1E-47FD-A852-CE49592796D5}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe FirewallRules: [{E4DAC48E-0F06-4425-87B9-7BD5994267BF}] => (Allow) F:\Downloads\solutoinstaller-Lc51Pys8GM.exe FirewallRules: [{DE5F8045-275F-4630-8682-8236CFC1A9FA}] => (Allow) F:\Downloads\solutoinstaller-Lc51Pys8GM.exe FirewallRules: [{3CAF5393-735B-4381-9C98-BE52D398D458}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{D093949F-C20C-4810-B36E-6B28E571CC81}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{C6F07D1B-04C4-4F10-BDA4-374E78C5EF19}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{24C77659-9DEF-4ABA-B4B9-64F8BC15A943}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B5BA6578-03EA-4F19-B6A2-C924C6C8E14F}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe FirewallRules: [{758E4422-978B-47A4-86E4-B8F589FB2F26}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe FirewallRules: [{051D6AFF-140B-4251-A785-C60079EDB7FD}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe FirewallRules: [{7AC51C86-1E31-4E96-A1FF-7A9E9D7CE9C1}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [{E82D2D2F-BFBD-41F4-A369-818C95FE2B09}] => (Allow) C:\Users\grevolorio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B9EB0C5C-06D4-405B-BFEF-E1240AFC3A92}] => (Allow) C:\Users\grevolorio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4FE7CDC6-7A33-4C99-ABED-B4C4EA2F2743}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{46A01AAE-281A-4A88-9B9E-D5E9DD8EF2B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AA765390-3C76-4719-96A5-CFF7997FFC8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{51707004-99BF-4B82-866C-6DBD656522DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6EE70C80-E842-4BB8-8FB2-4183E0A2B6CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B261E1BA-7CCA-4BDA-A864-90AD5F09B541}] => (Allow) C:\Users\grevolorio\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{B05ABD30-952F-4977-88FB-0BF6B0D8486C}] => (Allow) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe FirewallRules: [{0E804373-A724-4174-95E8-11BF1A486C38}] => (Allow) F:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{482C2904-B9EB-460A-B24A-CDE0111F39B6}] => (Allow) F:\Program Files (x86)\BitTorrent Sync\BTSync.exe FirewallRules: [{30113CC9-EA36-40C1-ACE3-9C07A0D32065}] => (Allow) F:\Program Files (x86)\BitTorrent Sync\BTSync.exe FirewallRules: [{455BC505-116E-4778-9C47-D0039C5ABD3F}] => (Allow) LPort=12292 FirewallRules: [{48E75E71-2CBD-4890-8FDF-D76036F2069D}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe FirewallRules: [{B80C427A-4A78-4C8F-8C5A-F9137515E7DA}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe FirewallRules: [{97D36CA4-D871-4663-BF1F-D7D27925F9D4}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe FirewallRules: [{53162F45-0E3E-441F-AD2A-795DD8EBAB2D}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe FirewallRules: [{CB2F542C-B0A8-44DC-87F1-457206EFAC68}] => (Allow) C:\Program Files (x86)\MediaMall\PlayLater.exe FirewallRules: [{69B9AE74-7660-4131-A026-481F146680CA}] => (Allow) f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\RpcAgentSrv.exe FirewallRules: [{8A1F8345-6A95-49F8-A078-63007A1228A3}] => (Allow) f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\WNt600x64\RpcSandraSrv.exe FirewallRules: [{C974CD50-7415-43E1-9081-9640AB51C81D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE7E25B2-F63F-4E9B-8373-0A23074C71B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{EBC71303-5F45-4EDC-8E05-A3C6405AF3E8}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [UDP Query User{49A87548-8B14-4D3A-BA89-3E30CBD64639}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [{8A45DF66-77B3-47F5-9E5B-6E67E8CD3672}] => (Block) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [{2358E7EC-EE95-49BE-8DE1-26AF8F97ADAD}] => (Block) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [TCP Query User{011516DF-6F3F-479A-8621-1D0D84A0991F}F:\program files\transmission\transmission-qt.exe] => (Allow) F:\program files\transmission\transmission-qt.exe FirewallRules: [UDP Query User{ABA9851F-F69F-4C9D-A24E-A115D08E0AB4}F:\program files\transmission\transmission-qt.exe] => (Allow) F:\program files\transmission\transmission-qt.exe FirewallRules: [{4095281A-CA21-41D6-BA24-5FE980C904D0}] => (Block) F:\program files\transmission\transmission-qt.exe FirewallRules: [{24B34338-DD29-4CA9-AD70-42F3924DD47F}] => (Block) F:\program files\transmission\transmission-qt.exe FirewallRules: [{AED27814-FFA9-4899-B195-BE194AA6F13A}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{A0DE4516-2BD6-4D21-AE2B-124A3B182B0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{E0D62CAE-785A-402E-A297-8B4033C9B7A7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{932729FC-8CEF-4D87-B35B-8778A82696D8}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1706A022-0050-4667-91AA-26B728B5ADD8}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1EBA2EAC-E1BE-48CE-A61E-C0BEF9EC4047}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{583FE798-093F-4AFC-87FB-6E46B63294A7}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EA173698-EF6B-4459-A147-42C9EDA2520C}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F3E80BF7-DA3F-42AB-84EB-C25F52B2AF47}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{71CA5F73-AFD7-40C6-BDAF-10CC1A9579E5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{4D1F3054-3DA7-46C6-BF81-7F064302A7E6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{29A5A62E-BA87-4660-B3AA-624A5051E5F2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{6369152E-C858-4EDF-BB52-6895496F3D74}] => (Allow) f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe FirewallRules: [{E78D9C97-08D7-434F-8123-13261C4D9C6A}] => (Allow) f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe FirewallRules: [{3792C9C6-450E-426B-986C-5824239E896A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F3E4F551-C952-46A2-9CD8-2A5715867AC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{02F4B432-CBA2-4E39-B3FF-F55F89EC7B68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{8A0142B3-4C3B-4255-ABA5-96A1B1BD07D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F598C328-3FB4-42B6-899B-A8D1E5B2EC43}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{7F10E473-1BCA-4539-B818-F0EF53397B0F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{CBD9A108-FE5D-4C30-A810-642437C8E1F8}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{6DD6D3DB-85B6-4E8A-B606-85CA460F802A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{20FAFEED-FBD1-44C6-8EFB-994DC36F082C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{EB4B33CD-E952-4BFC-B5DE-B6D3A09356AF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{EC02FE5E-F982-4195-96AA-CE84BEECCF6A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{21DD25A7-A8D1-4916-A603-11C1BC9AD862}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{14B43CDE-088B-4241-AE08-1E53015DBD6D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{1FBAD7D8-6F46-41E4-961C-0EAB6CA8B4BE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{B7D324F3-4B17-46E4-9913-152127D321A5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [{422A2506-3182-4452-B20C-5EC8186315FD}] => (Allow) C:\Program Files\Synergy\synergys.exe FirewallRules: [{C86D90D8-8EFA-49AF-93C1-3293B433ED7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6E079AAB-5654-4264-8491-85AF7E253C08}] => (Allow) C:\Windows\explorer.exe FirewallRules: [{98CBFD6B-3FB9-488B-A3C8-3C054460A2B1}] => (Allow) C:\Windows\system32\rundll32.exe StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Intel(R) Centrino(R) Advanced-N 6200 AGN Description: Intel(R) Centrino(R) Advanced-N 6200 AGN Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: NETw5s64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Loopback Adapter Description: Microsoft Loopback Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: msloop Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/18/2016 09:05:53 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/18/2016 04:05:57 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 11:05:25 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 10:59:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoPico.exe, version: 12.3.0.0, time stamp: 0x53b06ef5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c Exception code: 0xe0434352 Fault offset: 0x000000000001a06d Faulting process id: 0x18438 Faulting application start time: 0xAutoPico.exe0 Faulting application path: AutoPico.exe1 Faulting module path: AutoPico.exe2 Report Id: AutoPico.exe3 Error: (07/17/2016 10:59:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AutoPico.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException Stack: at System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult) at AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult) at System.Net.LazyAsyncResult.Complete(IntPtr) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Net.ContextAwareResult.Complete(IntPtr) at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) Error: (07/17/2016 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (07/17/2016 06:05:33 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 05:29:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoPico.exe, version: 12.3.0.0, time stamp: 0x53b06ef5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c Exception code: 0xe0434352 Fault offset: 0x000000000001a06d Faulting process id: 0x184bc Faulting application start time: 0xAutoPico.exe0 Faulting application path: AutoPico.exe1 Faulting module path: AutoPico.exe2 Report Id: AutoPico.exe3 Error: (07/17/2016 05:29:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AutoPico.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException Stack: at System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult) at AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult) at System.Net.LazyAsyncResult.Complete(IntPtr) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Net.ContextAwareResult.Complete(IntPtr) at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) Error: (07/17/2016 01:05:09 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. System errors: ============= Error: (07/09/2016 08:46:16 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (06/17/2016 03:52:14 PM) (Source: VDS Dynamic Provider) (EventID: 40) (User: ) Description: The remove plex operation failed to complete. status=C038003B Error: (06/17/2016 03:48:38 PM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: 490@01010004 Error: (06/17/2016 03:40:15 PM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: 490@01010004 Error: (06/13/2016 06:09:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 06:09:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 06:09:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY59 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 05:47:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the VMware Workstation Server service, but this action failed with the following error: %%193 Error: (06/13/2016 05:46:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Run the configured recovery program. Error: (06/13/2016 05:45:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) CodeIntegrity: =================================== Date: 2016-07-17 04:56:59.348 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-17 04:56:59.258 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-17 04:56:59.099 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.984 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.894 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.509 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:34.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:33.925 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:33.538 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 03:10:30.776 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz Percentage of memory in use: 93% Total physical RAM: 16316.38 MB Available physical RAM: 1045.3 MB Total Virtual: 16826.56 MB Available Virtual: 528.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:22.36 GB) NTFS Drive d: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF Drive f: (SoftRaid) (Fixed) (Total:731.32 GB) (Free:32.08 GB) NTFS Drive g: (Virtual) (Fixed) (Total:465.76 GB) (Free:412.86 GB) NTFS Drive i: (My Passport) (Fixed) (Total:930.86 GB) (Free:710.41 GB) NTFS Drive m: () (Fixed) (Total:465.75 GB) (Free:268.39 GB) NTFS Drive n: () (Fixed) (Total:465.75 GB) (Free:432.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0D040DF6) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=100 GB) - (Type=42) Partition 4: (Not Active) - (Size=831.4 GB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 08C4D7E9) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=100 GB) - (Type=42) Partition 4: (Not Active) - (Size=831.4 GB) - (Type=42) ======================================================== Disk: 2 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 00052F35) Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

Hello guys, I'm using a laptop computer running Windows 7 SP1 64bit. I use Chrome as a browser. Lately, most of the time a try to access a link from a search result, it takes me to a page displaying a gray screen with some cryptic message saying that my computer is infected and advising me to call a number to have it fixed, all this while making a horrendous loud beep. The screens vary but most say SYSTEM SHUTDOWN CALL SUPPORT... It takes several clicks to make it go away. Next time I try the same link it works just fine. I ran MalwareBytes free and Spybot Search & Destroy and had a few things removed but the problem persists. I have not noted any other problem. Thanks in advance for your help. The FRST.txt file is this: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-07-2016 03 Ran by grevolorio (administrator) on TRMDU2 (18-07-2016 11:05:54) Running from C:\Users\grevolorio.trmdu2\Desktop Loaded Profiles: grevolorio & (Available Profiles: grevolorio & DefaultAppPool) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Stardock Corporation) C:\Program Files (x86)\Stardock\WindowBlinds\WBSrv.exe (Stardock Software, Inc) C:\Program Files (x86)\Stardock\WindowBlinds\WBCore.exe (Stardock Corporation) F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WindowFXSRV.exe () F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\wfx32.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe (hMailServer) F:\Program Files (x86)\hMailServer\Bin\hMailServer.exe () F:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (AVG Technologies) F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (AVG Technologies) F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe () C:\Program Files\Synergy\synergyd.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ZabKat) C:\Program Files\zabkat\xplorer2\xplorer2_64.exe () C:\Program Files (x86)\Calibre2\calibre.exe () C:\Program Files (x86)\Calibre2\calibre-parallel.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Apple Inc.) C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) F:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe () C:\Program Files\Synergy\synergy.exe (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\Synergy\synergys.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] () HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [AttendeeCommunicator] => C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe [12007776 2016-03-14] (Microsoft Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [164152 2016-06-01] (Apple Inc.) Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X] Winlogon\Notify\MCPClient: C:\Program Files (x86)\Common Files\stardock\MCPStub.dll [2005-01-31] (Stardock) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe -update activex HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b93f89d9-224a-11e0-afff-f04da264333e} - E:\setup.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WinSnap] => C:\Program Files\WinSnap\WinSnap64.exe [3874432 2013-06-18] (NTWind Software) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent Sync] => F:\Program Files (x86)\BitTorrent Sync\BTSync.exe [5514592 2015-06-30] (BitTorrent, Inc.) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Workrave] => F:\Program Files (x86)\Workrave\lib\workrave.exe [4480000 2013-01-13] (The Workrave development team) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [HideLogonScripts] 1 HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\MountPoints2: {6e07364a-5ca0-11e5-8a8f-0002761ce121} - E:\Setup.exe HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\MountPoints2: {bcc773c2-50b0-11e0-b28d-b7985eaf7599} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-19] (Siber Systems) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6e07364a-5ca0-11e5-8a8f-0002761ce121} - E:\Setup.exe HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bcc773c2-50b0-11e0-b28d-b7985eaf7599} - "D:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe -update activex HKU\S-1-5-18\...\MountPoints2: {b93f89d9-224a-11e0-afff-f04da264333e} - E:\setup.exe Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files (x86)\Common Files\stardock\MCPCore.dll (Stardock) SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %SystemRoot%\system32\stobject.dll (Microsoft Corporation) SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [!BTSync2.0.128Done] -> {581FFA04-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [!BTSync2.0.128RO] -> {581FFA03-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [!BTSync2.0.128RW] -> {581FFA02-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128Done] -> {581FFA04-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128RO] -> {581FFA03-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: [!BTSync2.0.128RW] -> {581FFA02-FC33-0080-0002-95003A5CDE89} => F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll [2015-06-30] () ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC-2-DB.lnk [2015-09-27] ShortcutTarget: DC-2-DB.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC-3-SP.lnk [2015-09-27] ShortcutTarget: DC-3-SP.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DC_1.lnk [2015-09-27] ShortcutTarget: DC_1.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Oracle Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Synergy.lnk [2016-03-22] ShortcutTarget: Synergy.lnk -> C:\Windows\Installer\{68C1AA13-4370-4761-B53F-1862C2CE26CB}\synergy.ico (No File) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk [2016-07-11] ShortcutTarget: BHODemon 2.0.lnk -> C:\Program Files (x86)\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calibre - E-book management.lnk [2015-06-19] ShortcutTarget: calibre - E-book management.lnk -> C:\Program Files (x86)\Calibre2\calibre.exe () Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-02] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk [2016-07-11] ShortcutTarget: BHODemon 2.0.lnk -> C:\Program Files (x86)\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.) Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calibre - E-book management.lnk [2015-06-19] ShortcutTarget: calibre - E-book management.lnk -> C:\Program Files (x86)\Calibre2\calibre.exe () Startup: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-10-02] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{1CC5E133-5EFA-45B6-95E6-3BEBD35BCB03}: [NameServer] 75.75.75.75 Tcpip\..\Interfaces\{2E7C3C01-490F-4425-84AD-AFDD0E4D2B58}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{5AFE6685-1C35-46C8-A029-662B58E9021D}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{64CC2F48-277C-4B3F-B096-F134D5C26275}: [NameServer] 192.168.0.1,75.75.76.76 Tcpip\..