PDA

View Full Version : quite stuck here



frakman
2015-06-07, 08:12
Hi,
a friend recommended I post here. I have read through the stickies so hope I get this correct. Thanks in advance, and I will be donating to this fantastic service.

This are more difficult to me as this occurred when I am moving jobs and cities so my only net access is via the mobile phone which is pretty expensive.

I have a malware infection that I am 90% sure is email spamming. As soon as a network connection is available, I see stack of cmd.exe (the standard location) with an empty command line and associated process fire off. they talk with a huge amount of IPs online which I take to be mail servers.

I suspect I got infected via an old Java that I did not realise was still there. I have since removed all Java installs so there is currently nothing.

In getting to the bottom of this I have used Process Hacker, and Procmon - to do a bootup log which when I first tried it stopped by computer from booting (due to the sys file not being correct, and it being referenced in bootup from the registry to actually do its logging. I did a registry backup from regedit at this time.

I do have the bootlog from that.

I also ran combofix which I know see I should not run before asking for help, here. It is still installed, however, and I see its process. After I ran this my system appeared clean until MS rebooted the machine and the processes came back.


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-06-07 12:31:56
-----------------------------
12:31:56.003 OS Version: Windows x64 6.1.7601 Service Pack 1
12:31:56.023 Number of processors: 4 586 0x2A07
12:31:56.023 ComputerName: FRAK-HP UserName: frak
12:31:58.679 Initialize success
12:31:58.779 VM: initialized successfully
12:31:58.779 VM: Intel CPU supported
12:32:07.831 VM: supported disk I/O iaStor.sys
12:32:26.154 AVAST engine download error: 0
12:32:48.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:32:48.382 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
12:32:49.313 VM: Disk 0 MBR read successfully
12:32:49.333 Disk 0 MBR scan
12:32:49.343 Disk 0 Windows 7 default MBR code
12:32:49.373 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
12:32:49.453 Disk 0 default boot code
12:32:49.473 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 456520 MB offset 616448
12:32:49.513 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14996 MB offset 935569408
12:32:49.553 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 5115 MB offset 966281216
12:32:50.253 Disk 0 scanning C:\windows\system32\drivers
12:33:11.630 Service scanning
12:33:36.268 Modules scanning
12:33:36.278 Disk 0 trace - called modules:
12:33:36.318 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
12:33:36.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f8b3060]
12:33:36.328 3 CLASSPNP.SYS[fffff88001af943f] -> nt!IofCallDriver -> [0xfffffa800f66bb10]
12:33:36.338 5 hpdskflt.sys[fffff8800122c189] -> nt!IofCallDriver -> [0xfffffa800dcad820]
12:33:36.348 7 ACPI.sys[fffff88000f027a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800dcb1050]
12:33:36.348 Disk 0 statistics 111165/0/26 @ 2.49 MB/s
12:33:36.358 Scan finished successfully
14:41:45.113 Disk 0 MBR has been saved successfully to "C:\Users\frak\Desktop\mal\MBR.dat"
14:41:45.123 The log file has been saved successfully to "C:\Users\frak\Desktop\mal\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by frak (administrator) on FRAK-HP on 06-06-2015 15:10:15
Running from C:\Users\frak\Desktop\mal
Loaded Profiles: frak (Available Profiles: frak)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(CA) C:\Program Files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe
(CA) C:\Program Files (x86)\CA\SharedComponents\CA_LIC\lic98Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(MYOB Technology Pty Ltd) C:\Program Files (x86)\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(MYOB Technology Pty Ltd) C:\Program Files (x86)\MYOB\AccountRight\2013.1\AU\Huxley.Server.WindowsService.exe
(Palm) C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\amd64\novacomd.exe
() C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\ShareMouse\smService.exe
() C:\Program Files (x86)\ShareMouse\ShareMouse.exe
() C:\Program Files (x86)\ShareMouse\ShareMouse.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Google) C:\Users\frak\AppData\Roaming\Google\Google Talk\googletalk.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Akamai Technologies, Inc.) C:\Users\frak\AppData\Local\Akamai\netsession_win.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Akamai Technologies, Inc.) C:\Users\frak\AppData\Local\Akamai\netsession_win.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dropbox, Inc.) C:\Users\frak\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Sysinternals - www.sysinternals.com (http://www.sysinternals.com)) C:\Users\frak\Desktop\Procmon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Common Files\Research in Motion\nginx\nginx.exe
(Sysinternals - www.sysinternals.com (http://www.sysinternals.com)) C:\Users\frak\AppData\Local\Temp\Procmon64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Common Files\Research in Motion\nginx\nginx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-02-01] (IDT, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-02-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2941496 2011-03-18] (Hewlett-Packard Company)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-13] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SignIn] => C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe [1742704 2011-03-16] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [442896 2013-06-27] (Research In Motion Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4423168 2013-09-12] (Research In Motion Limited)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2014-05-11] (PDF Complete Inc)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1492264 2011-11-18] (Nero AG)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [272384 2010-09-09] (Vodafone)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2012-01-14] (Intel Corporation)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1126264 2011-08-14] (Infineon Technologies AG)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-27] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2012-09-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-24] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [522736 2011-04-19] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-08-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2888384 2015-05-12] (Valve Corporation)
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-14] (Samsung)
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-12-30] (Samsung Electronics)
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [ISUSPM] => -scheduler
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [googletalk] => C:\Users\frak\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-02] (Google)
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [Google Update] => C:\Users\frak\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-16] (Google Inc.)
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Run: [Akamai NetSession Interface] => C:\Users\frak\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\MountPoints2: D - D:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\MountPoints2: {69c26f57-d51d-11e0-ade9-3cd92b255cef} - I:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\MountPoints2: {7719cb2e-c7cc-11e0-9ee0-0024d7d38dec} - D:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\MountPoints2: {7719cb7c-c7cc-11e0-9ee0-0024d7d38dec} - D:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\MountPoints2: {aa738737-da91-11e0-b16f-0024d7d38dec} - D:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\MountPoints2: {b2cf3f0e-ce04-11e0-8b28-3cd92b255cef} - D:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\MountPoints2: {b2cf3f21-ce04-11e0-8b28-3cd92b255cef} - D:\setup_vmb_lite.exe /checkApplicationPresence
IFEO\taskmgr.exe: [Debugger] "C:\Program Files\Process Hacker 2\ProcessHacker.exe"
Lsa: [Notification Packages] DPPassFilter EpePcNp64 scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2015-06-02]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-06-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\frak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\frak\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2034661297-170274631-3907706445-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5090123
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKU\S-1-5-21-2034661297-170274631-3907706445-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
URLSearchHook: HKLM-x32 - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
URLSearchHook: HKU\S-1-5-21-2034661297-170274631-3907706445-1001 - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2034661297-170274631-3907706445-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKU\S-1-5-21-2034661297-170274631-3907706445-1001 -> {3BA375AB-6D26-47FD-BB2A-ED9E71C89E99} URL = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2034661297-170274631-3907706445-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2034661297-170274631-3907706445-1001 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Y9ExurXmGw3F3P4tNmsw8lAYxXM?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2034661297-170274631-3907706445-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-2034661297-170274631-3907706445-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2034661297-170274631-3907706445-1001 -> {FF87A83A-3BFE-42E4-8E2D-7DDC0D00CBD8} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-08-26] (Hewlett-Packard)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-2034661297-170274631-3907706445-1001 -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\frak\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\frak\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\frak\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\frak\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\frak\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\Users\frak\AppData\Local\Temp\f5tmp\f5syschk.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568 2014-10-30] ()
Winsock: Catalog9 02 C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568 2014-10-30] ()
Winsock: Catalog9 03 C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568 2014-10-30] ()
Winsock: Catalog9 04 C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568 2014-10-30] ()
Winsock: Catalog9 05 C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568 2014-10-30] ()
Winsock: Catalog9 19 C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568 2014-10-30] ()
Tcpip\..\Interfaces\{125BF954-C35C-405E-875E-462AF65C787A}: [NameServer] 10.143.147.147 10.143.147.148
Tcpip\..\Interfaces\{1E5B5157-D30B-46D7-B9BA-2EC482464796}: [NameServer] 10.143.147.147 10.143.147.148
Tcpip\..\Interfaces\{42924C01-43F6-43C9-B801-4FC7E085C430}: [NameServer] 10.143.147.147 10.143.147.148
Tcpip\..\Interfaces\{6B0B71F5-8C68-49AD-8FA0-D85F4DBAA962}: [NameServer] 10.143.147.147 10.143.147.148
Tcpip\..\Interfaces\{A5691E8C-6A95-46A8-810F-D443897B43CD}: [NameServer] 10.143.147.147 10.143.147.148
Tcpip\..\Interfaces\{F7324C72-3BD7-46AD-8B3F-618075520A80}: [NameServer] 192.168.1.1,192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\mscgomu5.TopCoolApps
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @abr.gov.au/KeyMgmtPlugin -> C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll [2012-10-25] (Commonwealth Government of Australia)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-12-02] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-09-09] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-21] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-12-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2034661297-170274631-3907706445-1001: @citrixonline.com/appdetectorplugin -> C:\Users\frak\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-2034661297-170274631-3907706445-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\frak\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2034661297-170274631-3907706445-1001: @talk.google.com/O1DPlugin -> C:\Users\frak\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2034661297-170274631-3907706445-1001: @tools.google.com/Google Update;version=3 -> C:\Users\frak\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2034661297-170274631-3907706445-1001: @tools.google.com/Google Update;version=9 -> C:\Users\frak\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2034661297-170274631-3907706445-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\frak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2034661297-170274631-3907706445-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-12-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-27] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\frak\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\frak\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Selenium IDE: C# Formatters - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\mscgomu5.TopCoolApps\Extensions\csharpformatters@seleniumhq.org.xpi [2013-05-04]
FF Extension: Selenium IDE: Java Formatters - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\mscgomu5.TopCoolApps\Extensions\javaformatters@seleniumhq.org.xpi [2013-05-04]
FF Extension: Selenium IDE: Python Formatters - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\mscgomu5.TopCoolApps\Extensions\pythonformatters@seleniumhq.org.xpi [2013-05-04]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\mscgomu5.TopCoolApps\Extensions\rubyformatters@seleniumhq.org.xpi [2013-05-04]
FF Extension: Selenium IDE - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\mscgomu5.TopCoolApps\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2013-05-04]
FF Extension: iAqua - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\mscgomu5.TopCoolApps\Extensions\{e1d404a0-6bb3-11de-8a39-0800200c9a66}.xpi [2012-11-24]
FF Extension: SeoQuake - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\u9sqju3v.Web Dev\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-10-25]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\u9sqju3v.Web Dev\Extensions\firebug@software.joehewitt.com.xpi [2012-11-24]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\u9sqju3v.Web Dev\Extensions\firebug@tools.sitepoint.com.xpi [2012-11-24]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\u9sqju3v.Web Dev\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2013-10-27]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\u9sqju3v.Web Dev\Extensions\linksforms@queze.net.xpi [2012-11-24]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\u9sqju3v.Web Dev\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-11-24]
FF Extension: SearchStatus - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\u9sqju3v.Web Dev\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2012-11-24]
FF Extension: HackBar - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\u9sqju3v.Web Dev\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2012-11-24]
FF Extension: 8 Ultimo - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\wgds3pg4.Fun\Extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66} [2012-11-24]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\wgds3pg4.Fun\Extensions\fbchathistory@firechm.com.xpi [2014-01-31]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\wgds3pg4.Fun\Extensions\silvermelxt@pardal.de.xpi [2012-11-24]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\wgds3pg4.Fun\Extensions\{961408A3-C970-4577-970A-D97C29839A67}.xpi [2012-11-24]
FF Extension: Lavasoft Search Plugin - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-09-23]
FF Extension: Links and Forms - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\linksforms@queze.net [2011-08-16]
FF Extension: SeoQuake - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-08-06]
FF Extension: uTorrentControl2 Community Toolbar - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2013-08-06]
FF Extension: iMacros for Firefox - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-09-12]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\firebug@software.joehewitt.com.xpi [2011-08-16]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\rankchecker@seobook.com.xpi [2011-08-16]
FF Extension: No Name - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\{B71ACFF2-E436-4cc7-B5E3-0C8E2CC981BA}.xpi [2012-06-13]
FF Extension: Web Developer - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-16]
FF Extension: SearchStatus - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-10-26]
FF Extension: SearchPreview - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi [2011-08-19]
FF Extension: HackBar - C:\Users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\hn10h436.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2011-08-16]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-09-24]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-08-18]