\Interfaces\{75F23FE3-1277-4A15-B393-F09B6F2535B6}: [NameServer] 192.168.0.100 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1085031214-796845957-725345543-2791\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {15261C5A-E2D7-42B4-AE84-D92AE430C800} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {15261C5A-E2D7-42B4-AE84-D92AE430C800} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-outbrowse/search/redirect/?type=default&user_id=f4948b29-18ba-4e54-80f2-876cde2854e2&query={searchTerms} SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2791 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = SearchScopes: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-10] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-11] (LastPass) BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-10] (Oracle Corporation) BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-06-19] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-25] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-11] (LastPass) BHO-x32: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.) BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-25] (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho64.dll [2015-04-17] (MediaMall Technologies, Inc.) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-11] (LastPass) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-06-19] (Siber Systems Inc.) Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No File Toolbar: HKLM-x32 - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files (x86)\MediaMall\toolbar\pobho.dll [2015-04-17] (MediaMall Technologies, Inc.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-11] (LastPass) Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-19] (Siber Systems Inc.) IE Session Restore: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled. IE Session Restore: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009 -> is enabled. IE Session Restore: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> is enabled. DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default FF DefaultSearchEngine.US: Google FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> F:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> F:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-10] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-11] (LastPass) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-25] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-11] (LastPass) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-08-25] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-08-25] (NVIDIA Corporation) FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [2015-08-13] (MediaMall Technologies, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\grevolorio\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-11] (Citrix Online) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: LWAPlugin15.8 -> C:\Users\grevolorio\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-09-18] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom) FF user.js: detected! => C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\user.js [2015-06-16] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2014-11-19] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginAOC.dll [2016-03-14] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Disconnect - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\2.0@disconnect.me.xpi [2015-06-16] FF Extension: Flashblock - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-05-06] FF Extension: Turn Off the Lights - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\stefanvandamme@stefanvd.net.xpi [2016-05-06] FF Extension: LastPass - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\support@lastpass.com [2016-05-06] FF Extension: Amazon Price Tracker - Keepa.com - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\extensions\amptra@keepa.com.xpi [2016-05-06] FF Extension: PriceZombie, Price Tracker & Price Comparison - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\jid1-a36dFT994VgKDA@jetpack.xpi [2015-10-08] FF Extension: PlayOn - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\playonplugin@playon.tv [2015-06-24] [not signed] FF Extension: Video DownloadHelper - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30] FF Extension: Adblock Plus - C:\Users\grevolorio.trmdu2\AppData\Roaming\Mozilla\Firefox\Profiles\8i1tulnd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-22] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afproxy@anchorfree.com [2015-09-23] [not signed] FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-09-23] [not signed] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2015-09-23] [not signed] FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-12-06] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-06-19] [not signed] FF HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR DefaultSearchKeyword: Default -> lp CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11] CHR Extension: (Entanglement Web App) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-11] CHR Extension: (SearchReportRecordResult Class) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-09-16] [UpdateUrl: hxxps://clients2.google/service/cnhpbmgmfaaapmaoibgdmapbjfofolig] <==== ATTENTION CHR Extension: (Google Docs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11] CHR Extension: (Send to OneNote) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokbjibjnekbfdjilfpoknnokaffoinp [2015-07-01] CHR Extension: (Google Drive) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (Turn Off the Lights) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-06-24] CHR Extension: (YouTube) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Honey) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-07-15] CHR Extension: (Adblock Plus) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-01] CHR Extension: (Incognito-Filter) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifilbmpnkjinlkchohdfcpdkmpngiik [2015-06-11] CHR Extension: (Google Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Tampermonkey) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-16] CHR Extension: (Unlimited Hotspot Tethering) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\diddhabdhahhfajjfgepdlanilmdnogk [2015-06-24] CHR Extension: (Facebook Disconnect) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2015-06-11] CHR Extension: (Photo Zoom for Facebook) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-06-11] CHR Extension: (Google Sheets) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11] CHR Extension: (Chrome Remote Desktop) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-13] CHR Extension: (Google Docs Offline) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22] CHR Extension: (Close all Tabs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghcmiphoepcihlmphakgmpapfpldlleg [2015-06-11] CHR Extension: (AdBlock) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-11] CHR Extension: (Pin It Button) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-26] CHR Extension: (TinEye Reverse Image Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-06-11] CHR Extension: (LastPass: Free Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-07-15] CHR Extension: (SuperSorter) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2015-06-11] CHR Extension: (Google Keep - notes and lists) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-07-13] CHR Extension: (Google Theme) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne [2015-06-11] CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2016-03-22] CHR Extension: (Cisco WebEx Extension) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-06-11] CHR Extension: (Speed Dial 2) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-01] CHR Extension: (Reddit Enhancement Suite) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-22] CHR Extension: (The Great Suspender) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-11-02] CHR Extension: (Roomy Bookmarks Toolbar) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfbpoigddhdibjcilijiejaidggonfc [2015-08-28] CHR Extension: (Evernote Web) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-06-11] CHR Extension: (Instapaper) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh [2016-03-04] CHR Extension: (Facebook Ads Hider) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\leeebdddeggoocipdjiokmjcpidnmoah [2015-06-11] CHR Extension: (Unicorn Smasher) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmmeekapjbfjachdkgabdaoccfclpaa [2016-06-17] CHR Extension: (PlayOn) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2015-09-15] CHR Extension: (Poppit!) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-06-11] CHR Extension: (Ghostery) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-03-04] CHR Extension: (SharePoint Fix) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc [2015-11-02] CHR Extension: (deviantART muro) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei [2015-06-11] CHR Extension: (Save to Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-07-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-28] CHR Extension: (Hover Zoom) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2016-06-01] CHR Extension: (Evernote Web Clipper) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-07-01] CHR Extension: (Gmail) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11] CHR Extension: (Privacy Badger) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-06-01] CHR Extension: (RSS Feed Reader) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-07-11] CHR Extension: (RoboForm Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-03-22] CHR Profile: C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-01] CHR Extension: (Google Docs) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-01] CHR Extension: (Google Drive) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-01] CHR Extension: (YouTube) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-01] CHR Extension: (Google Sheets) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-01] CHR Extension: (Chrome Remote Desktop) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-06-01] CHR Extension: (20 Cubed) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\geghmabifcdlkmpnkapfefbbfaonhcef [2016-06-01] CHR Extension: (Google Docs Offline) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-01] CHR Extension: (AdBlock) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-10] CHR Extension: (Slinky Wood) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcaidncenfklbfikefeppfgehcbmmecn [2016-06-01] CHR Extension: (LastPass: Free Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-24] CHR Extension: (Invite All Friends on Facebook) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2016-06-24] CHR Extension: (Speed Dial 2) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-01] CHR Extension: (The Great Suspender) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-06-01] CHR Extension: (PlayOn) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lggaaajacmlhgbpldaboipiinndchjgm [2016-06-01] CHR Extension: (Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-06-01] CHR Extension: (SharePoint Fix) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc [2016-06-01] CHR Extension: (Save to Pocket) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-06-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-01] CHR Extension: (Context Menu Search) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2016-06-01] CHR Extension: (Gmail) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-01] CHR Extension: (RSS Feed Reader) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-06-25] CHR Extension: (RoboForm Password Manager) - C:\Users\grevolorio.trmdu2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-06-01] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-09-10] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx [2014-09-24] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22] CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-09-10] StartMenuInternet: Google Chrome.HA3GT6LIC6CKERU66IYIZVETX4 - C:\Users\grevolorio\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe [68488 2016-04-14] (Google Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation) S4 CronService; C:\Prey\platform\windows\cronsvc.exe [19968 2011-02-15] (Fork Ltd.) [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed] R2 hMailServer; F:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [4512768 2015-07-09] (hMailServer) [File not signed] R2 KinoniSvc; f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [524800 2014-11-12] () [File not signed] R2 MBAMScheduler; f:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; f:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5933872 2015-09-18] (MediaMall Technologies, Inc.) S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () S4 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [17920 2011-09-19] (Microsoft) [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4476096 2005-09-23] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) S3 SandraAgentSrv; f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\RpcAgentSrv.exe [73200 2014-11-05] (SiSoftware) [File not signed] R2 SDScannerService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; F:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [997568 2014-06-29] (@ByELDI) [File not signed] R2 Synergy; C:\Program Files\Synergy\synergyd.exe [312488 2016-03-18] () S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH) R2 TuneUp.UtilitiesSvc; F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies) R2 VMAuthdService; F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed] S2 VMwareHostd; F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe [15680000 2012-08-15] () [File not signed] S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowBlinds; C:\Program Files (x86)\Stardock\WindowBlinds\wbsrv.exe [89600 2013-05-16] (Stardock Corporation) [File not signed] R2 WindowFX; F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WindowFXSRV.exe [181904 2012-03-08] (Stardock Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.) R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation) S3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2014-11-12] (Windows (R) Win 7 DDK provider) S3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2014-11-12] (Windows (R) Win 7 DDK provider) S4 LMIRfsClientNP; no ImagePath R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-18] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () S3 SANDRA; f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; F:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () U5 UnlockerDriver5; F:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation) R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.) R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-03-22] (WinISO.com) S1 bbstlqcp; \??\C:\Windows\system32\drivers\bbstlqcp.sys [X] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] S1 ekgpaanc; \??\C:\Windows\system32\drivers\ekgpaanc.sys [X] S1 emzyrjza; \??\C:\Windows\system32\drivers\emzyrjza.sys [X] S1 fzqrwich; \??\C:\Windows\system32\drivers\fzqrwich.sys [X] S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X] S1 mttwbomv; \??\C:\Windows\system32\drivers\mttwbomv.sys [X] S1 ouqyzldm; \??\C:\Windows\system32\drivers\ouqyzldm.sys [X] S1 sesugyny; \??\C:\Windows\system32\drivers\sesugyny.sys [X] S3 SliceDisk5; \??\C:\Users\grevolorio\AppData\Local\Temp\HBCD\PartitionFindAndMount\slicedisk-x64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S1 vixxdple; \??\C:\Windows\system32\drivers\vixxdple.sys [X] S2 WGX; System32\Drivers\WGX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-18 11:05 - 2016-07-18 11:07 - 00067984 _____ C:\Users\grevolorio.trmdu2\Desktop\FRST.txt 2016-07-18 11:03 - 2016-07-18 11:03 - 02391040 _____ (Farbar) C:\Users\grevolorio.trmdu2\Desktop\FRST64.exe 2016-07-18 10:07 - 2016-07-18 10:07 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-18 10:07 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-07-16 08:38 - 2016-05-09 16:48 - 00450051 _____ C:\Windows\system32\Drivers\etc\hosts.20160716-083854.backup 2016-07-13 09:49 - 2016-07-13 09:50 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\vlc 2016-07-13 09:22 - 2016-07-13 09:22 - 00000000 ____D C:\Users\grevolorio.trmdu2\Projects Series 2016-07-13 09:22 - 2016-07-13 09:22 - 00000000 ____D C:\Users\grevolorio.trmdu2\HDR Projects 4 Pro 2016-07-13 09:20 - 2016-07-13 09:20 - 00001162 _____ C:\Users\Public\Desktop\HDR projects 4 professional (64-Bit).lnk 2016-07-13 09:20 - 2016-07-13 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis 2016-07-13 09:20 - 2016-07-13 09:20 - 00000000 ____D C:\Program Files\Franzis 2016-07-11 14:07 - 2016-07-11 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-07-11 10:48 - 2016-07-11 10:48 - 00000957 _____ C:\Users\grevolorio.trmdu2\Desktop\BHODemon 2.0.lnk 2016-07-11 10:48 - 2016-07-11 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BHODemon 2.0 2016-07-11 10:48 - 2016-07-11 10:48 - 00000000 ____D C:\Program Files (x86)\BHODemon 2 2016-07-09 08:49 - 2016-07-09 08:49 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\Program Files\iTunes 2016-07-09 08:49 - 2016-07-09 08:49 - 00000000 ____D C:\Program Files\iPod 2016-06-24 09:43 - 2016-07-08 21:18 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-18 11:05 - 2014-01-30 12:00 - 00000548 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108.job 2016-07-18 11:05 - 2012-05-23 18:15 - 00000000 ____D C:\FRST 2016-07-18 11:05 - 2011-08-04 09:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-18 11:01 - 2014-11-04 15:34 - 00000382 _____ C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job 2016-07-18 10:55 - 2015-09-16 12:08 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-18 10:32 - 2015-07-02 10:19 - 00000644 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108.job 2016-07-18 10:21 - 2012-07-27 08:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-18 10:08 - 2015-06-30 08:58 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-07-18 10:07 - 2014-08-20 09:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-07-18 06:15 - 2009-07-14 00:45 - 00033392 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-18 06:15 - 2009-07-14 00:45 - 00033392 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-18 02:07 - 2015-06-11 15:15 - 00000000 ____D C:\ProgramData\MediaMall 2016-07-18 01:19 - 2015-06-30 08:58 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-07-17 22:59 - 2015-09-30 10:32 - 00000000 ____D C:\Program Files\KMSpico 2016-07-17 20:05 - 2011-08-04 09:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-17 09:28 - 2009-07-14 01:13 - 00845984 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-17 09:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-07-14 20:21 - 2012-07-27 08:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-14 20:21 - 2012-04-13 10:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-14 20:21 - 2011-05-20 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-13 15:39 - 2015-06-11 20:52 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Local\CrashDumps 2016-07-13 13:18 - 2011-01-21 14:14 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-07-13 12:43 - 2015-07-07 13:19 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent 2016-07-13 09:22 - 2015-06-11 14:53 - 00000000 ____D C:\Users\grevolorio.trmdu2 2016-07-12 16:21 - 2012-01-26 17:19 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-12 16:21 - 2011-01-21 11:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-11 14:08 - 2015-06-30 08:57 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-07-11 10:59 - 2012-06-11 10:02 