Chrome:
=======
CHR Profile: C:\Users\frak\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\frak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-01-13]
CHR Extension: (Swap My Cookies) - C:\Users\frak\AppData\Local\Google\Chrome\User Data\Default\Extensions\dffhipnliikkblkhpjapbecpmoilcama [2014-01-13]
CHR Extension: (KindleSpy) - C:\Users\frak\AppData\Local\Google\Chrome\User Data\Default\Extensions\glkjijbjdhggpgeiennpadafglapnjje [2015-01-01]
CHR Extension: (Bookmark Manager) - C:\Users\frak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\frak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Wallet) - C:\Users\frak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR HKU\S-1-5-21-2034661297-170274631-3907706445-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\frak\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\frak\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-06-27] (Research In Motion Limited) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-08-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-08-13] (BlueStack Systems, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-13] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-13] (ESET)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464512 2011-03-08] (Hewlett-Packard Company)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-29] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [322048 2011-08-26] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1126264 2011-08-14] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980856 2011-08-14] (Infineon Technologies AG)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 LogWatch; C:\Program Files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe [75016 2008-05-20] (CA)
S4 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-02-08] () [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
S3 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S3 MSSQLFDLauncher$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
R2 MYOB AccountRight Library; C:\Program Files (x86)\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe [11264 2013-05-27] (MYOB Technology Pty Ltd) [File not signed]
R2 MYOB AccountRight Server 2013.1; C:\Program Files (x86)\MYOB\AccountRight\2013.1\AU\Huxley.Server.WindowsService.exe [15192 2013-05-27] (MYOB Technology Pty Ltd)
S2 MYOB AccountRight Server Locator; C:\Program Files (x86)\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe [9728 2013-05-27] (MYOB Technology Pty Ltd) [File not signed]
S3 MySQL55; C:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9508 2012-12-27] () [File not signed]
R2 NovacomD; C:\Program Files (x86)\HP webOS\SDK\bin\novacomd\amd64\novacomd.exe [71680 2011-09-19] (Palm) [File not signed]
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-09-05] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-30] (The OpenVPN Project)
R2 Palm_TCP_Relay; C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe [11776 2011-10-07] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1332360 2014-05-11] (PDF Complete Inc)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203640 2011-08-14] (Infineon Technologies AG)
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-09-12] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1283072 2013-09-12] (Research In Motion Limited) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-26] (CACE Technologies, Inc.)
R2 ShareMouse Service; C:\Program Files (x86)\ShareMouse\smService.exe [197936 2014-09-24] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2013-02-01] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S3 Visual Studio Analyzer RPC bridge; C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
R2 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [8704 2010-09-09] (Vodafone) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MYOB AccountRight Server 2011.1; "C:\Program Files (x86)\MYOB\AccountRight\2011.1\AU\Huxley.Server.WindowsService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-08-13] (BlueStack Systems)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-03-04] (Hewlett-Packard Company)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-22] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-22] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2010-12-22] (ESET)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-09-09] (Huawei Technologies Co., Ltd.)
S3 f5ipfw; C:\windows\system32\drivers\urfltv64.sys [18512 2011-06-22] (F5 Networks, Inc.)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2014-11-18] (Intel Corporation)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-02-01] (JMicron Technology Corp.)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-02-08] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-02-08] (McAfee, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2011-08-14] (Infineon Technologies AG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-09-12] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [44112 2011-06-07] (F5 Networks, Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R3 vmkbd2; C:\windows\system32\drivers\VMkbd.sys [32848 2013-08-27] (VMware, Inc.)
R2 VMparport; C:\windows\system32\drivers\VMparport.sys [31824 2013-08-27] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-08-15] (VMware, Inc.)
S1 qwzyowck; \??\C:\windows\system32\drivers\qwzyowck.sys [X]
S1 SBRE; \??\C:\windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 15:09 - 2015-06-06 15:10 - 00000000 ____D C:\FRST
2015-06-06 15:00 - 2015-06-06 15:10 - 00000000 ____D C:\Users\frak\Desktop\mal
2015-06-06 14:42 - 2015-06-06 14:42 - 85070078 _____ C:\Users\frak\Desktop\Logfile_spam_active.PML
2015-06-06 14:35 - 2015-06-06 14:39 - 330670521 _____ C:\Users\frak\Desktop\Bootlog-4.pml
2015-06-06 14:35 - 2015-06-06 14:39 - 261840856 _____ C:\Users\frak\Desktop\Bootlog-5.pml
2015-06-06 14:34 - 2015-06-06 14:39 - 371311415 _____ C:\Users\frak\Desktop\Bootlog-2.pml
2015-06-06 14:34 - 2015-06-06 14:35 - 273504405 _____ C:\Users\frak\Desktop\Bootlog-3.pml
2015-06-06 14:32 - 2015-06-06 14:39 - 386480415 _____ C:\Users\frak\Desktop\Bootlog-1.pml
2015-06-06 14:29 - 2015-06-06 14:39 - 333098712 _____ C:\Users\frak\Desktop\Bootlog.pml
2015-06-03 09:34 - 2015-06-03 09:34 - 00911301 _____ C:\Users\frak\Downloads\ProcessMonitor (1).zip
2015-06-02 23:04 - 2015-06-02 23:04 - 00000000 ____D C:\ProgramData\dbg
2015-06-02 22:57 - 2015-06-03 09:14 - 00000000 ____D C:\Users\frak\AppData\Roaming\Process Hacker 2
2015-06-02 22:55 - 2015-06-02 22:55 - 00001841 _____ C:\Users\Public\Desktop\Process Hacker 2.lnk
2015-06-02 22:55 - 2015-06-02 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2015-06-02 22:55 - 2015-06-02 22:55 - 00000000 ____D C:\Program Files\Process Hacker 2
2015-06-02 22:54 - 2015-06-02 22:54 - 01986032 _____ (wj32 ) C:\Users\frak\Downloads\processhacker-2.35-setup.exe
2015-06-02 18:58 - 2015-06-02 20:01 - 00000000 ____D C:\windows\pss
2015-05-31 15:11 - 2015-05-31 15:11 - 00911301 _____ C:\Users\frak\Downloads\ProcessMonitor.zip
2015-05-31 11:42 - 2015-05-31 11:42 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-05-28 22:02 - 2015-05-28 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN
2015-05-28 21:39 - 2015-05-28 21:40 - 06202336 _____ (Privax Ltd) C:\Users\frak\Downloads\HMA-Pro-VPN-2.8.19.0-install.exe
2015-05-28 18:18 - 2015-05-28 18:18 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-05-28 18:18 - 2015-05-28 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-28 18:18 - 2015-05-28 18:18 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-28 18:18 - 2015-05-28 18:18 - 00000000 ____D C:\Program Files\iTunes
2015-05-28 18:18 - 2015-05-28 18:18 - 00000000 ____D C:\Program Files\iPod
2015-05-28 18:18 - 2015-05-28 18:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-05-25 17:38 - 2015-06-03 09:35 - 02046608 _____ (Sysinternals - www.sysinternals.com (http://www.sysinternals.com)) C:\Users\frak\Desktop\Procmon.exe
2015-05-21 03:06 - 2015-05-21 10:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-05-17 16:35 - 2015-05-17 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-17 15:40 - 2015-05-17 15:40 - 00000165 ____H C:\Users\frak\Documents\~$Trey_timesheet.xlsx
2015-05-15 07:02 - 2015-03-14 13:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-15 07:02 - 2015-03-14 13:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-05-15 07:02 - 2015-03-14 13:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-05-15 07:02 - 2015-03-14 13:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-05-14 23:30 - 2015-05-05 11:29 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-14 23:30 - 2015-05-05 11:12 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-14 23:30 - 2015-04-18 13:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-14 23:30 - 2015-04-18 12:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-14 23:29 - 2015-04-13 13:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-14 07:55 - 2015-04-22 12:28 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-14 07:55 - 2015-04-22 11:48 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-14 07:55 - 2015-04-22 03:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-14 07:55 - 2015-04-22 03:07 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-14 07:55 - 2015-04-22 02:51 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-14 07:55 - 2015-04-22 02:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-14 07:55 - 2015-04-22 02:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-14 07:55 - 2015-04-22 02:50 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-14 07:55 - 2015-04-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-14 07:55 - 2015-04-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-14 07:55 - 2015-04-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-14 07:55 - 2015-04-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-14 07:55 - 2015-04-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-14 07:55 - 2015-04-22 02:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-14 07:55 - 2015-04-22 02:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-14 07:55 - 2015-04-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-14 07:55 - 2015-04-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-14 07:55 - 2015-04-22 02:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-14 07:55 - 2015-04-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-14 07:55 - 2015-04-22 02:25 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-05-14 07:55 - 2015-04-22 02:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-14 07:55 - 2015-04-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-14 07:55 - 2015-04-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 07:55 - 2015-04-22 02:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-14 07:55 - 2015-04-22 02:11 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-05-14 07:55 - 2015-04-22 02:10 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-05-14 07:55 - 2015-04-22 02:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-14 07:55 - 2015-04-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-14 07:55 - 2015-04-22 02:08 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-05-14 07:55 - 2015-04-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-14 07:55 - 2015-04-22 02:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-14 07:55 - 2015-04-22 02:03 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-05-14 07:55 - 2015-04-22 02:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-05-14 07:55 - 2015-04-22 02:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-05-14 07:55 - 2015-04-22 01:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-14 07:55 - 2015-04-22 01:58 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-05-14 07:55 - 2015-04-22 01:57 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-05-14 07:55 - 2015-04-22 01:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-14 07:55 - 2015-04-22 01:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-14 07:55 - 2015-04-22 01:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-05-14 07:55 - 2015-04-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-14 07:55 - 2015-04-22 01:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-14 07:55 - 2015-04-22 01:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 07:55 - 2015-04-22 01:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-14 07:55 - 2015-04-22 01:39 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-05-14 07:55 - 2015-04-22 01:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-14 07:55 - 2015-04-22 01:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-14 07:55 - 2015-04-22 01:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-14 07:55 - 2015-04-22 01:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-14 07:55 - 2015-04-22 01:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-14 07:55 - 2015-04-22 01:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-14 07:55 - 2015-04-22 01:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-05-14 07:55 - 2015-04-22 01:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-14 07:55 - 2015-04-22 01:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-14 07:55 - 2015-04-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-14 07:55 - 2015-04-22 01:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-14 07:55 - 2015-04-22 00:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-14 07:55 - 2015-04-22 00:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-14 07:54 - 2015-04-22 03:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-14 07:54 - 2015-04-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-14 03:06 - 2015-05-01 23:17 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:06 - 2015-05-01 23:16 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:03 - 2015-05-13 22:03 - 00001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau 9.0.lnk
2015-05-13 22:03 - 2015-05-13 22:03 - 00001219 _____ C:\Users\Public\Desktop\Tableau 9.0.lnk
2015-05-13 22:03 - 2015-05-13 22:03 - 00000000 ____D C:\Users\frak\Documents\My Tableau Repository
2015-05-13 22:03 - 2015-05-13 22:03 - 00000000 ____D C:\Users\frak\AppData\Local\Tableau
2015-05-13 22:03 - 2015-05-13 22:03 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2015-05-13 22:02 - 2015-05-13 22:02 - 00000000 ____D C:\Program Files\Tableau