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-07-09 08:49 - 2015-07-07 11:43 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-07-09 08:49 - 2014-02-28 10:55 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-07-07 09:58 - 2015-06-17 13:26 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Local\calibre-cache 2016-07-07 09:22 - 2015-06-17 13:25 - 00000000 ____D C:\Users\grevolorio.trmdu2\AppData\Roaming\calibre 2016-07-01 13:31 - 2015-11-02 15:45 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk 2016-07-01 13:31 - 2011-06-09 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2016-07-01 13:31 - 2011-06-09 14:01 - 00000000 ____D C:\Program Files (x86)\Calibre2 2016-06-27 11:21 - 2015-09-23 03:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-27 11:21 - 2012-10-10 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-06-27 10:24 - 2015-06-11 20:51 - 00000000 ____D C:\Users\grevolorio.trmdu2\.VirtualBox 2016-06-24 17:46 - 2015-06-17 09:21 - 00143848 _____ C:\Users\grevolorio.trmdu2\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-21 05:42 - 2013-11-12 12:46 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-06-21 05:41 - 2014-03-18 09:15 - 00000000 ____D C:\Program Files\Microsoft Office 15 ==================== Files in the root of some directories ======= 2012-01-30 09:55 - 2015-06-11 15:56 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-06-12 19:46 - 2015-06-12 19:46 - 0000064 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sandra.ldb 2015-06-12 19:46 - 2015-06-12 21:14 - 14417920 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sandra.mdb 2015-08-28 17:23 - 2015-08-28 17:23 - 0000020 ___SH () C:\Users\grevolorio.trmdu2\AppData\Roaming\Sys11965 DataCollection.dat 2015-08-28 17:23 - 2015-08-28 17:23 - 0000020 ___SH () C:\Users\grevolorio.trmdu2\AppData\Roaming\System413_DataDB.ind 2015-07-04 08:40 - 2015-07-09 19:01 - 0000600 _____ () C:\Users\grevolorio.trmdu2\AppData\Roaming\winscp.rnd 2015-09-28 09:21 - 2015-09-28 09:21 - 0000038 ___SH () C:\Users\grevolorio.trmdu2\AppData\Local\5678c43253f8bbb5ed82a9.59421958 2015-07-04 08:47 - 2015-07-13 11:07 - 0000600 _____ () C:\Users\grevolorio.trmdu2\AppData\Local\PUTTY.RND 2015-09-16 12:03 - 2015-09-16 12:03 - 0045957 _____ () C:\ProgramData\HELP_DECRYPT.PNG 2015-09-16 12:03 - 2015-09-16 12:03 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL 2012-08-20 10:22 - 2012-08-28 15:25 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2014-12-18 12:06 - 2014-12-18 12:06 - 0000202 _____ () C:\ProgramData\nbinst.ini 2013-11-25 17:35 - 2013-11-25 17:35 - 0000018 _____ () C:\ProgramData\ruby-uuid Files to move or delete: ==================== C:\Users\grevolorio\SyncToy_6f9d1157-50ab-4e8a-b246-c8013fe8d91a.dat C:\Users\grevolorio\SyncToy_eb83ad46-2f1d-44ad-8333-991854e5ef51.dat Some files in TEMP: ==================== C:\Users\grevolorio\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_kz8ag.dll C:\Users\grevolorio\AppData\Local\Temp\RoboForm-Setup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-07 10:41 ==================== End of FRST.txt ============================ And the Addition.txt is: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016 03 Ran by grevolorio (2016-07-18 11:08:11) Running from C:\Users\grevolorio.trmdu2\Desktop Windows 7 Professional Service Pack 1 (X64) (2012-06-05 17:59:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3578782807-1016812498-1856270605-500 - Administrator - Disabled) grevolorio (S-1-5-21-3578782807-1016812498-1856270605-1009 - Administrator - Enabled) => C:\Users\grevolorio.trmdu2 Guest (S-1-5-21-3578782807-1016812498-1856270605-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\uTorrent) (Version: 3.4.3.40466 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.40466 - BitTorrent Inc.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics) Acute Email IDs Production Engine (HKLM-x32\...\{CB72E17B-1BCA-441F-A8A0-64C6FDF09425}) (Version: 10.3.5 - SAGAWEBS.COM) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated) Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe LiveCycle Designer 7.1 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\InstallShield_{B8420E42-9664-43AF-BD01-F7B12EBA92CF}) (Version: 7.1.0000 - Adobe) Adobe Media Player (HKLM-x32\...\com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader 64-bit fixes (HKLM\...\{6D80AAE7-FF65-4950-B1CA-3A7EA4995574}_is1) (Version: - Leo Davidson / Pretentious Name) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Allway Sync version 10.3.25 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc) Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6F085FCD-4B6A-4F63-AF23-B74629C40797}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies) AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.0.0 - Wacom Europe GmbH) Hidden Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden BHODemon 2.0.0.23 (HKLM-x32\...\BHODemon_is1) (Version: - Definitive Solutions, Inc.) BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 2.0.128 - BitTorrent Inc.) Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Box Edit (HKLM-x32\...\{8887D190-E3EC-45D9-A62D-DF423B53CBEE}) (Version: 3.0.25.511 - Box) Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden calibre (HKLM-x32\...\{BA623AFD-BE42-4B5F-9B8E-01FAB9BB2B51}) (Version: 2.61.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{95EB2FCC-AE0B-40E9-B804-347C6358923B}) (Version: 51.0.2704.7 - Google Inc.) Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.) Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix) ClipX (HKLM-x32\...\ClipX) (Version: - ) Color Cop 5.4.3 (HKLM-x32\...\Color Cop_is1) (Version: - Jay Prall) Color Picker (HKLM-x32\...\ST6UNST #1) (Version: - ) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden CutePDF Professional 3.3 (HKLM-x32\...\{F10D1D8F-C20C-4F0D-B243-688C0C6873F6}) (Version: 3.30.1001 - Acro Software Inc.) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation) Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) eReader (HKLM-x32\...\{453C9E55-80DF-4BD2-9885-52A1FB0D9382}) (Version: 3.0.3 - Palm Digital Media) Evernote v. 5.2 (HKLM-x32\...\{090931D6-A2F4-11E3-AD9C-00163E98E7D0}) (Version: 5.2.0.2946 - Evernote Corp.) ExtraPutty 0.22 (HKLM-x32\...\{14C76057-E495-47E1-BDF0-1A1CC1752ADF}) (Version: 0.22 - ) Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation) Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.5.6 - Telerik) FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: - LopeSoft - Rubén López Hernández) FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse) Fine Woodworking Archive (HKLM-x32\...\{84D74E02-0F71-4107-B92F-48848C06ABB0}) (Version: 2.0.1 - Taunton) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.) Git version 1.7.6-preview20110708 (HKLM-x32\...\Git_is1) (Version: 1.7.6-preview20110708 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline) Gtk# for .Net 2.12.25 (HKLM-x32\...\{889E7D77-2A98-4020-83B1-0296FA1BDE8A}) (Version: 2.12.25 - Xamarin, Inc.) HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) HDR projects 4 professional (64-Bit) (HKLM\...\HDR_PROJECTS_4_3_3BF7CE82_is1) (Version: 4.41 - Franzis Verlag GmbH) hMailServer 5.6.4-B2283 (HKLM-x32\...\hMailServer_is1) (Version: - ) huey 1.0.5 (HKLM-x32\...\huey_is1) (Version: - Pantone & GretagMacbeth) IdeaRoom (HKLM-x32\...\{9D3E0103-F902-4368-8CAE-21EE46F2DE9E}) (Version: 1.36.0070 - Sawtooth Ideas) IETester v0.4.10 (remove only) (HKLM-x32\...\IETester) (Version: 0.4.10 - Core Services) iExplorer 3.2.2.6 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) IMG to ISO (HKLM-x32\...\{F10528D1-6478-4F67-A393-CCAC1DB958C1}_is1) (Version: - imgtoiso.com) Inkscape 0.48.1 (HKLM-x32\...\Inkscape) (Version: 0.48.1 - ) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation) iPhoneBrowser (HKLM-x32\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software) IsoBuster 3.4 (HKLM-x32\...\IsoBuster_is1) (Version: 3.4 - Smart Projects) iTunes (HKLM\...\{709990D1-03DA-4302-B364-E4D9F17E2198}) (Version: 12.4.1.6 - Apple Inc.) Java 2 Runtime Environment, SE v1.4.1 (HKLM-x32\...\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}) (Version: - ) Java 2 Runtime Environment, SE v1.4.1_07 (HKLM-x32\...\{CA532E73-1BB7-11D8-9D6A-00010240CE95}) (Version: - ) Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) Java Web Start (HKLM-x32\...\Java Web Start) (Version: - ) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle) Java(TM) 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216039FF}) (Version: 6.0.390 - Oracle) Java(TM) SE Development Kit 6 Update 39 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160390}) (Version: 1.6.0.390 - Oracle) Java(TM) SE Development Kit 7 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.) join.me (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\JoinMe) (Version: 1.17.0.156 - LogMeIn, Inc.) Keywords Studio Pro (HKLM-x32\...\Keywords Studio Pro 1.0.0) (Version: 1.0.0 - intraSEO) Keywords Studio Pro (x32 Version: 1.0.0 - intraSEO) Hidden KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni) K-Lite Codec Pack 8.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.6.0 - ) KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - ) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden LAN-Fax Utilities (HKLM\...\LAN-Fax Utilities) (Version: - ) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version: - Code Jelly) LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.71 - Alliance Software Pty Ltd) Market Samurai (x32 Version: 0.93.71 - Alliance Software Pty Ltd) Hidden Maxwell for SketchUp 2014 (HKLM-x32\...\{E3FA7086-A065-4FAF-B819-400927194F80}) (Version: 3.0.11 - Next Limit Technologies) MDF to ISO version 1.0 (HKLM-x32\...\{79DDA36F-B19E-4293-A4F2-FA3EC1C06E6E}_is1) (Version: 1.0 - mdftoiso.com) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Metalogix Content Matrix Console - File Share Edition (HKLM-x32\...\{99641A98-EE9B-4521-916C-DF09AC9DD4A3}) (Version: 6.2.0302 - Metalogix Software Corp.) Metalogix Content Matrix Console - Public Folder Edition (HKLM-x32\...\{E18CB092-505F-4FE1-B4C7-C53DBBBBA938}) (Version: 6.2.0302 - Metalogix Software Corp.) Metalogix Content Matrix Console - SharePoint Edition (HKLM-x32\...\{A4E8B4B5-C6D6-414B-A513-EDDB70F58959}) (Version: 6.2.0302 - Metalogix Software Corp.) Micro-Measure (HKLM-x32\...\{75E1D518-6772-4073-A71C-354B71181391}) (Version: 1.0.0 - Brightwell) Microsoft .NET Compact Framework 1.0 SP3 Developer (HKLM-x32\...\{6C531060-84FB-4F96-8F33-29DF020632EB}) (Version: 1.0.4292 - Microsoft Corporation) Microsoft .NET Compact Framework 2.0 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.5238 - Microsoft Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation) Microsoft Device Emulator version 1.0 - ENU (HKLM-x32\...\{78B75C6D-E53C-424C-BF83-4B63BD4A6682}) (Version: 1.0.50727.42 - Microsoft Corporation) Microsoft Document Explorer 2005 (HKLM-x32\...\Microsoft Document Explorer 2005) (Version: - Microsoft Corporation) Microsoft Exchange Web Services Managed API 2.1 (HKLM-x32\...\{24CA683D-8174-4EBF-AD4D-3F2DD7814716}) (Version: 15.0.847.30 - Microsoft Corporation) Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation) Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation) Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation) Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation) Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation) Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation) Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation) Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation) Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation) Microsoft Filter Pack 1.0 (HKLM\...\{95120000-2000-0409-1000-0000000FF1CE}) (Version: 12.0.4518.1104 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Lync 2010 Attendee (HKLM-x32\...\{09335E49-1C8F-4973-9929-941BE9C6EF33}) (Version: 4.0.7577.4498 - Microsoft Corporation) Microsoft Lync Web App Plug-in (HKLM\...\{52CAD0B7-8759-4CE5-94D7-8825BBFD7445}) (Version: 15.8.8653.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation) Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Developer Tools for Visual Studio 2013 - November 2014 Update (HKLM-x32\...\{ac415136-ae46-4301-b23e-6559062bfa7b}) (Version: 12.0.31105.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft) Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesignerR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft) Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft) Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation) Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Robocopy GUI (HKLM-x32\...\{107C666F-63C5-4263-8D40-8B9CFB5FED08}) (Version: 1.0.0 - Microsoft) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation) Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{62D2F823-0EAA-496D-B0F9-A869BFC51550}) (Version: 8.05.2312 - Microsoft Corporation) Microsoft SQL Server 2005 Books Online (English) (September 2007) (HKLM-x32\...\{6FDD4688-E063-401D-B6BE-7234E20B9173}) (Version: 9.00.3104 - Microsoft Corporation) Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (HKLM-x32\...\{1389C6A4-4965-4AEC-9175-08B54A10FA48}) (Version: 3.0.0.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Policies (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{88CB5DFD-6CE1-486F-998C-9FC090FCE5E2}) (Version: 11.1.3128.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 64bit Prerequisites (x64) - ENU (HKLM\...\{75F299F3-8234-47CD-BB40-2994C1B1105E}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual Studio 2005 Premier Partner Edition - ENU (HKLM-x32\...\{C25EF637-BE7A-4761-9B45-9069989C319F}) (Version: 8.0.50728 - Microsoft Corporation) Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) (HKLM-x32\...\KB926601.T2_29ToU260_29) (Version: 1 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 SharePoint Power Tools (HKLM-x32\...\{FD84580C-12DC-3BA4-ABE8-1E337F776F1D}) (Version: 10.0.30604 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{6dff50d0-3bc3-4a92-b724-bf6d6a99de4f}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation) Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation) Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation) MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.) MoSync (HKLM-x32\...\MoSync) (Version: - Mobile Sorcery) MotoHelper 2.1.32 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola) MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) Hidden Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla) MSDN Library for Visual Studio 2005 (HKLM-x32\...\MSDN Library for Visual Studio 2005) (Version: 8.0.50727.42 - Microsoft) MSDN Library for Visual Studio 2005 (x32 Version: 8.0.50727.42 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyLifeOrganized v. 4.3.1 (HKLM-x32\...\MyLife Organized) (Version: 4.3.1 - MyLifeOrganized.net) MySQL Connector/ODBC 5.3 (HKLM\...\{43E572BC-B21F-4BEC-94CA-2D4AA6F53246}) (Version: 5.3.2 - Oracle Corporation) MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.) Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG) Node.js (HKLM\...\{FC4E166C-598C-48CC-BFAC-A709121D3B2C}) (Version: 0.10.22 - Joyent, Inc. and other Node contributors) Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - ) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5951 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5951 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden OutlookTools 2 (HKLM-x32\...\{E69BB189-4B20-46AE-93CF-59099F05FC3F}) (Version: 2.3.0 - HowTo-Outlook) Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 Design-Time - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) Pandora (HKLM-x32\...\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1) (Version: 2.0.5 - Pandora Media, Inc.) Pandora (x32 Version: 2.0.5 - Pandora Media, Inc.) Hidden Paprika Recipe Manager (HKLM-x32\...\{E9AC2A1E-F693-43D0-BBF4-C57A4D9BDFCF}) (Version: 1.0.4 - Hindsight Labs LLC) ParetoLogic Data Recovery (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 1.1.0 - ParetoLogic) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden PDFill PDF Editor with FREE PDF Writer and Tools (HKLM-x32\...\{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}) (Version: 5.0 - PlotSoft LLC) PDFill PDF Writer (HKLM-x32\...\PDFill PDF Writer) (Version: - ) Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden PlayLater (HKLM-x32\...\{B9050F2D-0F98-4530-A494-FCA63931FBE5}) (Version: 1.6.42 - MediaMall Technologies, Inc.) PlayOn (HKLM-x32\...\{8D437274-5816-474B-B57C-C28D62433F8F}) (Version: 3.10.42 - MediaMall Technologies, Inc.) Plex (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Plex) (Version: 0.9.502 - Plex, Inc) Polipo 1.0.4.1 (HKLM-x32\...\Polipo) (Version: - ) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python 2.6 pycrypto-2.3 (HKLM-x32\...\{D6242566-9EF5-426E-8F75-F4FBCC010186}) (Version: 2.3.0 - Dwayne C. Litzenberger) Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden Qdabra Rules Library (HKLM\...\{50F764E1-0DB5-4252-8AE9-780BB3A3B16C}) (Version: 2.3.0005 - Qdabra Software) Qdabra Rules Library (HKLM-x32\...\{0643AB4D-8502-47FF-AB27-FCF3649CC3C3}) (Version: 6.1.0001 - Qdabra Software) Qdabra Rules Library (HKLM-x32\...\{2CEB2CBB-6939-48B7-989A-AB01FBB6B14E}) (Version: 5.1.0000 - Qdabra Software) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RAMDisk (HKLM-x32\...\{01D5FF1F-BB19-4387-8EF1-C6319037EC12}) (Version: 3.5.130 - Dataram, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.) Recover My Files (HKLM-x32\...\Recover My Files_is1) (Version: 4.9.2.1240 - GetData Pty Ltd) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Reflector (HKLM\...\{77342B24-A2A9-4420-8C9C-C109EE201CBC}) (Version: 1.3.3.1 - Squirrels) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller 1.92 (HKLM-x32\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group) Revo Uninstaller Pro 2.4.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.4.3 - VS Revo Group, Ltd.) Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net) RoboForm 7-9-14-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-14-4 - Siber Systems) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.66.00(10/30/2014) - Samsung Electronics Co., Ltd.) Samsung M2020 Series (HKLM-x32\...\Samsung M2020 Series) (Version: 1.23 (12/24/2014) - Samsung Electronics Co., Ltd.) Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Saver2 (HKLM-x32\...\Saver2) (Version: 1.3.2 - ZZJ) ScanSoft PDF Create! 4 (HKLM\...\{33307810-2945-4F3F-8FEA-0BF522AEFCA7}) (Version: 4.01.0069 - Nuance Communications, Inc.) Scrum Solution Starter for Microsoft Project 2010 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CC7790844E65D3F0F0686CF43FEDFB17AA666F95) (Version: 1.0.0.71 - Microsoft) SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology) Send to OneNote 2007 (HKLM-x32\...\{D0180909-85ED-4F97-B12C-C9E3129F78DC}) (Version: 1.0.0 - Microsoft Office OneNote 2007 PowerToys) SendToOneNote for Chrome (HKLM-x32\...\{62A77CC8-B17A-49C0-9BE6-E77216E86BD3}) (Version: 1.2.0 - Aspark Software) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version: - Microsoft) SharePoint Client Components (HKLM\...\{95150003-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4641.1002 - Microsoft Corporation) SharePoint Client Components (HKLM\...\{95160002-1163-0409-1000-0000000FF1CE}) (Version: 16.0.3104.1200 - Microsoft Corporation) Sharpener Pro 3.0 (HKLM-x32\...\Sharpener Pro 3.0 Stand-Alone) (Version: 3.0.0.5 - Nik Software, Inc.) Sigil 0.4.2 (HKLM\...\Sigil_is1) (Version: - John Schember) SiSoftware Sandra Business 2015 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.10.2015.1 - SiSoftware) SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited) SketchUp 2015 (HKLM\...