2015-05-13 18:50 - 2015-04-28 05:28 - 05569984 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-13 18:50 - 2015-04-28 05:28 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-13 18:50 - 2015-04-28 05:28 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-13 18:50 - 2015-04-28 05:26 - 01728960 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 01254400 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 01162752 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-05-13 18:50 - 2015-04-28 05:23 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-05-13 18:50 - 2015-04-28 05:22 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-13 18:50 - 2015-04-28 05:22 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-13 18:50 - 2015-04-28 05:22 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-13 18:50 - 2015-04-28 05:22 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-13 18:50 - 2015-04-28 05:22 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-13 18:50 - 2015-04-28 05:22 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-13 18:50 - 2015-04-28 05:22 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-13 18:50 - 2015-04-28 05:22 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-13 18:50 - 2015-04-28 05:22 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-13 18:50 - 2015-04-28 05:21 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-13 18:50 - 2015-04-28 05:18 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-13 18:50 - 2015-04-28 05:18 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:16 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 05:11 - 03989440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-05-13 18:50 - 2015-04-28 05:11 - 03934144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-05-13 18:50 - 2015-04-28 05:08 - 01310744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-05-13 18:50 - 2015-04-28 05:05 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-05-13 18:50 - 2015-04-28 05:05 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-05-13 18:50 - 2015-04-28 05:05 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-05-13 18:50 - 2015-04-28 05:05 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-05-13 18:50 - 2015-04-28 05:05 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-05-13 18:50 - 2015-04-28 05:05 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-05-13 18:50 - 2015-04-28 05:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-05-13 18:50 - 2015-04-28 05:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-05-13 18:50 - 2015-04-28 05:05 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-05-13 18:50 - 2015-04-28 05:04 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-05-13 18:50 - 2015-04-28 05:04 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-05-13 18:50 - 2015-04-28 05:04 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-05-13 18:50 - 2015-04-28 05:04 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-05-13 18:50 - 2015-04-28 05:04 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-05-13 18:50 - 2015-04-28 05:04 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-05-13 18:50 - 2015-04-28 05:04 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-05-13 18:50 - 2015-04-28 05:04 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-05-13 18:50 - 2015-04-28 05:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-05-13 18:50 - 2015-04-28 05:03 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-05-13 18:50 - 2015-04-28 05:03 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-05-13 18:50 - 2015-04-28 05:03 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-05-13 18:50 - 2015-04-28 05:03 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-05-13 18:50 - 2015-04-28 05:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-05-13 18:50 - 2015-04-28 05:01 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-05-13 18:50 - 2015-04-28 05:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 04:06 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-13 18:50 - 2015-04-28 03:57 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-05-13 18:50 - 2015-04-28 03:57 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-05-13 18:50 - 2015-04-28 03:55 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 03:55 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 03:55 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 18:50 - 2015-04-28 03:55 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 18:49 - 2015-04-20 13:17 - 01647104 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 18:49 - 2015-04-20 13:17 - 01179136 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 18:49 - 2015-04-20 12:56 - 01250816 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-13 18:49 - 2015-04-20 12:11 - 03204608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 18:46 - 2015-04-08 13:29 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-13 18:46 - 2015-04-08 13:29 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-13 18:46 - 2015-04-08 13:14 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-05-13 18:46 - 2015-01-29 13:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-13 18:45 - 2015-02-18 17:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-05-13 18:45 - 2015-02-18 17:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-13 18:45 - 2015-01-29 13:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-13 18:44 - 2015-03-04 14:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-13 18:44 - 2015-03-04 14:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-13 18:44 - 2015-03-04 14:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-13 18:44 - 2015-03-04 14:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-13 18:44 - 2015-03-04 14:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-05-13 18:44 - 2015-03-04 14:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-05-13 18:44 - 2015-03-04 14:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-04-29 22:49 - 2015-04-29 22:49 - 00001213 _____ C:\Users\Public\Desktop\KeywordsStudio.exe.lnk
2015-04-29 22:49 - 2015-04-29 22:49 - 00000000 ____D C:\ProgramData\Caphyon
2015-04-29 22:48 - 2015-04-29 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keywords Studio Pro
2015-04-29 22:48 - 2015-04-29 22:48 - 00000000 ____D C:\Users\frak\AppData\Roaming\intraSEO
2015-04-29 22:48 - 2015-04-29 22:48 - 00000000 ____D C:\Program Files (x86)\intraSEO
2015-04-28 19:28 - 2015-04-28 19:28 - 00001849 _____ C:\Users\Public\Desktop\ReadMe.lnk
2015-04-28 19:28 - 2015-04-28 19:28 - 00001849 _____ C:\Users\Public\Desktop\Frex16.lnk
2015-04-28 19:28 - 2015-04-28 19:28 - 00000000 ____D C:\windows\Frex16
2015-04-28 19:28 - 2015-04-28 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frex16
2015-04-28 19:28 - 2015-04-28 19:28 - 00000000 ____D C:\Program Files (x86)\Frex16
2015-04-28 19:28 - 2002-04-16 10:15 - 02670080 _____ (SwiftSoft) C:\windows\SysWOW64\mmtoolsx2.OCX
2015-04-28 19:28 - 2001-01-20 18:14 - 00428032 _____ (SwiftSoft) C:\windows\SysWOW64\MMTYPESX2.OCX
2015-04-16 04:01 - 2015-04-16 04:01 - 00000000 ____D C:\windows\system32\appraiser
2015-04-16 03:59 - 2015-04-16 03:59 - 00000000 ____D C:\Users\frak\AppData\Roaming\KDSubmitterPro