\{90A6F70E-96AD-4054-AB8F-42BCFA75F8EC}) (Version: 15.0.9350 - Trimble Navigation Limited) Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0) (Version: 2.0 - Sparkol) Sparkol VideoScribe (x32 Version: 2.0 - Sparkol) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden SQLXML4 (HKLM\...\{DEA9F247-F832-4E36-90BF-D8EDA206521A}) (Version: 9.00.5000.00 - Microsoft Corporation) Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 8.12 - Stardock Software, Inc.) Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated) SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) Synergy (64-bit) (HKLM\...\{77865914-4067-41D2-8DE0-ACFA9C83351D}) (Version: 1.7.6 - The Synergy Project) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.62308 - TeamViewer) TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.) TopStyle (Version 3) (HKLM-x32\...\TopStyle (Version 3)) (Version: 3.1.0 - Bradbury Software, LLC) Tor 0.2.1.30 (HKLM-x32\...\Tor) (Version: - ) Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.4 - Transmission) TreeSize Free V2.6 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.6 - JAM Software) TreeSize Professional 5.3.4 (HKLM-x32\...\TreeSize Professional_is1) (Version: 5.3.4 - JAM Software) TuneUp 2.5.0.0 (HKLM-x32\...\TuneUpMedia) (Version: 2.5.0.0 - TuneUp Media, Inc.) TuneWiki (HKLM-x32\...\TuneWiki) (Version: 1.0.165.0 - TuneWiki) U2 PCAM (HKLM-x32\...\{F89DC420-FF15-485D-8254-67A27ED1313B}) (Version: 1.2.3.4 - Genesys Logic) Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft) Update or Uninstall SENukeX (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX) Update or Uninstall SENukeX (HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\2ce4fd5e017fe1d3) (Version: 3.0.0.56 - SENukeX) Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.) Velvia Vision (HKLM-x32\...\{F02DBC56-E5AB-4F74-B995-4586F91D4BDC}) (Version: 1.0 - Fred Miranda) Vertus Fluid Mask 3 2.100.2-RC2 (HKLM-x32\...\VertusFluidMask3) (Version: 2.100.2-RC2 - ) Vidalia 0.2.12 (HKLM-x32\...\Vidalia) (Version: - ) Video Enhancer 1.9.6 (HKLM-x32\...\Video Enhancer_is1) (Version: - Infognition Co. Ltd.) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes) Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.0 - VMware, Inc) VMware Workstation (Version: 9.0.0 - VMware, Inc.) Hidden WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation) Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation) WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) WinDirStat 1.1.2 (HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - ) WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun) WindowFX (x32 Version: 5.01 - Stardock Corporation) Hidden Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.) Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5) (HKLM\...\929413420CDE2F0C2C08C06E73FF16D9CB6C9807) (Version: 09/17/2009 3.0.0.5 - Apple Inc.) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation) WinISO (HKLM-x32\...\WinISO) (Version: 6.3.0.4829 - WinISO Computing Inc.) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinSCP 4.3.5 (HKLM-x32\...\winscp3_is1) (Version: 4.3.5 - Martin Prikryl) WinSnap (HKLM-x32\...\WinSnap) (Version: 4.0.8 - NTWind Software) WinX DVD Author 5.8 (HKLM-x32\...\WinX DVD Author_is1) (Version: - FreetimeSoft, Inc.) Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Workrave 1.10 (HKLM-x32\...\Workrave_is1) (Version: - Rob Caelers & Raymond Penners) WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation) xplorer² professional 64 bit (HKLM\...\xplorer2p64) (Version: 2.5.0.2 - Zabkat) yEd Graph Editor 3.9.2 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.9.2 - yWorks GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для среды разработки набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\grevolorio\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\grevolorio\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01948B03-BD45-4976-8D31-7855925672EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {05C8BCBA-5173-4FD5-AB52-1671D7DC2D35} - System32\Tasks\{6D5E1E37-7B03-499C-9F90-D7F8A3F44FD4} => pcalua.exe -a "F:\Adobe CS4\Master Collection\Adobe CS4\payloads\AdobeAIR1.0\AdobeAIRInstaller.exe" -d "C:\Program Files (x86)\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02" -c -silent Task: {0DA826DA-C315-408E-A81B-346FA731E686} - System32\Tasks\{4BD142E9-8A9E-4CF1-8E08-D7B5ABC463F4} => pcalua.exe -a "F:\kodiRelated\FTV v0.52\FTV\Amazon FireTV Utility App.exe" Task: {13009AEA-3E20-4C03-98ED-1DDAA2CBE59A} - System32\Tasks\{1E1D40DD-B7F0-437F-919E-7299C2A201C8} => pcalua.exe -a C:\Users\grevolorio\Desktop\vpnclient-win-msi-5.0.01.0600-k9.exe -d C:\Users\grevolorio\Desktop Task: {1CA54BD7-F8FE-43D7-A568-902BD730F451} - System32\Tasks\{C9D0DEFF-43BC-4715-854F-00A22264221D} => pcalua.exe -a F:\Downloads\Drawing\Pencil-Portrait-Tutorial--How-Beginners-Learn-To-Draw-Pencil-Portraits-Quickly-And-Easily.exe -d F:\Downloads\Drawing Task: {1D334B1E-CF07-488F-9133-6C6018482BF0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {220D5B9C-CC4B-43A8-BE1B-5AA45467AF92} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {2541E100-9850-45B0-8A0C-D00427497A49} - System32\Tasks\{2662DE15-9BFB-4C94-ABE1-B60C1CDBE28D} => pcalua.exe -a "C:\Users\grevolorio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3XG5VDK\lastpass_x64[1].exe" -d C:\Users\grevolorio\Desktop Task: {2A46E8FA-0109-4EB2-8581-D8E1CC3F8D47} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe Task: {2AC1D17C-EA09-4710-85F9-66D640AA0BF3} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {2C2A0C7C-A15F-473C-9A03-A80299CEEC13} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation) Task: {3100B96D-BB14-4990-BD3D-54ABC9D6445D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.) Task: {327B3BA7-B8A2-4705-A7D4-9A7536F0D564} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {379F9252-C770-44AA-AF2C-037D7FDACF84} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-06-19] (Siber Systems) Task: {384B22B0-4F48-47CA-A1B8-7D998C13032C} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {4D0D22B8-4C7A-44F5-B04F-96AB41E171EF} - System32\Tasks\ParetoLogic Update Version2 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22] () Task: {58289E57-EE9B-437E-9BF3-CCB6ABF1E425} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {59479587-6ECE-4E1C-9E21-55309D69125C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMKMGMNJLJIMKJJJCNOMMJOJKMCNLMJMIMJMCNGMLJIMPMCNLMJMPMMMMJKMLMOJKJKJPMIMJNJICMIMCNGMCNOMLMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMLMLMPMJNHICMEKMICNJJCKJNBJCMJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMKMKMFMPMJN (the data entry has 33 more characters). Task: {5B725530-FFAB-4A23-8563-A928DF68D79B} - System32\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108 => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-07-02] (Citrix Online, a division of Citrix Systems, Inc.) Task: {5D3FF025-C318-46AB-A7A4-5A8F209A70F7} - \SidebarExecute -> No File <==== ATTENTION Task: {6184FBBE-4AA1-42ED-A3A1-E6838CA95637} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {65EDF042-6E5E-4A9C-BCE8-01793ED9162F} - System32\Tasks\{DEDC4BB3-71C0-40D4-9A13-E7BEA775B519} => pcalua.exe -a F:\Downloads\AppleWirelessMouse64.exe Task: {6E0AF919-E2BB-4343-80BD-9DB7B1320AC0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {729AE2CB-D745-4FDE-AD60-D0A8A4636D78} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => F:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies) Task: {7CFEC956-1854-4D03-AC69-5FCACF3ED978} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {83A73D3C-C015-43F6-ABAB-27E7FC5C6590} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns Task: {88FD29A9-84EF-4B5D-B6F4-945733D892B5} - System32\Tasks\{A2F28A60-837B-4A08-93CF-C81107A19128} => pcalua.exe -a "F:\Downloads\Stardock Object Desktop Suite\Stardock Object Desktop Suite\WindowBlinds 5 [Enhanced] - With Crack\WindowBlinds 5 [Enhanced].exe" -d "F:\Downloads\Stardock Object Desktop Suite\Stardock Object Desktop Suite\WindowBlinds 5 [Enhanced] - With Crack" Task: {8B9FD64D-EE19-4346-AB88-F4084AA5EF60} - System32\Tasks\{E725F200-DE8A-4285-85FF-D7DA2DFE1545} => pcalua.exe -a F:\Downloads\solutoinstaller.exe Task: {90FFDBF2-C8F2-4A2B-99C2-BD4B2BA8849B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {92FC9152-3CF6-4DC4-A1FF-8B31A85EC68D} - System32\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB} => F:\Program Files\Allway Sync\Bin\syncappw.exe [2010-05-31] () Task: {93F228DA-AB4B-4BD9-B6D4-456EB46BA16D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {97F9187F-9225-4089-8965-5A446FE551E5} - System32\Tasks\{6C938882-44FC-4762-8288-22AC4957F8AB} => pcalua.exe -a "C:\Users\grevolorio\Desktop\MsiZap (1).exe" -d C:\Users\grevolorio\Desktop Task: {9D8F7C35-05F3-4098-A58A-CFDCE2571B56} - System32\Tasks\{A90FC29D-33BB-491B-AED4-86D69213CF61} => pcalua.exe -a "F:\Downloads\Microsoft Office 2010 Professional (No Key Required)\setup.exe" -d "F:\Downloads\Microsoft Office 2010 Professional (No Key Required)" Task: {A10AE438-01D3-48A2-B1F9-9CFCF67E0B22} - System32\Tasks\{E00AD51B-21C4-4D8F-A4AB-7CC5931C85E2} => pcalua.exe -a "C:\FTV\Amazon FireTV Utility App.exe" Task: {A2C753BE-80E2-4C1E-A35B-C6B17C5DE41F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {AD4D132B-F589-4AB7-9AC7-8E881E3CA6BA} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe Task: {AD684464-6AA5-4425-9D51-8804B6F5C03B} - System32\Tasks\{B40ADBCF-29B3-4A89-B5F3-2C6807F2DECB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall INFOPATHR /dll OSETUP.DLL Task: {AD9C8945-6414-46A1-B1CB-9348EE400E4F} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-21] () Task: {AFDFFF62-8D44-4454-8431-F540107AFF83} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMJMGMJJLJJMMMLJNJCNMMPMPMHMCNLMGMKMOJCNHMMMNJHMCNNMKJKJOMLMLMKMKJOMPMMJJJJNJICMIMCNOMCNPMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMIJNIKJJIAJDJAJNIGJAJJNKJCMJNNICMJNDJCMKJBJ" Task: {B421371D-E6A0-44B4-B84E-BEB704B7D919} - System32\Tasks\{DBF89E59-98BD-464C-821B-C714ACBF7D00} => pcalua.exe -a "C:\Users\grevolorio\AppData\Local\Temp\Temp1_Drivers for apple majic mouse.zip\Drivers for apple majic mouse\64bit driver.exe" Task: {B42859F1-52BE-4C0B-87A0-089A8A9525FE} - System32\Tasks\{A86051CA-CB2D-4CFC-AA2E-F97F003E332E} => pcalua.exe -a C:\Users\grevolorio.trmdu2\Downloads\VirtualBox-5.0.4-102546-Win.exe Task: {B6124405-83CA-4BD7-9DFD-1176D9CFEA66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {B7D682DD-52E1-43BE-BBF8-FDC6840A7669} - System32\Tasks\{AEC957EE-1707-435F-9324-C5329BCEB8F2} => pcalua.exe -a F:\Downloads\AppleWirelessMouse64UNEASY.exe Task: {BA7A7309-376A-49C5-8980-876C5ACE8DDE} - System32\Tasks\DocumentsBackupToNetworkDrive => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation) Task: {BFAECEBD-7839-4DE8-825D-A11D11B4ABE5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI) Task: {C3513C86-0619-4FBC-B521-2594460A8AB7} - System32\Tasks\{5EF141E4-698E-4751-AFC4-21FB5FB4CCC4} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {C7E44BE0-CBC9-4833-85C7-DCDE3709A73A} - System32\Tasks\{3EE8355E-6EFE-4231-BA1C-0027510C8764} => pcalua.exe -a F:\Downloads\OfficeExcel2003XMLToolsAddin.exe -d F:\Downloads Task: {D6847D8E-3585-4794-AD85-56EB9F05F9FA} - System32\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108 => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupload.exe [2015-07-02] (Citrix Online, a division of Citrix Systems, Inc.) Task: {DDBE4BC3-4239-45EA-85A5-E4557D3F2AD6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {DE2F2154-92E1-40E2-8EB6-A80435CCCFB7} - System32\Tasks\{9AA97C05-331D-48E7-B2B6-393DA5DB59E3} => pcalua.exe -a F:\Downloads\Vertus_Fluid_Mask_3.2.1_MegaRapidshare.com\fluid_mask_3_setup_2.100.2-RC2.exe Task: {E121D49B-E0A6-45BA-9FBA-E6A579E8DCAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {E62AE87E-4B4E-4A62-A2A5-C62E351425B8} - System32\Tasks\{FB5637CE-774D-41E9-8A18-A66C6F08DE12} => pcalua.exe -a "F:\Downloads\windirstat1_1_2_setup (1).exe" -d F:\Downloads Task: {E86215D1-331F-46EA-B5D2-DD63481E1867} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.) Task: {E8FC4795-B64E-463C-96A9-BE0B8DBF960D} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {E96AA20C-5A24-4099-8877-9D626337E24D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {F0F929D8-853A-41D7-BF97-78FBA3A7E8E9} - System32\Tasks\{5F894392-522C-4E66-80C8-E72C3D3AD54E} => pcalua.exe -a F:\Downloads\applewirelessmouse.exe Task: {F379DF3B-1EC4-4330-84B3-57537B17F6CE} - System32\Tasks\CopyMyDocsToU_Drive => Task: {F787EACE-34DC-43A0-9DA4-440D0A487857} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {FC31E385-F59B-4071-A73F-53FC0F691907} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => F:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {FCAEA3E8-B27E-4792-96C7-DE1B513D73A6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {FE0A6D57-BA94-4854-A4CF-ED585B3BB4B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Allway Sync_{4F0C1497E9A5A062AD06B978802E02AB}.job => F:\Program Files\Allway Sync\Bin\syncappw.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1085031214-796845957-725345543-2108.job => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1085031214-796845957-725345543-2108.job => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ParetoLogic Registration.job => rundll32.exe C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll Task: C:\Windows\Tasks\ParetoLogic Update Version2.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\grevolorio.trmdu2\Desktop\Gus - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk ShortcutWithArgument: C:\Users\grevolorio.trmdu2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9cc420c2be074d9\Identity API Scope Approval UI.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ahjaciijnoiaklcomgnblndopackapon ==================== Loaded Modules (Whitelisted) ============== 2012-05-15 13:12 - 2012-05-15 13:12 - 00385680 _____ () F:\Program Files (x86)\Stardock\Object Desktop\WindowFX\WFX32.exe 2011-01-11 10:52 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll 2015-08-28 15:35 - 2014-10-30 08:18 - 00029184 ____C () C:\Windows\System32\ssj2mlm.dll 2014-11-12 05:20 - 2014-11-12 05:20 - 00524800 _____ () f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe 2015-08-04 08:26 - 2015-08-04 08:26 - 00718040 _____ () F:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 00018600 _____ () C:\Program Files\Synergy\synwinhk.DLL 2016-03-16 06:17 - 2016-03-16 06:17 - 00052912 _____ () F:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () F:\Program Files (x86)\Unlocker\UnlockerCOM.dll 2011-02-14 17:55 - 2009-06-21 08:52 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-08-04 08:26 - 2015-08-04 08:26 - 00861912 _____ () F:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll 2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 00312488 _____ () C:\Program Files\Synergy\synergyd.exe 2015-07-08 16:59 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2010-11-08 11:15 - 2010-11-08 11:15 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll 2015-06-30 08:24 - 2015-06-30 08:24 - 00408576 _____ () F:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll 2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 00171520 ____R () C:\Program Files (x86)\Calibre2\calibre.exe 2016-07-01 08:50 - 2016-07-01 08:50 - 00024576 ____R () C:\Program Files (x86)\Calibre2\calibre-parallel.exe 2016-06-17 17:07 - 2016-06-15 04:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-17 17:07 - 2016-06-15 04:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-03-18 14:52 - 2016-03-18 14:52 - 01881256 _____ () C:\Program Files\Synergy\synergy.exe 2016-03-18 14:52 - 2016-03-18 14:52 - 00979112 _____ () C:\Program Files\Synergy\synergys.exe 2014-08-20 09:47 - 2014-05-13 12:04 - 00109400 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-20 09:47 - 2014-05-13 12:04 - 00416600 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-20 09:47 - 2014-05-13 12:04 - 00167768 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-08-20 09:47 - 2012-08-23 10:38 - 00574840 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-08-20 09:47 - 2012-04-03 17:06 - 00565640 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2012-08-15 14:11 - 2012-08-15 14:11 - 01222656 _____ () F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\libxml2.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00037376 ____R () C:\Program Files (x86)\Calibre2\calibre-launcher.dll 2014-05-03 23:25 - 2014-05-03 23:25 - 00110080 ____R () C:\Program Files (x86)\Calibre2\DLLs\pywintypes27.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00057344 ____R () C:\Program Files (x86)\Calibre2\plugins2\progress_indicator.pyd 2016-07-01 08:47 - 2016-07-01 08:47 - 00069632 ____R () C:\Program Files (x86)\Calibre2\plugins2\imageops.pyd 2016-07-01 08:50 - 2016-07-01 08:50 - 00176128 ____R () C:\Program Files (x86)\Calibre2\DLLs\libxslt.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 01069568 ____R () C:\Program Files (x86)\Calibre2\DLLs\libxml2.dll 2016-07-01 08:50 - 2016-07-01 08:50 - 00064000 ____R () C:\Program Files (x86)\Calibre2\DLLs\libexslt.dll 2014-12-10 12:23 - 2014-12-10 12:23 - 00426496 ____R () C:\Program Files (x86)\Calibre2\DLLs\sqlite3.dll 2016-07-01 08:47 - 2016-07-01 08:47 - 00035840 ____R () C:\Program Files (x86)\Calibre2\plugins2\wpd.pyd 2014-05-03 23:29 - 2014-05-03 23:29 - 00396800 ____R () C:\Program Files (x86)\Calibre2\DLLs\pythoncom27.dll 2016-07-01 08:46 - 2016-07-01 08:46 - 00262144 ____R () C:\Program Files (x86)\Calibre2\plugins2\hunspell.pyd 2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-30 05:53 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2016-05-12 19:57 - 2016-06-06 21:58 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-07-11 14:07 - 2016-06-06 21:59 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-05-12 19:57 - 2016-06-06 21:58 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-07-11 14:07 - 2016-06-06 21:58 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-05-12 19:57 - 2016-07-05 14:00 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-05-12 19:57 - 2016-06-06 21:59 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-07-11 14:07 - 2016-06-06 22:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-05-12 19:57 - 2016-06-06 21:58 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-07-11 14:07 - 2016-06-06 21:59 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2016-07-11 14:07 - 2016-07-05 13:59 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-07-11 14:07 - 2016-06-06 22:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-07-11 14:07 - 2016-07-05 14:00 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-07-11 14:07 - 2016-07-05 14:00 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-05-12 19:57 - 2016-06-06 21:59 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-05-12 19:57 - 2016-06-06 22:00 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-05-12 19:57 - 2016-07-05 14:00 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-07-11 14:07 - 2016-07-05 14:00 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2014-08-20 09:47 - 2014-04-25 14:11 - 02972112 _____ () F:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll 2016-03-08 09:04 - 2016-03-08 09:04 - 02415104 _____ () C:\Program Files\Synergy\QtCore4.dll 2009-01-10 10:32 - 2009-01-10 10:32 - 00011362 _____ () C:\Program Files\Synergy\mingwm10.dll 2009-06-22 18:42 - 2009-06-22 18:42 - 00043008 _____ () C:\Program Files\Synergy\libgcc_s_dw2-1.dll 2010-02-10 14:43 - 2010-02-10 14:43 - 09515520 _____ () C:\Program Files\Synergy\QtGui4.dll 2010-02-10 14:10 - 2010-02-10 14:10 - 01148416 _____ () C:\Program Files\Synergy\QtNetwork4.dll 2013-12-17 04:42 - 2013-12-17 04:42 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows: [108] AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [125] AlternateDataStreams: C:\Users\grevolorio.trmdu2\.DS_Store:AFP_AfpInfo [122] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\bunker -> hxxps://bunker IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\calshr01 -> hxxp://calshr01 IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\calshr02 -> hxxp://calshr02 IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\emmarx.com -> hxxp://reports.emmarx.com IE trusted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\inrangesystems.com -> hxxp://intranet.inrangesystems.