2015-04-15 20:30 - 2015-03-25 13:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-15 20:30 - 2015-03-25 13:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-15 20:30 - 2015-03-25 13:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-15 20:30 - 2015-03-25 13:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-15 20:30 - 2015-03-25 13:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-15 20:30 - 2015-03-25 13:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-15 20:30 - 2015-03-25 13:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-15 20:30 - 2015-03-25 13:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-15 20:30 - 2015-03-25 13:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-15 20:30 - 2015-03-25 13:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-15 20:30 - 2015-03-25 13:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-15 20:30 - 2015-03-25 13:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-15 20:30 - 2015-03-25 13:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-15 20:30 - 2015-03-25 13:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-15 20:30 - 2015-03-25 13:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-15 20:30 - 2015-03-25 13:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-15 20:29 - 2015-03-23 13:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-15 20:29 - 2015-03-23 13:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-15 20:29 - 2015-03-23 13:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-15 20:29 - 2015-03-23 13:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-15 20:29 - 2015-03-23 13:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-15 20:29 - 2015-03-23 13:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-15 20:29 - 2015-03-23 13:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-15 20:29 - 2015-03-23 13:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-15 20:29 - 2015-03-10 13:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-15 20:29 - 2015-03-10 13:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-15 20:29 - 2015-03-10 13:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-15 20:29 - 2015-03-10 13:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-15 20:29 - 2015-03-05 15:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-15 20:29 - 2015-03-05 14:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-15 20:29 - 2015-01-28 09:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-04-15 20:28 - 2015-02-25 13:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-15 20:26 - 2015-03-04 14:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-15 20:26 - 2015-03-04 14:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-15 20:26 - 2015-03-04 14:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-04-07 06:56 - 2015-05-21 03:00 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-04-07 06:56 - 2015-05-21 03:00 - 00000000 ___SD C:\windows\system32\GWX
2015-03-13 06:50 - 2015-03-13 06:50 - 00002631 _____ C:\Users\Public\Desktop\KDSubmitterPro.lnk
2015-03-13 06:50 - 2015-03-13 06:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KDSubmitterPro
2015-03-13 06:50 - 2015-03-13 06:50 - 00000000 ____D C:\Program Files (x86)\KDPublishingPro.com
2015-03-11 20:19 - 2015-02-03 13:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 20:19 - 2015-02-03 13:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-11 20:19 - 2015-02-03 13:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 20:19 - 2015-02-03 13:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 20:19 - 2015-02-03 13:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 20:19 - 2015-02-03 13:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 20:19 - 2015-02-03 13:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 20:19 - 2015-02-03 13:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-11 20:19 - 2015-02-03 13:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-11 20:19 - 2015-02-03 13:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-11 20:19 - 2015-02-03 13:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-11 20:18 - 2015-02-03 13:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-11 20:18 - 2015-02-03 13:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 20:18 - 2015-02-03 13:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 20:18 - 2015-02-03 13:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 20:18 - 2015-02-03 13:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 20:18 - 2015-02-03 13:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 20:18 - 2015-02-03 13:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 20:18 - 2015-02-03 13:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 20:18 - 2015-02-03 13:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 20:18 - 2015-02-03 13:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 20:18 - 2015-02-03 13:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 20:18 - 2015-02-03 13:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 20:18 - 2015-02-03 13:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 20:18 - 2015-02-03 13:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 20:18 - 2015-02-03 13:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 20:18 - 2015-02-03 13:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-11 20:18 - 2015-02-03 13:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-11 20:18 - 2015-02-03 13:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-11 20:18 - 2015-02-03 13:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-11 20:18 - 2015-02-03 13:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-11 20:18 - 2015-02-03 13:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-11 20:18 - 2015-02-03 13:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-11 20:18 - 2015-02-03 12:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 20:18 - 2014-11-01 08:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 20:14 - 2015-02-20 14:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 20:14 - 2015-02-20 14:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 20:14 - 2015-02-20 14:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 20:14 - 2015-02-20 14:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 20:14 - 2015-02-20 14:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-11 20:14 - 2015-02-20 14:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 20:14 - 2015-02-20 14:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-11 20:14 - 2015-02-20 14:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-11 20:14 - 2015-02-20 13:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 20:14 - 2015-02-20 13:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 20:14 - 2015-01-31 13:48 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-11 20:14 - 2015-01-31 13:48 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 20:14 - 2015-01-31 09:56 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-11 20:11 - 2015-02-13 15:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 20:11 - 2015-02-13 15:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 20:11 - 2015-02-03 13:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 20:11 - 2015-02-03 13:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 20:11 - 2015-01-31 09:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 20:10 - 2015-02-03 13:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 20:10 - 2015-02-03 13:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 20:10 - 2015-01-17 12:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 20:10 - 2015-01-17 12:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-11 20:08 - 2015-02-04 13:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 20:08 - 2015-02-04 12:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-10 20:17 - 2015-03-10 20:23 - 52301900 _____ C:\Users\frak\Downloads\Fantastic_Worlds_Starter_Kit_1.13.zip