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-se.com -> 1-se.com There are 11773 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1915297274-1003847613-3419053400-1105-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\greenskybrands.com -> hxxp://intranet.greenskybrands.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\greenskybrands.com -> hxxp://intranet.greenskybrands.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7867 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2011-10-28 15:03 - 2016-07-16 08:38 - 00450173 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15466 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1085031214-796845957-725345543-2108-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\grevolorio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1085031214-796845957-725345543-2109-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\sharepointadmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1085031214-796845957-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3578782807-1016812498-1856270605-1009\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3578782807-1016812498-1856270605-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 192.168.0.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: CronService => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: sdAuxService => 3 MSCONFIG\Services: sdCoreService => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^monitorpad.lnk => C:\Windows\pss\monitorpad.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tor.lnk => C:\Windows\pss\Tor.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^grevolorio.trmdu2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup MSCONFIG\startupfolder: C:^Users^grevolorio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MLO.lnk => C:\Windows\pss\MLO.lnk.Startup MSCONFIG\startupfolder: C:^Users^grevolorio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyLife Organized.lnk => C:\Windows\pss\MyLife Organized.lnk.Startup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: ApplePhotoStreams => MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: AttendeeCommunicator => "C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe" /fromrunkey MSCONFIG\startupreg: BackupAndRecoveryMonitor.exe => C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe MSCONFIG\startupreg: Box Edit => C:\Users\grevolorio.trmdu2\AppData\Local\Box\Box Edit\Box Edit.exe MSCONFIG\startupreg: Box Local Com Server => C:\ProgramData\Box\ComServer\Box Local Com Service.exe MSCONFIG\startupreg: ccApp => "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" MSCONFIG\startupreg: ClipToOneNote => MSCONFIG\startupreg: EEDSpeedLauncher => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MSCONFIG\startupreg: Google Desktop Search => MSCONFIG\startupreg: iCloudServices => MSCONFIG\startupreg: itype => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe MSCONFIG\startupreg: MobileDocuments => MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start MSCONFIG\startupreg: PlayOn => C:\Program Files (x86)\MediaMall\PlayOn.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SDTray => "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: Spybot-S&D Cleaning => "F:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: uTorrent => "C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: Vidalia => "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" MSCONFIG\startupreg: vmware-tray => MSCONFIG\startupreg: vmware-tray.exe => "F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-tray.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{2C84D7A8-185F-48F0-997F-3A814FEB1212}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe FirewallRules: [UDP Query User{76BCF8C2-EC1E-47FD-A852-CE49592796D5}C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe] => (Allow) C:\program files (x86)\mylifeorganized.net\mlo\mlo.exe FirewallRules: [{E4DAC48E-0F06-4425-87B9-7BD5994267BF}] => (Allow) F:\Downloads\solutoinstaller-Lc51Pys8GM.exe FirewallRules: [{DE5F8045-275F-4630-8682-8236CFC1A9FA}] => (Allow) F:\Downloads\solutoinstaller-Lc51Pys8GM.exe FirewallRules: [{3CAF5393-735B-4381-9C98-BE52D398D458}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{D093949F-C20C-4810-B36E-6B28E571CC81}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{C6F07D1B-04C4-4F10-BDA4-374E78C5EF19}] => (Allow) C:\Program Files (x86)\Microsoft Lync Attendee\AttendeeCommunicator.exe FirewallRules: [{24C77659-9DEF-4ABA-B4B9-64F8BC15A943}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B5BA6578-03EA-4F19-B6A2-C924C6C8E14F}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe FirewallRules: [{758E4422-978B-47A4-86E4-B8F589FB2F26}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-authd.exe FirewallRules: [{051D6AFF-140B-4251-A785-C60079EDB7FD}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe FirewallRules: [{7AC51C86-1E31-4E96-A1FF-7A9E9D7CE9C1}] => (Allow) F:\Program Files (x86)\VMware\VMware VIX\VMWare Workstation\vmware-hostd.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [{E82D2D2F-BFBD-41F4-A369-818C95FE2B09}] => (Allow) C:\Users\grevolorio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B9EB0C5C-06D4-405B-BFEF-E1240AFC3A92}] => (Allow) C:\Users\grevolorio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4FE7CDC6-7A33-4C99-ABED-B4C4EA2F2743}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{46A01AAE-281A-4A88-9B9E-D5E9DD8EF2B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AA765390-3C76-4719-96A5-CFF7997FFC8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{51707004-99BF-4B82-866C-6DBD656522DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6EE70C80-E842-4BB8-8FB2-4183E0A2B6CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B261E1BA-7CCA-4BDA-A864-90AD5F09B541}] => (Allow) C:\Users\grevolorio\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{B05ABD30-952F-4977-88FB-0BF6B0D8486C}] => (Allow) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe FirewallRules: [{0E804373-A724-4174-95E8-11BF1A486C38}] => (Allow) F:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{482C2904-B9EB-460A-B24A-CDE0111F39B6}] => (Allow) F:\Program Files (x86)\BitTorrent Sync\BTSync.exe FirewallRules: [{30113CC9-EA36-40C1-ACE3-9C07A0D32065}] => (Allow) F:\Program Files (x86)\BitTorrent Sync\BTSync.exe FirewallRules: [{455BC505-116E-4778-9C47-D0039C5ABD3F}] => (Allow) LPort=12292 FirewallRules: [{48E75E71-2CBD-4890-8FDF-D76036F2069D}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe FirewallRules: [{B80C427A-4A78-4C8F-8C5A-F9137515E7DA}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe FirewallRules: [{97D36CA4-D871-4663-BF1F-D7D27925F9D4}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe FirewallRules: [{53162F45-0E3E-441F-AD2A-795DD8EBAB2D}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe FirewallRules: [{CB2F542C-B0A8-44DC-87F1-457206EFAC68}] => (Allow) C:\Program Files (x86)\MediaMall\PlayLater.exe FirewallRules: [{69B9AE74-7660-4131-A026-481F146680CA}] => (Allow) f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\RpcAgentSrv.exe FirewallRules: [{8A1F8345-6A95-49F8-A078-63007A1228A3}] => (Allow) f:\Program Files\SiSoftware\SiSoftware Sandra Business 2015\WNt600x64\RpcSandraSrv.exe FirewallRules: [{C974CD50-7415-43E1-9081-9640AB51C81D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE7E25B2-F63F-4E9B-8373-0A23074C71B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{EBC71303-5F45-4EDC-8E05-A3C6405AF3E8}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [UDP Query User{49A87548-8B14-4D3A-BA89-3E30CBD64639}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [{8A45DF66-77B3-47F5-9E5B-6E67E8CD3672}] => (Block) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [{2358E7EC-EE95-49BE-8DE1-26AF8F97ADAD}] => (Block) C:\program files (x86)\calibre2\calibre.exe FirewallRules: [TCP Query User{011516DF-6F3F-479A-8621-1D0D84A0991F}F:\program files\transmission\transmission-qt.exe] => (Allow) F:\program files\transmission\transmission-qt.exe FirewallRules: [UDP Query User{ABA9851F-F69F-4C9D-A24E-A115D08E0AB4}F:\program files\transmission\transmission-qt.exe] => (Allow) F:\program files\transmission\transmission-qt.exe FirewallRules: [{4095281A-CA21-41D6-BA24-5FE980C904D0}] => (Block) F:\program files\transmission\transmission-qt.exe FirewallRules: [{24B34338-DD29-4CA9-AD70-42F3924DD47F}] => (Block) F:\program files\transmission\transmission-qt.exe FirewallRules: [{AED27814-FFA9-4899-B195-BE194AA6F13A}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{A0DE4516-2BD6-4D21-AE2B-124A3B182B0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{E0D62CAE-785A-402E-A297-8B4033C9B7A7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{932729FC-8CEF-4D87-B35B-8778A82696D8}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1706A022-0050-4667-91AA-26B728B5ADD8}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1EBA2EAC-E1BE-48CE-A61E-C0BEF9EC4047}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{583FE798-093F-4AFC-87FB-6E46B63294A7}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EA173698-EF6B-4459-A147-42C9EDA2520C}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F3E80BF7-DA3F-42AB-84EB-C25F52B2AF47}] => (Allow) C:\Users\grevolorio.trmdu2\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{71CA5F73-AFD7-40C6-BDAF-10CC1A9579E5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{4D1F3054-3DA7-46C6-BF81-7F064302A7E6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{29A5A62E-BA87-4660-B3AA-624A5051E5F2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{6369152E-C858-4EDF-BB52-6895496F3D74}] => (Allow) f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe FirewallRules: [{E78D9C97-08D7-434F-8123-13261C4D9C6A}] => (Allow) f:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe FirewallRules: [{3792C9C6-450E-426B-986C-5824239E896A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{F3E4F551-C952-46A2-9CD8-2A5715867AC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{02F4B432-CBA2-4E39-B3FF-F55F89EC7B68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{8A0142B3-4C3B-4255-ABA5-96A1B1BD07D9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F598C328-3FB4-42B6-899B-A8D1E5B2EC43}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{7F10E473-1BCA-4539-B818-F0EF53397B0F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{CBD9A108-FE5D-4C30-A810-642437C8E1F8}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{6DD6D3DB-85B6-4E8A-B606-85CA460F802A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{20FAFEED-FBD1-44C6-8EFB-994DC36F082C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{EB4B33CD-E952-4BFC-B5DE-B6D3A09356AF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{EC02FE5E-F982-4195-96AA-CE84BEECCF6A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{21DD25A7-A8D1-4916-A603-11C1BC9AD862}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{14B43CDE-088B-4241-AE08-1E53015DBD6D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{1FBAD7D8-6F46-41E4-961C-0EAB6CA8B4BE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{B7D324F3-4B17-46E4-9913-152127D321A5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [{422A2506-3182-4452-B20C-5EC8186315FD}] => (Allow) C:\Program Files\Synergy\synergys.exe FirewallRules: [{C86D90D8-8EFA-49AF-93C1-3293B433ED7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6E079AAB-5654-4264-8491-85AF7E253C08}] => (Allow) C:\Windows\explorer.exe FirewallRules: [{98CBFD6B-3FB9-488B-A3C8-3C054460A2B1}] => (Allow) C:\Windows\system32\rundll32.exe StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Intel(R) Centrino(R) Advanced-N 6200 AGN Description: Intel(R) Centrino(R) Advanced-N 6200 AGN Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: NETw5s64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Loopback Adapter Description: Microsoft Loopback Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: msloop Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/18/2016 09:05:53 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/18/2016 04:05:57 AM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 11:05:25 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 10:59:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoPico.exe, version: 12.3.0.0, time stamp: 0x53b06ef5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c Exception code: 0xe0434352 Fault offset: 0x000000000001a06d Faulting process id: 0x18438 Faulting application start time: 0xAutoPico.exe0 Faulting application path: AutoPico.exe1 Faulting module path: AutoPico.exe2 Report Id: AutoPico.exe3 Error: (07/17/2016 10:59:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AutoPico.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException Stack: at System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult) at AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult) at System.Net.LazyAsyncResult.Complete(IntPtr) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Net.ContextAwareResult.Complete(IntPtr) at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) Error: (07/17/2016 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (07/17/2016 06:05:33 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. Error: (07/17/2016 05:29:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoPico.exe, version: 12.3.0.0, time stamp: 0x53b06ef5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c Exception code: 0xe0434352 Fault offset: 0x000000000001a06d Faulting process id: 0x184bc Faulting application start time: 0xAutoPico.exe0 Faulting application path: AutoPico.exe1 Faulting module path: AutoPico.exe2 Report Id: AutoPico.exe3 Error: (07/17/2016 05:29:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AutoPico.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.IOException Stack: at System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult) at AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult) at System.Net.LazyAsyncResult.Complete(IntPtr) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Net.ContextAwareResult.Complete(IntPtr) at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*) Error: (07/17/2016 01:05:09 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY) Description: Product: Chrome Remote Desktop Host -- Error 1714. The older version of Chrome Remote Desktop Host cannot be removed. Contact your technical support group. System Error 1612. System errors: ============= Error: (07/09/2016 08:46:16 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (06/17/2016 03:52:14 PM) (Source: VDS Dynamic Provider) (EventID: 40) (User: ) Description: The remove plex operation failed to complete. status=C038003B Error: (06/17/2016 03:48:38 PM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: 490@01010004 Error: (06/17/2016 03:40:15 PM) (Source: VDS Basic Provider) (EventID: 1) (User: ) Description: Unexpected failure. Error code: 490@01010004 Error: (06/13/2016 06:09:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 06:09:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY51 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 06:09:09 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.223.1357.0 Update Source: %NT AUTHORITY59 Update Stage: 4.9.0218.00 Source Path: 4.9.0218.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (06/13/2016 05:47:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the VMware Workstation Server service, but this action failed with the following error: %%193 Error: (06/13/2016 05:46:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Run the configured recovery program. Error: (06/13/2016 05:45:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) CodeIntegrity: =================================== Date: 2016-07-17 04:56:59.348 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-17 04:56:59.258 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-17 04:56:59.099 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.984 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.894 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 03:52:04.509 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:34.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:33.925 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 04:55:33.538 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 03:10:30.776 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz Percentage of memory in use: 93% Total physical RAM: 16316.38 MB Available physical RAM: 1045.3 MB Total Virtual: 16826.56 MB Available Virtual: 528.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:22.36 GB) NTFS Drive d: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF Drive f: (SoftRaid) (Fixed) (Total:731.32 GB) (Free:32.08 GB) NTFS Drive g: (Virtual) (Fixed) (Total:465.76 GB) (Free:412.86 GB) NTFS Drive i: (My Passport) (Fixed) (Total:930.86 GB) (Free:710.41 GB) NTFS Drive m: () (Fixed) (Total:465.75 GB) (Free:268.39 GB) NTFS Drive n: () (Fixed) (Total:465.75 GB) (Free:432.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0D040DF6) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=100 GB) - (Type=42) Partition 4: (Not Active) - (Size=831.4 GB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 08C4D7E9) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=100 MB) - (Type=42) Partition 3: (Not Active) - (Size=100 GB) - (Type=42) Partition 4: (Not Active) - (Size=831.4 GB) - (Type=42) ======================================================== Disk: 2 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 00052F35) Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

Thanks MrC. I appreciate your help.

Unfortunately not. Still expands but won't run.

Done. This is the log: 2012-05-31 16:57:00: **************************************************** 2012-05-31 16:57:00: Starting UP ... v 0.0.0.220 2012-05-31 16:57:00: **************************************************** 2012-05-31 16:57:00: Stop TPSRV returns: 2 2012-05-31 16:57:15: Listing processes... 2012-05-31 16:57:15: :[system Process]:0 2012-05-31 16:57:15: :System:4 2012-05-31 16:57:15: :smss.exe:356 2012-05-31 16:57:15: :csrss.exe:632 2012-05-31 16:57:15: :wininit.exe:732 2012-05-31 16:57:15: :services.exe:788 2012-05-31 16:57:15: :lsass.exe:796 2012-05-31 16:57:15: :lsm.exe:804 2012-05-31 16:57:15: :svchost.exe:1000 2012-05-31 16:57:15: :svchost.exe:628 2012-05-31 16:57:15: :svchost.exe:720 2012-05-31 16:57:15: :svchost.exe:1048 2012-05-31 16:57:15: :svchost.exe:1216 2012-05-31 16:57:15: :Pen_TouchService.exe:1400 2012-05-31 16:57:15: :Smc.exe:1532 2012-05-31 16:57:15: :svchost.exe:1588 2012-05-31 16:57:15: :ccSvcHst.exe:1840 2012-05-31 16:57:15: :spoolsv.exe:1764 2012-05-31 16:57:15: :SASCore64.exe:2660 2012-05-31 16:57:15: :armsvc.exe:2716 2012-05-31 16:57:15: :mDNSResponder.exe:2964 2012-05-31 16:57:15: :btwdins.exe:1896 2012-05-31 16:57:15: :svchost.exe:2796 2012-05-31 16:57:15: :LMIGuardianSvc.exe:2616 2012-05-31 16:57:15: :ramaint.exe:3116 2012-05-31 16:57:15: :LogMeIn.exe:3152 2012-05-31 16:57:15: :nlssrv32.exe:3328 2012-05-31 16:57:15: :PsiService_2.exe:3388 2012-05-31 16:57:15: :cscript.exe:3400 2012-05-31 16:57:15: :SeagateDashboardService.exe:3764 2012-05-31 16:57:15: :nvSCPAPISvr.exe:3868 2012-05-31 16:57:15: :Rtvscan.exe:3936 2012-05-31 16:57:15: :Pen_Tablet.exe:3980 2012-05-31 16:57:15: :TeamViewer_Service.exe:4024 2012-05-31 16:57:15: :vmware-usbarbitrator.exe:4048 2012-05-31 16:57:15: :vmnat.exe:4072 2012-05-31 16:57:15: :WLIDSVC.EXE:3708 2012-05-31 16:57:15: :WLIDSVCM.EXE:3568 2012-05-31 16:57:15: :vmware-authd.exe:2452 2012-05-31 16:57:15: :vmnetdhcp.exe:4260 2012-05-31 16:57:15: :SearchIndexer.exe:4588 2012-05-31 16:57:15: :iPodService.exe:4492 2012-05-31 16:57:15: :svchost.exe:5640 2012-05-31 16:57:15: :NASvc.exe:2848 2012-05-31 16:57:15: :svchost.exe:5428 2012-05-31 16:57:15: :svchost.exe:5140 2012-05-31 16:57:15: :GoogleEarth-Win-Plugin-6.2.2.6613.exe:2712 2012-05-31 16:57:15: :GoogleEarth-Win-Bundle-6.2.2.6613.exe:5748 2012-05-31 16:57:15: :audiodg.exe:5156 2012-05-31 16:57:15: :csrss.exe:2104 2012-05-31 16:57:15: :winlogon.exe:6504 2012-05-31 16:57:15: :wisptis.exe:4108 2012-05-31 16:57:15: :MouseWithoutBorders.exe:3092 2012-05-31 16:57:15: :MouseWithoutBorders.exe:5160 2012-05-31 16:57:15: :taskhost.exe:2156 2012-05-31 16:57:15: :wisptis.exe:2120 2012-05-31 16:57:15: :TabTip.exe:4224 2012-05-31 16:57:15: :TeamViewer.exe:5728 2012-05-31 16:57:15: :TabTip32.exe:6620 2012-05-31 16:57:15: :Pen_TouchUser.exe:1072 2012-05-31 16:57:15: :tv_w32.exe:6512 2012-05-31 16:57:15: :tv_x64.exe:6460 2012-05-31 16:57:15: :Pen_TabletUser.exe:1128 2012-05-31 16:57:15: :Pen_Tablet.exe:6364 2012-05-31 16:57:15: :dwm.exe:2272 2012-05-31 16:57:15: :explorer.exe:6532 2012-05-31 16:57:15: :SmcGui.exe:7128 2012-05-31 16:57:15: :ProtectionUtilSurrogate.exe:3012 2012-05-31 16:57:15: :wuauclt.exe:4452 2012-05-31 16:57:15: :LogMeInSystray.exe:2772 2012-05-31 16:57:15: :ipoint.exe:3432 2012-05-31 16:57:15: :robotaskbaricon.exe:3428 2012-05-31 16:57:15: :Dropbox.exe:2268 2012-05-31 16:57:15: :EvernoteClipper.exe:1484 2012-05-31 16:57:15: :Launchy.exe:6660 2012-05-31 16:57:15: :mlo.exe:4244 2012-05-31 16:57:15: :ONENOTEM.EXE:2424 2012-05-31 16:57:15: :acrotray.exe:2396 2012-05-31 16:57:15: :UnlockerAssistant.exe:2392 2012-05-31 16:57:15: :iTunesHelper.exe:6960 2012-05-31 16:57:15: :DDHelper.exe:2304 2012-05-31 16:57:15: :wmpnetwk.exe:2988 2012-05-31 16:57:15: :SProxy.exe:6976 2012-05-31 16:57:15: :mstsc.exe:5820 2012-05-31 16:57:15: :unsecapp.exe:2852 2012-05-31 16:57:15: :OUTLOOK.EXE:6764 2012-05-31 16:57:15: :notepad++.exe:6208 2012-05-31 16:57:15: :BrowzarSilver2000.exe:5520 2012-05-31 16:57:15: :chrome.exe:5376 2012-05-31 16:57:15: :chrome.exe:5936 2012-05-31 16:57:15: :chrome.exe:4688 2012-05-31 16:57:15: :chrome.exe:6424 2012-05-31 16:57:15: :chrome.exe:3668 2012-05-31 16:57:15: :chrome.exe:4036 2012-05-31 16:57:15: :chrome.exe:6640 2012-05-31 16:57:15: :chrome.exe:2820 2012-05-31 16:57:15: :chrome.exe:4632 2012-05-31 16:57:15: :chrome.exe:4948 2012-05-31 16:57:15: :chrome.exe:1196 2012-05-31 16:57:15: :GoogleEarth-Win-Plugin-6.2.2.6613.exe:4552 2012-05-31 16:57:15: :xplorer2_64.exe:2312 2012-05-31 16:57:15: :SearchProtocolHost.exe:4484 2012-05-31 16:57:15: :SearchFilterHost.exe:3800 2012-05-31 16:57:15: :yorkyt.exe:2784 2012-05-31 16:57:15: :WmiPrvSE.exe:5040 2012-05-31 16:57:15: 2012-05-31 16:57:15: Setting restore point 2012-05-31 16:57:34: RUN mode 2012-05-31 16:57:34: Determining autonomous or dropped mode... 2012-05-31 16:57:34: Autonomus mode 2012-05-31 16:57:34: --------------------------------------------------------------------- 2012-05-31 16:57:34: Found Service: AeLookupSvc 2012-05-31 16:57:34: Real Path: C:\Windows\System32\aelupsvc.dll 2012-05-31 16:57:34: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1 2012-05-31 16:57:34: Description: @%SystemRoot%\system32\aelupsvc.dll,-2 2012-05-31 16:57:34: ServiceDLL: System32\aelupsvc.dll 2012-05-31 16:57:34: File size: 0 2012-05-31 16:57:34: DLL File name: aelupsvc.dll 2012-05-31 16:57:34: Original File Name: aelupsvc.dll.mui 2012-05-31 16:57:34: Company: 2012-05-31 16:57:34: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: AppIDSvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\appidsvc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\appidsvc.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\appidsvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\appidsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: appidsvc.dll 2012-05-31 16:57:35: Original File Name: appidsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: Appinfo 2012-05-31 16:57:35: Real Path: C:\Windows\System32\appinfo.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\appinfo.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\appinfo.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\appinfo.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: appinfo.dll 2012-05-31 16:57:35: Original File Name: appinfo.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: AppMgmt 2012-05-31 16:57:35: Real Path: C:\Windows\System32\appmgmts.dll 2012-05-31 16:57:35: Display Name: @appmgmts.dll,-3250 2012-05-31 16:57:35: Description: @appmgmts.dll,-3251 2012-05-31 16:57:35: ServiceDLL: System32\appmgmts.dll 2012-05-31 16:57:35: File size: 149504 2012-05-31 16:57:35: DLL File name: appmgmts.dll 2012-05-31 16:57:35: Original File Name: appmgmts.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211453 20090713193834 20090713193834 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: AudioEndpointBuilder 2012-05-31 16:57:35: Real Path: C:\Windows\System32\Audiosrv.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\audiosrv.dll,-205 2012-05-31 16:57:35: ServiceDLL: System32\Audiosrv.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: Audiosrv.dll 2012-05-31 16:57:35: Original File Name: audiosrv.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: AudioSrv 2012-05-31 16:57:35: Real Path: C:\Windows\System32\Audiosrv.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\audiosrv.dll,-201 2012-05-31 16:57:35: ServiceDLL: System32\Audiosrv.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: Audiosrv.dll 2012-05-31 16:57:35: Original File Name: audiosrv.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: AxInstSV 2012-05-31 16:57:35: Real Path: C:\Windows\System32\AxInstSV.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\AxInstSV.dll,-104 2012-05-31 16:57:35: ServiceDLL: System32\AxInstSV.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: AxInstSV.dll 2012-05-31 16:57:35: Original File Name: AxInstSv.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: BDESVC 2012-05-31 16:57:35: Real Path: C:\Windows\System32\bdesvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\bdesvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\bdesvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: bdesvc.dll 2012-05-31 16:57:35: Original File Name: BDESVC.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: BITS 2012-05-31 16:57:35: Real Path: C:\Windows\system32\qmgr.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\qmgr.dll,-1001 2012-05-31 16:57:35: ServiceDLL: system32\qmgr.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: qmgr.dll 2012-05-31 16:57:35: Original File Name: qmgr.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: Browser 2012-05-31 16:57:35: Real Path: C:\Windows\System32\browser.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\browser.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\browser.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\browser.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: browser.dll 2012-05-31 16:57:35: Original File Name: browser.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: bthserv 2012-05-31 16:57:35: Real Path: C:\Windows\system32\bthserv.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\bthserv.dll,-101 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\bthserv.dll,-102 2012-05-31 16:57:35: ServiceDLL: system32\bthserv.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: bthserv.dll 2012-05-31 16:57:35: Original File Name: BTHSERV.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: CertPropSvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\certprop.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\certprop.dll,-11 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\certprop.dll,-12 2012-05-31 16:57:35: ServiceDLL: System32\certprop.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: certprop.dll 2012-05-31 16:57:35: Original File Name: certprop.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: CryptSvc 2012-05-31 16:57:35: Real Path: C:\Windows\system32\cryptsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002 2012-05-31 16:57:35: ServiceDLL: system32\cryptsvc.dll 2012-05-31 16:57:35: File size: 135680 2012-05-31 16:57:35: DLL File name: cryptsvc.dll 2012-05-31 16:57:35: Original File Name: cryptsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211507 20090713193303 20090713193303 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: CscService 2012-05-31 16:57:35: Real Path: C:\Windows\System32\cscsvc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\cscsvc.dll,-200 2012-05-31 16:57:35: Description: @%systemroot%\system32\cscsvc.dll,-201 2012-05-31 16:57:35: ServiceDLL: System32\cscsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: cscsvc.dll 2012-05-31 16:57:35: Original File Name: cscsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: DcomLaunch 2012-05-31 16:57:35: Real Path: C:\Windows\system32\rpcss.dll 2012-05-31 16:57:35: Display Name: @oleres.dll,-5012 2012-05-31 16:57:35: Description: @oleres.dll,-5013 2012-05-31 16:57:35: ServiceDLL: system32\rpcss.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: rpcss.dll 2012-05-31 16:57:35: Original File Name: rpcss.dll 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: defragsvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\defragsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\defragsvc.dll,-102 2012-05-31 16:57:35: ServiceDLL: System32\defragsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: defragsvc.dll 2012-05-31 16:57:35: Original File Name: defragsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: Dhcp 2012-05-31 16:57:35: Real Path: C:\Windows\system32\dhcpcore.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\dhcpcore.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\dhcpcore.dll 2012-05-31 16:57:35: File size: 253440 2012-05-31 16:57:35: DLL File name: dhcpcore.dll 2012-05-31 16:57:35: Original File Name: dhcpcore.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211511 20090713191216 20090713191216 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: Dnscache 2012-05-31 16:57:35: Real Path: C:\Windows\System32\dnsrslvr.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\dnsapi.dll,-102 2012-05-31 16:57:35: ServiceDLL: System32\dnsrslvr.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: dnsrslvr.dll 2012-05-31 16:57:35: Original File Name: dnsrslvr.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: dot3svc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\dot3svc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\dot3svc.dll,-1102 2012-05-31 16:57:35: Description: @%systemroot%\system32\dot3svc.dll,-1103 2012-05-31 16:57:35: ServiceDLL: System32\dot3svc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: dot3svc.dll 2012-05-31 16:57:35: Original File Name: dot3svc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: DPS 2012-05-31 16:57:35: Real Path: C:\Windows\system32\dps.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\dps.dll,-500 2012-05-31 16:57:35: Description: @%systemroot%\system32\dps.dll,-501 2012-05-31 16:57:35: ServiceDLL: system32\dps.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: dps.dll 2012-05-31 16:57:35: Original File Name: dps.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: EapHost 2012-05-31 16:57:35: Real Path: C:\Windows\System32\eapsvc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\eapsvc.dll,-1 2012-05-31 16:57:35: Description: @%systemroot%\system32\eapsvc.dll,-2 2012-05-31 16:57:35: ServiceDLL: System32\eapsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: eapsvc.dll 2012-05-31 16:57:35: Original File Name: eapsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: EventSystem 2012-05-31 16:57:35: Real Path: C:\Windows\system32\es.dll 2012-05-31 16:57:35: Display Name: @comres.dll,-2450 2012-05-31 16:57:35: Description: @comres.dll,-2451 2012-05-31 16:57:35: ServiceDLL: system32\es.dll 2012-05-31 16:57:35: File size: 271360 2012-05-31 16:57:35: DLL File name: es.dll 2012-05-31 16:57:35: Original File Name: ES.DLL 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211519 20090713194438 20090713194438 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: fdPHost 2012-05-31 16:57:35: Real Path: C:\Windows\system32\fdPHost.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\fdPHost.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\fdPHost.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\fdPHost.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: fdPHost.dll 2012-05-31 16:57:35: Original File Name: fdPHost.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: FDResPub 2012-05-31 16:57:35: Real Path: C:\Windows\system32\fdrespub.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\fdrespub.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\fdrespub.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\fdrespub.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: fdrespub.dll 2012-05-31 16:57:35: Original File Name: FDResPub.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: !!!!!!! 2012-05-31 16:57:35: Found Service: FontCache 2012-05-31 16:57:35: Real Path: C:\Windows\system32\FntCache.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\FntCache.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\FntCache.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\FntCache.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: FntCache.dll 2012-05-31 16:57:35: Original File Name: FontCacheService 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: !!!!!!!!! 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: gpsvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\gpsvc.dll 2012-05-31 16:57:35: Display Name: @gpapi.dll,-112 2012-05-31 16:57:35: Description: @gpapi.dll,-113 2012-05-31 16:57:35: ServiceDLL: System32\gpsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: gpsvc.dll 2012-05-31 16:57:35: Original File Name: gpsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: hidserv 2012-05-31 16:57:35: Real Path: C:\Windows\System32\hidserv.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\hidserv.dll,-101 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\hidserv.dll,-102 2012-05-31 16:57:35: ServiceDLL: System32\hidserv.dll 2012-05-31 16:57:35: File size: 49152 2012-05-31 16:57:35: DLL File name: hidserv.dll 2012-05-31 16:57:35: Original File Name: HIDSERV.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211524 20090713195109 20090713195109 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: hkmsvc 2012-05-31 16:57:35: Real Path: C:\Windows\system32\kmsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\kmsvc.dll,-7 2012-05-31 16:57:35: ServiceDLL: system32\kmsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: kmsvc.dll 2012-05-31 16:57:35: Original File Name: KmSvc.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: HomeGroupListener 2012-05-31 16:57:35: Real Path: C:\Windows\system32\ListSvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\ListSvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\ListSvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: ListSvc.dll 2012-05-31 16:57:35: Original File Name: ListSvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: HomeGroupProvider 2012-05-31 16:57:35: Real Path: C:\Windows\system32\provsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\System32\provsvc.dll,-100 2012-05-31 16:57:35: Description: @%SystemRoot%\System32\provsvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: system32\provsvc.dll 2012-05-31 16:57:35: File size: 165376 2012-05-31 16:57:35: DLL File name: provsvc.dll 2012-05-31 16:57:35: Original File Name: provsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 20090713211612 20090713193941 20090713193941 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: IKEEXT 2012-05-31 16:57:35: Real Path: C:\Windows\System32\ikeext.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\ikeext.dll,-501 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\ikeext.dll,-502 2012-05-31 16:57:35: ServiceDLL: System32\ikeext.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: ikeext.dll 2012-05-31 16:57:35: Original File Name: IKEEXT.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: IPBusEnum 2012-05-31 16:57:35: Real Path: C:\Windows\system32\ipbusenum.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102 2012-05-31 16:57:35: Description: @%systemroot%\system32\IPBusEnum.dll,-103 2012-05-31 16:57:35: ServiceDLL: system32\ipbusenum.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: ipbusenum.dll 2012-05-31 16:57:35: Original File Name: IPBusEnum.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: iphlpsvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\iphlpsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501 2012-05-31 16:57:35: ServiceDLL: System32\iphlpsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: iphlpsvc.dll 2012-05-31 16:57:35: Original File Name: iphlpsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: KtmRm 2012-05-31 16:57:35: Real Path: C:\Windows\system32\msdtckrm.dll 2012-05-31 16:57:35: Display Name: @comres.dll,-2946 2012-05-31 16:57:35: Description: @comres.dll,-2947 2012-05-31 16:57:35: ServiceDLL: system32\msdtckrm.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: msdtckrm.dll 2012-05-31 16:57:35: Original File Name: MSDTCKRM.DLL 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: LanmanServer 2012-05-31 16:57:35: Real Path: C:\Windows\System32\srvsvc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\srvsvc.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\srvsvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\srvsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: srvsvc.dll 2012-05-31 16:57:35: Original File Name: SRVSVC.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: LanmanWorkstation 2012-05-31 16:57:35: Real Path: C:\Windows\System32\wkssvc.dll 2012-05-31 16:57:35: Display Name: @%systemroot%\system32\wkssvc.dll,-100 2012-05-31 16:57:35: Description: @%systemroot%\system32\wkssvc.dll,-101 2012-05-31 16:57:35: ServiceDLL: System32\wkssvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: wkssvc.dll 2012-05-31 16:57:35: Original File Name: WKSSVC.DLL.MUI 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: lltdsvc 2012-05-31 16:57:35: Real Path: C:\Windows\System32\lltdsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\lltdres.dll,-1 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\lltdres.dll,-2 2012-05-31 16:57:35: ServiceDLL: System32\lltdsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: lltdsvc.dll 2012-05-31 16:57:35: Original File Name: LLTDSVC.DLL 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: lmhosts 2012-05-31 16:57:35: Real Path: C:\Windows\System32\lmhsvc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101 2012-05-31 16:57:35: Description: @%SystemRoot%\system32\lmhsvc.dll,-102 2012-05-31 16:57:35: ServiceDLL: System32\lmhsvc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: lmhsvc.dll 2012-05-31 16:57:35: Original File Name: lmhsvc.dll.mui 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:35: --------------------------------------------------------------------- 2012-05-31 16:57:35: Found Service: Mcx2Svc 2012-05-31 16:57:35: Real Path: C:\Windows\system32\Mcx2Svc.dll 2012-05-31 16:57:35: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501 2012-05-31 16:57:35: Description: @%SystemRoot%\ehome\ehres.dll,-15502 2012-05-31 16:57:35: ServiceDLL: system32\Mcx2Svc.dll 2012-05-31 16:57:35: File size: 0 2012-05-31 16:57:35: DLL File name: Mcx2Svc.dll 2012-05-31 16:57:35: Original File Name: Mcx2Svc.dll 2012-05-31 16:57:35: Company: 2012-05-31 16:57:35: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: MMCSS 2012-05-31 16:57:36: Real Path: C:\Windows\system32\mmcss.dll 2012-05-31 16:57:36: Display Name: @%systemroot%\system32\mmcss.dll,-100 2012-05-31 16:57:36: Description: @%systemroot%\system32\mmcss.dll,-101 2012-05-31 16:57:36: ServiceDLL: system32\mmcss.