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-06 15:01 - 2012-11-01 21:38 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-06 14:55 - 2011-08-11 04:14 - 00000000 ____D C:\Users\frak\AppData\Roaming\Skype
2015-06-06 14:51 - 2012-04-01 20:56 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-06 14:44 - 2009-07-14 14:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-06 14:44 - 2009-07-14 14:45 - 00020944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-06 14:40 - 2011-07-21 21:34 - 01493465 _____ C:\windows\WindowsUpdate.log
2015-06-06 14:32 - 2009-07-14 15:13 - 00881162 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-06 14:29 - 2011-04-30 09:10 - 00000000 ____D C:\ProgramData\PDFC
2015-06-06 14:26 - 2012-02-08 10:20 - 00000000 ____D C:\ProgramData\VMware
2015-06-06 14:25 - 2013-10-25 07:39 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-06 14:25 - 2012-11-01 21:38 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-06 14:24 - 2013-12-08 00:00 - 00036083 _____ C:\windows\setupact.log
2015-06-06 14:24 - 2011-07-21 21:45 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-06 14:24 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-06 14:17 - 2014-05-15 11:35 - 00000556 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2034661297-170274631-3907706445-1001.job
2015-06-06 14:17 - 2011-04-30 09:18 - 00000000 ____D C:\ProgramData\Sonic
2015-06-03 09:33 - 2012-01-29 07:33 - 00000000 ___RD C:\Users\frak\Dropbox
2015-06-03 09:33 - 2012-01-29 07:31 - 00000000 ____D C:\Users\frak\AppData\Roaming\Dropbox
2015-06-03 09:26 - 2012-07-16 07:30 - 00000904 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034661297-170274631-3907706445-1001UA.job
2015-06-03 04:24 - 2012-07-16 07:30 - 00000852 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034661297-170274631-3907706445-1001Core.job
2015-06-02 19:01 - 2012-05-04 07:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 19:01 - 2011-07-21 21:45 - 00509786 _____ C:\windows\PFRO.log
2015-06-01 21:21 - 2014-08-24 01:05 - 00000000 ____D C:\Users\frak\AppData\Local\CrashDumps
2015-06-01 21:16 - 2014-07-05 20:32 - 00000000 ____D C:\Users\frak\Documents\6-pack shortcuts
2015-06-01 18:46 - 2009-07-14 13:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-01 18:34 - 2012-04-10 20:53 - 00000000 ____D C:\Program Files (x86)\uTorrentControl2
2015-06-01 17:53 - 2014-09-18 09:11 - 00003180 _____ C:\windows\System32\Tasks\HPCeeScheduleForfrak
2015-06-01 17:53 - 2014-09-18 09:11 - 00000328 _____ C:\windows\Tasks\HPCeeScheduleForfrak.job
2015-06-01 04:22 - 2012-04-10 20:53 - 00000000 ____D C:\Users\frak\AppData\Local\Conduit
2015-06-01 04:22 - 2012-04-10 20:53 - 00000000 ____D C:\Program Files (x86)\Conduit
2015-05-31 11:46 - 2014-09-03 18:46 - 00000222 _____ C:\Users\frak\BullseyeCoverageError.txt
2015-05-28 22:02 - 2014-01-13 15:12 - 00001151 _____ C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2015-05-28 22:02 - 2014-01-13 15:12 - 00000000 ____D C:\Program Files (x86)\HMA! Pro VPN
2015-05-28 18:18 - 2012-01-29 08:19 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-05-28 17:53 - 2011-08-14 02:35 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-05-24 23:44 - 2015-03-07 12:57 - 00000000 ____D C:\Users\frak\Documents\2015-03-Melbourne-NDY contract
2015-05-24 23:36 - 2011-08-10 13:13 - 00000000 ____D C:\Users\frak\AppData\Local\PDFC
2015-05-21 20:59 - 2015-01-09 19:11 - 00019977 _____ C:\Users\frak\Documents\Trey_timesheet.xlsx
2015-05-21 20:26 - 2011-08-10 13:02 - 00000000 ____D C:\Users\frak
2015-05-21 10:21 - 2011-08-11 04:14 - 00000000 ____D C:\ProgramData\Skype
2015-05-21 00:18 - 2014-08-20 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Buildbox
2015-05-21 00:18 - 2014-08-20 08:10 - 00000000 ____D C:\Program Files (x86)\Buildbox
2015-05-18 04:19 - 2012-07-16 07:30 - 00003872 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034661297-170274631-3907706445-1001UA
2015-05-18 04:19 - 2012-07-16 07:30 - 00003476 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034661297-170274631-3907706445-1001Core
2015-05-17 18:55 - 2012-11-01 21:38 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 18:55 - 2012-11-01 21:38 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 13:29 - 2014-11-20 21:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 03:01 - 2011-09-27 03:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-14 03:56 - 2009-07-14 14:45 - 00443728 _____ C:\windows\system32\FNTCACHE.DAT
2015-05-14 03:55 - 2013-03-14 02:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 03:55 - 2013-03-14 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:54 - 2009-07-28 00:36 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 03:54 - 2009-07-14 13:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-05-14 03:35 - 2013-07-13 03:00 - 00000000 ____D C:\windows\system32\MRT
2015-05-14 03:09 - 2011-08-16 15:52 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-14 03:06 - 2013-03-14 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 22:03 - 2011-04-30 09:06 - 00000000 ____D C:\ProgramData\FLEXnet
2015-05-13 22:03 - 2010-06-09 21:15 - 00000000 ____D C:\Users\frak\Documents\(old CVs)
2015-05-09 11:13 - 2012-01-29 07:32 - 00000000 ____D C:\Users\frak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-09 04:58 - 2012-11-01 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2011-09-22 06:39 - 2011-11-03 17:05 - 0007822 _____ () C:\Users\frak\AppData\Roaming\.freeciv-client-rc-2.3
2014-12-30 13:29 - 2014-12-30 13:29 - 0000041 _____ () C:\Users\frak\AppData\Roaming\license.aalic
2012-09-24 16:29 - 2012-09-24 16:31 - 0098778 _____ () C:\Users\frak\AppData\Roaming\QWInstall.log
2012-12-09 20:08 - 2013-12-31 22:14 - 0000600 _____ () C:\Users\frak\AppData\Roaming\winscp.rnd
2012-04-26 11:50 - 2012-04-26 11:50 - 0006148 ____H () C:\Users\frak\AppData\Local\.DS_Store
2011-10-21 05:58 - 2014-04-29 08:36 - 0008192 _____ () C:\Users\frak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-10 00:08 - 2013-07-05 08:51 - 0000600 _____ () C:\Users\frak\AppData\Local\PUTTY.RND
2013-10-15 13:28 - 2013-10-15 13:28 - 0000735 _____ () C:\Users\frak\AppData\Local\recently-used.xbel
2010-09-09 04:07 - 2010-09-09 04:07 - 0159464 ____R () C:\ProgramData\DeviceManager.xml.rc4