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: mmcss.dll 2012-05-31 16:57:36: Original File Name: mmcss.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: MSiSCSI 2012-05-31 16:57:36: Real Path: C:\Windows\system32\iscsiexe.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001 2012-05-31 16:57:36: ServiceDLL: system32\iscsiexe.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: iscsiexe.dll 2012-05-31 16:57:36: Original File Name: iscsiexe.exe.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: napagent 2012-05-31 16:57:36: Real Path: C:\Windows\system32\qagentRT.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\qagentrt.dll,-7 2012-05-31 16:57:36: ServiceDLL: system32\qagentRT.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: qagentRT.dll 2012-05-31 16:57:36: Original File Name: QAgentRT.DLL.MUI 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: Netman 2012-05-31 16:57:36: Real Path: C:\Windows\System32\netman.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\netman.dll,-109 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\netman.dll,-110 2012-05-31 16:57:36: ServiceDLL: System32\netman.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: netman.dll 2012-05-31 16:57:36: Original File Name: netman.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: netprofm 2012-05-31 16:57:36: Real Path: C:\Windows\System32\netprofm.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\netprofm.dll,-202 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\netprofm.dll,-203 2012-05-31 16:57:36: ServiceDLL: System32\netprofm.dll 2012-05-31 16:57:36: File size: 360448 2012-05-31 16:57:36: DLL File name: netprofm.dll 2012-05-31 16:57:36: Original File Name: netprofm.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 20090713211603 20090713195658 20090713195658 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: NlaSvc 2012-05-31 16:57:36: Real Path: C:\Windows\System32\nlasvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1 2012-05-31 16:57:36: Description: @%SystemRoot%\System32\nlasvc.dll,-2 2012-05-31 16:57:36: ServiceDLL: System32\nlasvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: nlasvc.dll 2012-05-31 16:57:36: Original File Name: nlasvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: nsi 2012-05-31 16:57:36: Real Path: C:\Windows\system32\nsisvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\nsisvc.dll,-201 2012-05-31 16:57:36: ServiceDLL: system32\nsisvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: nsisvc.dll 2012-05-31 16:57:36: Original File Name: nsisvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: p2pimsvc 2012-05-31 16:57:36: Real Path: C:\Windows\system32\pnrpsvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005 2012-05-31 16:57:36: ServiceDLL: system32\pnrpsvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: pnrpsvc.dll 2012-05-31 16:57:36: Original File Name: pnrpsvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: p2psvc 2012-05-31 16:57:36: Real Path: C:\Windows\system32\p2psvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\p2psvc.dll,-8007 2012-05-31 16:57:36: ServiceDLL: system32\p2psvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: p2psvc.dll 2012-05-31 16:57:36: Original File Name: p2psvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: !!!!!!! 2012-05-31 16:57:36: Found Service: PcaSvc 2012-05-31 16:57:36: Real Path: C:\Windows\System32\pcasvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\pcasvc.dll,-2 2012-05-31 16:57:36: ServiceDLL: System32\pcasvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: pcasvc.dll 2012-05-31 16:57:36: Original File Name: 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: !!!!!!!!! 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: PeerDistSvc 2012-05-31 16:57:36: Real Path: C:\Windows\system32\peerdistsvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\peerdistsvc.dll,-9000 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001 2012-05-31 16:57:36: ServiceDLL: system32\peerdistsvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: peerdistsvc.dll 2012-05-31 16:57:36: Original File Name: PeerDistSvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: pla 2012-05-31 16:57:36: Real Path: C:\Windows\system32\pla.dll 2012-05-31 16:57:36: Display Name: @%systemroot%\system32\pla.dll,-500 2012-05-31 16:57:36: Description: @%systemroot%\system32\pla.dll,-501 2012-05-31 16:57:36: ServiceDLL: system32\pla.dll 2012-05-31 16:57:36: File size: 1508864 2012-05-31 16:57:36: DLL File name: pla.dll 2012-05-31 16:57:36: Original File Name: PLA.DLL.MUI 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 20090713211612 20090713192013 20090713192013 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: PlugPlay 2012-05-31 16:57:36: Real Path: C:\Windows\system32\umpnpmgr.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101 2012-05-31 16:57:36: ServiceDLL: system32\umpnpmgr.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: umpnpmgr.dll 2012-05-31 16:57:36: Original File Name: Umpnpmgr.DLL.MUI 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: PNRPAutoReg 2012-05-31 16:57:36: Real Path: C:\Windows\system32\pnrpauto.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003 2012-05-31 16:57:36: ServiceDLL: system32\pnrpauto.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: pnrpauto.dll 2012-05-31 16:57:36: Original File Name: pnrpauto.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: PNRPsvc 2012-05-31 16:57:36: Real Path: C:\Windows\system32\pnrpsvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001 2012-05-31 16:57:36: ServiceDLL: system32\pnrpsvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: pnrpsvc.dll 2012-05-31 16:57:36: Original File Name: pnrpsvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: PolicyAgent 2012-05-31 16:57:36: Real Path: C:\Windows\System32\ipsecsvc.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\System32\polstore.dll,-5010 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\polstore.dll,-5011 2012-05-31 16:57:36: ServiceDLL: System32\ipsecsvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: ipsecsvc.dll 2012-05-31 16:57:36: Original File Name: ipsecsvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: Power 2012-05-31 16:57:36: Real Path: C:\Windows\system32\umpo.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\umpo.dll,-100 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\umpo.dll,-101 2012-05-31 16:57:36: ServiceDLL: system32\umpo.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: umpo.dll 2012-05-31 16:57:36: Original File Name: Umpo.DLL.MUI 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: ProfSvc 2012-05-31 16:57:36: Real Path: C:\Windows\system32\profsvc.dll 2012-05-31 16:57:36: Display Name: @%systemroot%\system32\profsvc.dll,-300 2012-05-31 16:57:36: Description: @%systemroot%\system32\profsvc.dll,-301 2012-05-31 16:57:36: ServiceDLL: system32\profsvc.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: profsvc.dll 2012-05-31 16:57:36: Original File Name: ProfSvc.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: QWAVE 2012-05-31 16:57:36: Real Path: C:\Windows\system32\qwave.dll 2012-05-31 16:57:36: Display Name: @%SystemRoot%\system32\qwave.dll,-1 2012-05-31 16:57:36: Description: @%SystemRoot%\system32\qwave.dll,-2 2012-05-31 16:57:36: ServiceDLL: system32\qwave.dll 2012-05-31 16:57:36: File size: 210944 2012-05-31 16:57:36: DLL File name: qwave.dll 2012-05-31 16:57:36: Original File Name: qwave.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 20090713211612 20090713195415 20090713195415 2012-05-31 16:57:36: --------------------------------------------------------------------- 2012-05-31 16:57:36: Found Service: RasAuto 2012-05-31 16:57:36: Real Path: C:\Windows\System32\rasauto.dll 2012-05-31 16:57:36: Display Name: @%Systemroot%\system32\rasauto.dll,-200 2012-05-31 16:57:36: Description: @%Systemroot%\system32\rasauto.dll,-201 2012-05-31 16:57:36: ServiceDLL: System32\rasauto.dll 2012-05-31 16:57:36: File size: 0 2012-05-31 16:57:36: DLL File name: rasauto.dll 2012-05-31 16:57:36: Original File Name: rasauto.dll.mui 2012-05-31 16:57:36: Company: 2012-05-31 16:57:36: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: RasMan 2012-05-31 16:57:37: Real Path: C:\Windows\System32\rasmans.dll 2012-05-31 16:57:37: Display Name: @%Systemroot%\system32\rasmans.dll,-200 2012-05-31 16:57:37: Description: @%Systemroot%\system32\rasmans.dll,-201 2012-05-31 16:57:37: ServiceDLL: System32\rasmans.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: rasmans.dll 2012-05-31 16:57:37: Original File Name: Rasmans.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: RemoteAccess 2012-05-31 16:57:37: Real Path: C:\Windows\System32\mprdim.dll 2012-05-31 16:57:37: Display Name: @%Systemroot%\system32\mprdim.dll,-200 2012-05-31 16:57:37: Description: @%Systemroot%\system32\mprdim.dll,-201 2012-05-31 16:57:37: ServiceDLL: System32\mprdim.dll 2012-05-31 16:57:37: File size: 75264 2012-05-31 16:57:37: DLL File name: mprdim.dll 2012-05-31 16:57:37: Original File Name: MPRDIM.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 20090713211541 20090713195426 20090713195426 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: RemoteRegistry 2012-05-31 16:57:37: Real Path: C:\Windows\system32\regsvc.dll 2012-05-31 16:57:37: Display Name: @regsvc.dll,-1 2012-05-31 16:57:37: Description: @regsvc.dll,-2 2012-05-31 16:57:37: ServiceDLL: system32\regsvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: regsvc.dll 2012-05-31 16:57:37: Original File Name: REGSVC.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: RpcEptMapper 2012-05-31 16:57:37: Real Path: C:\Windows\System32\RpcEpMap.dll 2012-05-31 16:57:37: Display Name: @%windir%\system32\RpcEpMap.dll,-1001 2012-05-31 16:57:37: Description: @%windir%\system32\RpcEpMap.dll,-1002 2012-05-31 16:57:37: ServiceDLL: System32\RpcEpMap.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: RpcEpMap.dll 2012-05-31 16:57:37: Original File Name: RpcEpMap.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: RpcSs 2012-05-31 16:57:37: Real Path: C:\Windows\System32\rpcss.dll 2012-05-31 16:57:37: Display Name: @oleres.dll,-5010 2012-05-31 16:57:37: Description: @oleres.dll,-5011 2012-05-31 16:57:37: ServiceDLL: System32\rpcss.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: rpcss.dll 2012-05-31 16:57:37: Original File Name: rpcss.dll 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SCardSvr 2012-05-31 16:57:37: Real Path: C:\Windows\System32\SCardSvr.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\SCardSvr.dll,-5 2012-05-31 16:57:37: ServiceDLL: System32\SCardSvr.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: SCardSvr.dll 2012-05-31 16:57:37: Original File Name: SCardSvr.exe.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: Schedule 2012-05-31 16:57:37: Real Path: C:\Windows\system32\schedsvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\schedsvc.dll,-101 2012-05-31 16:57:37: ServiceDLL: system32\schedsvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: schedsvc.dll 2012-05-31 16:57:37: Original File Name: schedsvc.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SCPolicySvc 2012-05-31 16:57:37: Real Path: C:\Windows\System32\certprop.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\certprop.dll,-13 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\certprop.dll,-14 2012-05-31 16:57:37: ServiceDLL: System32\certprop.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: certprop.dll 2012-05-31 16:57:37: Original File Name: certprop.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SDRSVC 2012-05-31 16:57:37: Real Path: C:\Windows\System32\SDRSVC.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\sdrsvc.dll,-102 2012-05-31 16:57:37: ServiceDLL: System32\SDRSVC.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: SDRSVC.dll 2012-05-31 16:57:37: Original File Name: SDRSVC.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: seclogon 2012-05-31 16:57:37: Real Path: C:\Windows\system32\seclogon.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\seclogon.dll,-7000 2012-05-31 16:57:37: ServiceDLL: system32\seclogon.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: seclogon.dll 2012-05-31 16:57:37: Original File Name: SECLOGON.EXE.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SENS 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sens.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\Sens.dll,-200 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\Sens.dll,-201 2012-05-31 16:57:37: ServiceDLL: system32\sens.dll 2012-05-31 16:57:37: File size: 49664 2012-05-31 16:57:37: DLL File name: sens.dll 2012-05-31 16:57:37: Original File Name: sens.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 20090713211613 20090713192158 20090713192158 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SensrSvc 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sensrsvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001 2012-05-31 16:57:37: ServiceDLL: system32\sensrsvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: sensrsvc.dll 2012-05-31 16:57:37: Original File Name: sensrsvc.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SessionEnv 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sessenv.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\SessEnv.dll,-1027 2012-05-31 16:57:37: ServiceDLL: system32\sessenv.dll 2012-05-31 16:57:37: File size: 99328 2012-05-31 16:57:37: DLL File name: sessenv.dll 2012-05-31 16:57:37: Original File Name: SessEnv.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 20090713211613 20090713200228 20090713200228 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: ShellHWDetection 2012-05-31 16:57:37: Real Path: C:\Windows\System32\shsvcs.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\shsvcs.dll,-12289 2012-05-31 16:57:37: ServiceDLL: System32\shsvcs.dll 2012-05-31 16:57:37: File size: 328192 2012-05-31 16:57:37: DLL File name: shsvcs.dll 2012-05-31 16:57:37: Original File Name: SHSVCS.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 20090713211614 20090713193928 20090713193928 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: sppuinotify 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sppuinotify.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\sppuinotify.dll,-102 2012-05-31 16:57:37: ServiceDLL: system32\sppuinotify.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: sppuinotify.dll 2012-05-31 16:57:37: Original File Name: sppuinotify.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SSDPSRV 2012-05-31 16:57:37: Real Path: C:\Windows\System32\ssdpsrv.dll 2012-05-31 16:57:37: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100 2012-05-31 16:57:37: Description: @%systemroot%\system32\ssdpsrv.dll,-101 2012-05-31 16:57:37: ServiceDLL: System32\ssdpsrv.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: ssdpsrv.dll 2012-05-31 16:57:37: Original File Name: ssdpsrv.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SstpSvc 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sstpsvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\sstpsvc.dll,-201 2012-05-31 16:57:37: ServiceDLL: system32\sstpsvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: sstpsvc.dll 2012-05-31 16:57:37: Original File Name: sstpsvc.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: stisvc 2012-05-31 16:57:37: Real Path: C:\Windows\System32\wiaservc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\wiaservc.dll,-10 2012-05-31 16:57:37: ServiceDLL: System32\wiaservc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: wiaservc.dll 2012-05-31 16:57:37: Original File Name: WIASERVC.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: StorSvc 2012-05-31 16:57:37: Real Path: C:\Windows\system32\storsvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\StorSvc.dll,-100 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\StorSvc.dll,-101 2012-05-31 16:57:37: ServiceDLL: system32\storsvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: storsvc.dll 2012-05-31 16:57:37: Original File Name: StorSvc.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: swprv 2012-05-31 16:57:37: Real Path: C:\Windows\System32\swprv.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\swprv.dll,-103 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\swprv.dll,-102 2012-05-31 16:57:37: ServiceDLL: System32\swprv.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: swprv.dll 2012-05-31 16:57:37: Original File Name: SWPRV.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: SysMain 2012-05-31 16:57:37: Real Path: C:\Windows\system32\sysmain.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\sysmain.dll,-1001 2012-05-31 16:57:37: ServiceDLL: system32\sysmain.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: sysmain.dll 2012-05-31 16:57:37: Original File Name: sysmain.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: TabletInputService 2012-05-31 16:57:37: Real Path: C:\Windows\System32\TabSvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\TabSvc.dll,-101 2012-05-31 16:57:37: ServiceDLL: System32\TabSvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: TabSvc.dll 2012-05-31 16:57:37: Original File Name: TabSvc.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: TapiSrv 2012-05-31 16:57:37: Real Path: C:\Windows\System32\tapisrv.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\tapisrv.dll,-10101 2012-05-31 16:57:37: ServiceDLL: System32\tapisrv.dll 2012-05-31 16:57:37: File size: 241664 2012-05-31 16:57:37: DLL File name: tapisrv.dll 2012-05-31 16:57:37: Original File Name: TAPISRV.EXE.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 20090713211615 20090713201955 20090713201955 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: TBS 2012-05-31 16:57:37: Real Path: C:\Windows\System32\tbssvc.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100 2012-05-31 16:57:37: Description: @%SystemRoot%\system32\tbssvc.dll,-101 2012-05-31 16:57:37: ServiceDLL: System32\tbssvc.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: tbssvc.dll 2012-05-31 16:57:37: Original File Name: TBSSVC.DLL.MUI 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:37: --------------------------------------------------------------------- 2012-05-31 16:57:37: Found Service: TermService 2012-05-31 16:57:37: Real Path: C:\Windows\System32\termsrv.dll 2012-05-31 16:57:37: Display Name: @%SystemRoot%\System32\termsrv.dll,-268 2012-05-31 16:57:37: Description: @%SystemRoot%\System32\termsrv.dll,-267 2012-05-31 16:57:37: ServiceDLL: System32\termsrv.dll 2012-05-31 16:57:37: File size: 0 2012-05-31 16:57:37: DLL File name: termsrv.dll 2012-05-31 16:57:37: Original File Name: termsrv.dll.mui 2012-05-31 16:57:37: Company: 2012-05-31 16:57:37: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: Themes 2012-05-31 16:57:38: Real Path: C:\Windows\system32\themeservice.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192 2012-05-31 16:57:38: Description: @%SystemRoot%\System32\themeservice.dll,-8193 2012-05-31 16:57:38: ServiceDLL: system32\themeservice.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: themeservice.dll 2012-05-31 16:57:38: Original File Name: THEMESERVICE.DLL.MUI 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: THREADORDER 2012-05-31 16:57:38: Real Path: C:\Windows\system32\mmcss.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\mmcss.dll,-102 2012-05-31 16:57:38: Description: @%systemroot%\system32\mmcss.dll,-103 2012-05-31 16:57:38: ServiceDLL: system32\mmcss.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: mmcss.dll 2012-05-31 16:57:38: Original File Name: mmcss.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: TrkWks 2012-05-31 16:57:38: Real Path: C:\Windows\System32\trkwks.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\trkwks.dll,-1 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\trkwks.dll,-2 2012-05-31 16:57:38: ServiceDLL: System32\trkwks.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: trkwks.dll 2012-05-31 16:57:38: Original File Name: trkwks.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: UmRdpService 2012-05-31 16:57:38: Real Path: C:\Windows\System32\umrdp.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\umrdp.dll,-1000 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\umrdp.dll,-1001 2012-05-31 16:57:38: ServiceDLL: System32\umrdp.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: umrdp.dll 2012-05-31 16:57:38: Original File Name: umrdp.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: !!!!!!! 2012-05-31 16:57:38: Found Service: upnphost 2012-05-31 16:57:38: Real Path: C:\Windows\System32\upnphost.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\upnphost.dll,-213 2012-05-31 16:57:38: Description: @%systemroot%\system32\upnphost.dll,-214 2012-05-31 16:57:38: ServiceDLL: System32\upnphost.dll 2012-05-31 16:57:38: File size: 266752 2012-05-31 16:57:38: DLL File name: upnphost.dll 2012-05-31 16:57:38: Original File Name: unpnhost.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20090713211617 20090713195541 20090713195541 2012-05-31 16:57:38: !!!!!!!!! 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: UxSms 2012-05-31 16:57:38: Real Path: C:\Windows\System32\uxsms.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\dwm.exe,-2000 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\dwm.exe,-2001 2012-05-31 16:57:38: ServiceDLL: System32\uxsms.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: uxsms.dll 2012-05-31 16:57:38: Original File Name: UxSms.dll 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: W32Time 2012-05-31 16:57:38: Real Path: C:\Windows\system32\w32time.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\w32time.dll,-200 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\w32time.dll,-201 2012-05-31 16:57:38: ServiceDLL: system32\w32time.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: w32time.dll 2012-05-31 16:57:38: Original File Name: w32time.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: WbioSrvc 2012-05-31 16:57:38: Real Path: C:\Windows\System32\wbiosrvc.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100 2012-05-31 16:57:38: Description: @%systemroot%\system32\wbiosrvc.dll,-101 2012-05-31 16:57:38: ServiceDLL: System32\wbiosrvc.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: wbiosrvc.dll 2012-05-31 16:57:38: Original File Name: wbiosrvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: wcncsvc 2012-05-31 16:57:38: Real Path: C:\Windows\System32\wcncsvc.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\wcncsvc.dll,-4 2012-05-31 16:57:38: ServiceDLL: System32\wcncsvc.dll 2012-05-31 16:57:38: File size: 276992 2012-05-31 16:57:38: DLL File name: wcncsvc.dll 2012-05-31 16:57:38: Original File Name: WCNCSVC.DLL.MUI 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20100914020714 20110224040037 20110224040037 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: WcsPlugInService 2012-05-31 16:57:38: Real Path: C:\Windows\System32\WcsPlugInService.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201 2012-05-31 16:57:38: ServiceDLL: System32\WcsPlugInService.dll 2012-05-31 16:57:38: File size: 32768 2012-05-31 16:57:38: DLL File name: WcsPlugInService.dll 2012-05-31 16:57:38: Original File Name: WcsPlugInService.DLL.MUI 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20090713211618 20090713192513 20090713192513 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: WdiServiceHost 2012-05-31 16:57:38: Real Path: C:\Windows\system32\wdi.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\wdi.dll,-502 2012-05-31 16:57:38: Description: @%systemroot%\system32\wdi.dll,-503 2012-05-31 16:57:38: ServiceDLL: system32\wdi.dll 2012-05-31 16:57:38: File size: 76288 2012-05-31 16:57:38: DLL File name: wdi.dll 2012-05-31 16:57:38: Original File Name: wdi.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: WdiSystemHost 2012-05-31 16:57:38: Real Path: C:\Windows\system32\wdi.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\wdi.dll,-500 2012-05-31 16:57:38: Description: @%systemroot%\system32\wdi.dll,-501 2012-05-31 16:57:38: ServiceDLL: system32\wdi.dll 2012-05-31 16:57:38: File size: 76288 2012-05-31 16:57:38: DLL File name: wdi.dll 2012-05-31 16:57:38: Original File Name: wdi.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20090713211618 20090713191947 20090713191947 2012-05-31 16:57:38: !!!!!!! 2012-05-31 16:57:38: Found Service: WebClient 2012-05-31 16:57:38: Real Path: C:\Windows\System32\webclnt.dll 2012-05-31 16:57:38: Display Name: @%systemroot%\system32\webclnt.dll,-100 2012-05-31 16:57:38: Description: @%systemroot%\system32\webclnt.dll,-101 2012-05-31 16:57:38: ServiceDLL: System32\webclnt.dll 2012-05-31 16:57:38: File size: 204800 2012-05-31 16:57:38: DLL File name: webclnt.dll 2012-05-31 16:57:38: Original File Name: davsvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20101221013821 20110209165848 20110209165848 2012-05-31 16:57:38: !!!!!!!!! 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: Wecsvc 2012-05-31 16:57:38: Real Path: C:\Windows\system32\wecsvc.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200 2012-05-31 16:57:38: Description: @%SystemRoot%\system32\wecsvc.dll,-201 2012-05-31 16:57:38: ServiceDLL: system32\wecsvc.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: wecsvc.dll 2012-05-31 16:57:38: Original File Name: wecsvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: !!!!!!! 2012-05-31 16:57:38: Found Service: wercplsupport 2012-05-31 16:57:38: Real Path: C:\Windows\System32\wercplsupport.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101 2012-05-31 16:57:38: Description: @%SystemRoot%\System32\wercplsupport.dll,-100 2012-05-31 16:57:38: ServiceDLL: System32\wercplsupport.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: wercplsupport.dll 2012-05-31 16:57:38: Original File Name: ERC 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: !!!!!!!!! 2012-05-31 16:57:38: !!!!!!! 2012-05-31 16:57:38: Found Service: WerSvc 2012-05-31 16:57:38: Real Path: C:\Windows\System32\WerSvc.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\System32\wersvc.dll,-100 2012-05-31 16:57:38: Description: @%SystemRoot%\System32\wersvc.dll,-101 2012-05-31 16:57:38: ServiceDLL: System32\WerSvc.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: WerSvc.dll 2012-05-31 16:57:38: Original File Name: wersvc 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: !!!!!!!!! 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: Winmgmt 2012-05-31 16:57:38: Real Path: C:\Windows\system32\wbem\WMIsvc.dll 2012-05-31 16:57:38: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205 2012-05-31 16:57:38: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204 2012-05-31 16:57:38: ServiceDLL: system32\wbem\WMIsvc.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: WMIsvc.dll 2012-05-31 16:57:38: Original File Name: wmisvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: WinRM 2012-05-31 16:57:38: Real Path: C:\Windows\system32\WsmSvc.dll 2012-05-31 16:57:38: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101 2012-05-31 16:57:38: Description: @%Systemroot%\system32\wsmsvc.dll,-102 2012-05-31 16:57:38: ServiceDLL: system32\WsmSvc.dll 2012-05-31 16:57:38: File size: 1175040 2012-05-31 16:57:38: DLL File name: WsmSvc.dll 2012-05-31 16:57:38: Original File Name: WsmSvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 20090713211620 20090713193143 20090713193143 2012-05-31 16:57:38: --------------------------------------------------------------------- 2012-05-31 16:57:38: Found Service: Wlansvc 2012-05-31 16:57:38: Real Path: C:\Windows\System32\wlansvc.dll 2012-05-31 16:57:38: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257 2012-05-31 16:57:38: Description: @%SystemRoot%\System32\wlansvc.dll,-258 2012-05-31 16:57:38: ServiceDLL: System32\wlansvc.dll 2012-05-31 16:57:38: File size: 0 2012-05-31 16:57:38: DLL File name: wlansvc.dll 2012-05-31 16:57:38: Original File Name: wlansvc.dll.mui 2012-05-31 16:57:38: Company: 2012-05-31 16:57:38: Mod/Cre/Acc time: 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: WPCSvc 2012-05-31 16:57:39: Real Path: C:\Windows\System32\wpcsvc.dll 2012-05-31 16:57:39: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100 2012-05-31 16:57:39: Description: @%SystemRoot%\system32\wpcsvc.dll,-101 2012-05-31 16:57:39: ServiceDLL: System32\wpcsvc.dll 2012-05-31 16:57:39: File size: 10752 2012-05-31 16:57:39: DLL File name: wpcsvc.dll 2012-05-31 16:57:39: Original File Name: wpcsvc.exe.mui 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 20090713211620 20090713194010 20090713194010 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: WPDBusEnum 2012-05-31 16:57:39: Real Path: C:\Windows\system32\wpdbusenum.dll 2012-05-31 16:57:39: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100 2012-05-31 16:57:39: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101 2012-05-31 16:57:39: ServiceDLL: system32\wpdbusenum.dll 2012-05-31 16:57:39: File size: 0 2012-05-31 16:57:39: DLL File name: wpdbusenum.dll 2012-05-31 16:57:39: Original File Name: WpdBusEnum.DLL.MUI 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: wscsvc 2012-05-31 16:57:39: Real Path: C:\Windows\system32\wscsvc.dll 2012-05-31 16:57:39: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200 2012-05-31 16:57:39: Description: @%SystemRoot%\System32\wscsvc.dll,-201 2012-05-31 16:57:39: ServiceDLL: system32\wscsvc.dll 2012-05-31 16:57:39: File size: 0 2012-05-31 16:57:39: DLL File name: wscsvc.dll 2012-05-31 16:57:39: Original File Name: wscsvc.dll.mui 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: wuauserv 2012-05-31 16:57:39: Real Path: C:\Windows\system32\wuaueng.dll 2012-05-31 16:57:39: Display Name: @%systemroot%\system32\wuaueng.dll,-105 2012-05-31 16:57:39: Description: @%systemroot%\system32\wuaueng.dll,-106 2012-05-31 16:57:39: ServiceDLL: system32\wuaueng.dll 2012-05-31 16:57:39: File size: 0 2012-05-31 16:57:39: DLL File name: wuaueng.dll 2012-05-31 16:57:39: Original File Name: wuaueng.dll.mui 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: wudfsvc 2012-05-31 16:57:39: Real Path: C:\Windows\System32\WUDFSvc.dll 2012-05-31 16:57:39: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000 2012-05-31 16:57:39: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001 2012-05-31 16:57:39: ServiceDLL: System32\WUDFSvc.dll 2012-05-31 16:57:39: File size: 0 2012-05-31 16:57:39: DLL File name: WUDFSvc.dll 2012-05-31 16:57:39: Original File Name: WUDFSvc.dll.mui 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 2012-05-31 16:57:39: --------------------------------------------------------------------- 2012-05-31 16:57:39: Found Service: WwanSvc 2012-05-31 16:57:39: Real Path: C:\Windows\System32\wwansvc.dll 2012-05-31 16:57:39: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257 2012-05-31 16:57:39: Description: @%SystemRoot%\System32\wwansvc.dll,-258 2012-05-31 16:57:39: ServiceDLL: System32\wwansvc.dll 2012-05-31 16:57:39: File size: 0 2012-05-31 16:57:39: DLL File name: wwansvc.dll 2012-05-31 16:57:39: Original File Name: WwanSvc.dll.mui 2012-05-31 16:57:39: Company: 2012-05-31 16:57:39: Mod/Cre/Acc time: 2012-05-31 16:57:39: 2012-05-31 16:57:39: Looking for SHELL key 2012-05-31 16:57:39: Now looking for bad DLL files in system32 2012-05-31 16:58:15: Folder: GAC 2012-05-31 16:58:15: Folder: GAC_32 2012-05-31 16:58:15: ... Fixing permissions on C:\Windows\assembly\GAC_32\desktop.ini 2012-05-31 16:58:15: Folder: GAC_64 2012-05-31 16:58:15: ... Fixing permissions on C:\Windows\assembly\GAC_64\desktop.ini 2012-05-31 16:58:15: Folder: GAC_MSIL 2012-05-31 16:58:15: Folder: NativeImages_v2.0.50727_32 2012-05-31 16:58:15: Folder: NativeImages_v2.0.50727_64 2012-05-31 16:58:15: Folder: NativeImages_v4.0.30319_32 2012-05-31 16:58:15: Folder: NativeImages_v4.0.30319_64 2012-05-31 16:58:15: Folder: temp 2012-05-31 16:58:15: Folder: tmp 2012-05-31 16:58:16: Checking for bad folder 2012-05-31 16:58:16: Found 1 folders. 2012-05-31 16:58:16: Checking C:\Windows\assembly\tmp 2012-05-31 16:58:16: ... Folder test returns: 1 2012-05-31 16:58:16: Done with folder list in C:\Windows\assembly\ tmp 2012-05-31 16:58:16: Requesting bad file: C:\Windows\assembly\GAC_32\desktop.ini 2012-05-31 16:58:16: Requesting bad file: C:\Windows\assembly\GAC_64\desktop.ini 2012-05-31 16:58:16: Running Extractor 2012-05-31 16:58:17: Uploading file 2012-05-31 16:58:18: Error: The download of the specified resource has failed. 2012-05-31 16:58:18: Error: 2012-05-31 16:58:18: Locking file: C:\Windows\assembly\GAC_32\desktop.ini 2012-05-31 16:58:18: Locking file: C:\Windows\assembly\GAC_64\desktop.ini 2012-05-31 16:58:18: Autonomous mode, clearing out yt folder 2012-05-31 16:58:18: cmd.exe /c start "C:\Users\grevolorio\Desktop\yorkyt.exe" 2012-05-31 16:58:30: Restarting... 2012-05-31 17:04:13: **************************************************** 2012-05-31 17:04:14: Starting UP ... v 0.0.0.220 2012-05-31 17:04:14: **************************************************** 2012-05-31 17:04:19: Stop TPSRV returns: 2 2012-05-31 17:04:34: Listing processes... 2012-05-31 17:04:34: :[system Process]:0 2012-05-31 17:04:34: :System:4 2012-05-31 17:04:34: :smss.exe:352 2012-05-31 17:04:34: :csrss.exe:628 2012-05-31 17:04:34: :csrss.exe:724 2012-05-31 17:04:34: :wininit.exe:732 2012-05-31 17:04:34: :services.exe:784 2012-05-31 17:04:34: :winlogon.exe:816 2012-05-31 17:04:34: :lsass.exe:844 2012-05-31 17:04:34: :lsm.exe:856 2012-05-31 17:04:34: :svchost.exe:988 2012-05-31 17:04:34: :svchost.exe:392 2012-05-31 17:04:34: :svchost.exe:964 2012-05-31 17:04:34: :svchost.exe:1036 2012-05-31 17:04:34: :svchost.exe:1064 2012-05-31 17:04:34: :audiodg.exe:1152 2012-05-31 17:04:34: :svchost.exe:1204 2012-05-31 17:04:34: :Pen_TouchService.exe:1280 2012-05-31 17:04:34: :Smc.exe:1408 2012-05-31 17:04:34: :wisptis.exe:1516 2012-05-31 17:04:34: :svchost.exe:1680 2012-05-31 17:04:34: :ccSvcHst.exe:1832 2012-05-31 17:04:34: :wisptis.exe:1964 2012-05-31 17:04:34: :Pen_TouchUser.exe:1972 2012-05-31 17:04:34: :TabTip.exe:2000 2012-05-31 17:04:34: :TabTip32.exe:1304 2012-05-31 17:04:34: :spoolsv.exe:2076 2012-05-31 17:04:34: :taskhost.exe:2104 2012-05-31 17:04:34: :SASCore64.exe:2396 2012-05-31 17:04:34: :armsvc.exe:2436 2012-05-31 17:04:34: :AppleMobileDeviceService.exe:2488 2012-05-31 17:04:34: :taskeng.exe:2496 2012-05-31 17:04:34: :GoogleUpdate.exe:2536 2012-05-31 17:04:34: :dwm.exe:2632 2012-05-31 17:04:34: :explorer.exe:2668 2012-05-31 17:04:34: :mDNSResponder.exe:2680 2012-05-31 17:04:34: :btwdins.exe:2732 2012-05-31 17:04:34: :cvpnd.exe:2852 2012-05-31 17:04:34: :svchost.exe:2924 2012-05-31 17:04:34: :LMIGuardianSvc.exe:2956 2012-05-31 17:04:34: :ramaint.exe:3044 2012-05-31 17:04:34: :LogMeIn.exe:1100 2012-05-31 17:04:34: :SmcGui.exe:2380 2012-05-31 17:04:34: :nlssrv32.exe:1524 2012-05-31 17:04:34: :MouseWithoutBorders.exe:1356 2012-05-31 17:04:34: :PsiService_2.exe:384 2012-05-31 17:04:34: :MouseWithoutBorders.exe:3040 2012-05-31 17:04:34: :SeagateDashboardService.exe:2608 2012-05-31 17:04:34: :LogMeInSystray.exe:3228 2012-05-31 17:04:34: :DDHelper.exe:3320 2012-05-31 17:04:34: :nvSCPAPISvr.exe:3528 2012-05-31 17:04:34: :svchost.exe:3556 2012-05-31 17:04:34: :Rtvscan.exe:3576 2012-05-31 17:04:34: :Pen_Tablet.exe:3660 2012-05-31 17:04:34: :Pen_TabletUser.exe:3744 2012-05-31 17:04:34: :TeamViewer_Service.exe:3784 2012-05-31 17:04:34: :ProtectionUtilSurrogate.exe:3796 2012-05-31 17:04:34: :Pen_Tablet.exe:3804 2012-05-31 17:04:34: :vmware-usbarbitrator.exe:3956 2012-05-31 17:04:34: :vmnat.exe:4008 2012-05-31 17:04:34: :WLIDSVC.EXE:2576 2012-05-31 17:04:34: :vmware-authd.exe:3312 2012-05-31 17:04:34: :WLIDSVCM.EXE:3380 2012-05-31 17:04:34: :TeamViewer.exe:3676 2012-05-31 17:04:34: :WmiPrvSE.exe:3996 2012-05-31 17:04:34: :vmnetdhcp.exe:4160 2012-05-31 17:04:34: :WmiPrvSE.exe:4360 2012-05-31 17:04:34: :TrustedInstaller.exe:4908 2012-05-31 17:04:34: :yorkyt.exe:5044 2012-05-31 17:04:34: :ipoint.exe:4296 2012-05-31 17:04:34: :robotaskbaricon.exe:4336 2012-05-31 17:04:34: :tv_w32.exe:4760 2012-05-31 17:04:34: :tv_x64.exe:2688 2012-05-31 17:04:34: :SUPERAntiSpyware.exe:4872 2012-05-31 17:04:34: :SearchIndexer.exe:2044 2012-05-31 17:04:34: :dllhost.exe:4900 2012-05-31 17:04:34: :acrotray.exe:4932 2012-05-31 17:04:34: :UnlockerAssistant.exe:2676 2012-05-31 17:04:34: :APSDaemon.exe:1856 2012-05-31 17:04:34: :vpngui.exe:5020 2012-05-31 17:04:34: :iTunesHelper.exe:4716 2012-05-31 17:04:34: :acrodist.exe:5100 2012-05-31 17:04:34: :wuauclt.exe:2408 2012-05-31 17:04:34: :Dropbox.exe:828 2012-05-31 17:04:34: :EvernoteClipper.exe:2904 2012-05-31 17:04:34: 2012-05-31 17:04:34: Starting cleanup mode... 2012-05-31 17:06:51: ... Done with files, now folders 2012-05-31 17:25:05: All DONE

Overall slugishness. When I search the web, I get the results page but when I click on any link it takes me to an advertising page. Yesterday I followed a link on chrome and it open hundreds of tabs. Right now I'm using Browzar. I've been using another computer to communicate with you but I'm afraid to compromise it. I promise you once we remove this malware I will volunteer time to your cause, I hope you have a learning program so I can help.

I know. This is crazy. No warnings, errors, anything. It finishes expanding and then nothing happens.

Still no luck MrC. The second command triggered ComboFIx, it expanded but not run.

Lol. I did that several times. I went in safe mode and deleted the folder that ComboFix creates in the C drive. Tried again, now I don't get the error anymore, it expands but still won't run.

I follow the instruction at the link and try to run ComboFix from the Chameleon folder without luck, it expanded but just hung there, I waited for about 30 min but nothing happened. I looked for the file in the Installer folder and I found it. I renamed it and tried again. Now I get errors when is expanding, when I hit "ignore" it finishes but gives me the "Incompatible OS" message:

Still no luck MrC. It did not run. I tried in Safe Mode with the command "%userprofile%\desktop\combofix.exe" /killall /nombr but it just expanded but would not run. Thanks again for all your help. Gus

Sorry MrC, I had a few days of holiday. I really apologize. This is the FSS log: Farbar Service Scanner Version: 27-05-2012 Ran by GRevolorio (administrator) on 29-05-2012 at 08:42:25 Running from "C:\Users\grevolorio\Desktop" Microsoft Windows 7 Professional (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys [2012-02-16 17:04] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-05-10 14:32] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3 C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5 C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7 C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****