Files to move or delete:
====================
C:\Users\frak\fbchathistory.dat


Some files in TEMP:
====================
C:\Users\frak\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\frak\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthtnsn.dll
C:\Users\frak\AppData\Local\Temp\Extract.exe
C:\Users\frak\AppData\Local\Temp\i4jd7718072531057351362.exe
C:\Users\frak\AppData\Local\Temp\i4jdel0.exe
C:\Users\frak\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\frak\AppData\Local\Temp\ose00000.exe
C:\Users\frak\AppData\Local\Temp\Procmon64.exe
C:\Users\frak\AppData\Local\Temp\restarter4471032919314079959.exe
C:\Users\frak\AppData\Local\Temp\restarter5267347022139821160.exe
C:\Users\frak\AppData\Local\Temp\SkypeSetup.exe
C:\Users\frak\AppData\Local\Temp\VistaLauncher9163413009623490568.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 00:29

==================== End of log ============================

Dakeyras
2015-06-08, 11:08
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:


I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Referring to the below:-


I also ran combofix which I know see I should not run before asking for help, here. It is still installed, however, and I see its process
Could you please post the ComboFix log(if still available), it can be located at the root of your machines main drive here: C:\ComboFix.txt

Also the Farbar Recovery Scan Tool when ran would have created a second log named Addition.txt, which can be located it appears in this folder on your desktop: C:\Users\frak\Desktop\mal

Post both the requested logs for my review when ready and we will then go from there, thank you.

frakman
2015-06-11, 10:32
Thanks glad to see you!

Combofix log

ComboFix 15-05-31.01 - frak 06/06/2015 15:41:51.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.16334.12378 [GMT 10:00]
Running from: c:\users\frak\Desktop\mal\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\programdata\Roaming
c:\users\frak\AppData\Local\assembly\tmp
c:\users\frak\AppData\Local\Temp\Procmon64.exe
c:\users\frak\AppData\Roaming\ubot
c:\users\frak\g2mdlhlpx.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\SETAD44.tmp
c:\windows\SysWow64\suf88C7.tmp
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\SysWow64\out.txt . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2015-05-06 to 2015-06-06 )))))))))))))))))))))))))))))))
.
.
2015-06-06 05:50 . 2015-06-06 05:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-06 05:09 . 2015-06-06 05:12 -------- d-----w- C:\FRST
2015-06-02 13:04 . 2015-06-02 13:04 -------- d-----w- c:\programdata\dbg
2015-06-02 12:57 . 2015-06-02 23:14 -------- d-----w- c:\users\frak\AppData\Roaming\Process Hacker 2
2015-06-02 12:55 . 2015-06-02 12:55 -------- d-----w- c:\program files\Process Hacker 2
2015-06-01 08:48 . 2015-06-01 08:48 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E77A9B59-2E4E-45A5-8A7F-F2C888D1A7F0}\offreg.6000.dll
2015-05-31 01:42 . 2015-05-31 01:42 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-05-29 08:05 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E77A9B59-2E4E-45A5-8A7F-F2C888D1A7F0}\mpengine.dll
2015-05-28 08:18 . 2015-05-28 08:18 -------- d-----w- c:\program files (x86)\iTunes
2015-05-28 08:18 . 2015-05-28 08:18 -------- d-----w- c:\program files\iPod
2015-05-28 08:18 . 2015-05-28 08:18 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-28 08:18 . 2015-05-28 08:18 -------- d-----w- c:\program files\iTunes
2015-05-20 17:06 . 2015-05-21 00:25 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-05-14 21:02 . 2015-03-14 03:21 82944 ----a-w- c:\windows\system32\dwmapi.dll
2015-05-14 21:02 . 2015-03-14 03:21 1632768 ----a-w- c:\windows\system32\dwmcore.dll
2015-05-14 21:02 . 2015-03-14 03:04 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2015-05-14 21:02 . 2015-03-14 03:04 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2015-05-14 13:30 . 2015-05-05 01:12 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-14 13:30 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-05-14 13:30 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-14 13:30 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-05-14 13:29 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-13 21:54 . 2015-04-22 02:28 293072 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-05-13 21:54 . 2015-04-21 16:09 199680 ----a-w- c:\windows\system32\msrating.dll
2015-05-13 21:54 . 2015-04-21 16:08 1016832 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-05-13 21:54 . 2015-04-21 17:14 24971776 ----a-w- c:\windows\system32\mshtml.dll
2015-05-13 17:06 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:06 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:03 . 2015-05-13 12:03 -------- d-----w- c:\users\frak\AppData\Local\Tableau
2015-05-13 12:03 . 2015-05-13 12:03 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2015-05-13 12:02 . 2015-05-13 12:02 -------- d-----w- c:\program files\Tableau
2015-05-13 08:49 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-05-13 08:49 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-05-13 08:49 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-05-13 08:49 . 2015-04-20 02:11 3204608 ----a-w- c:\windows\system32\win32k.sys
2015-05-13 08:45 . 2015-01-29 03:19 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-05-13 08:45 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll
2015-05-13 08:45 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-05-13 08:45 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-05-13 08:44 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-13 08:44 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-13 08:44 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-13 08:44 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-13 08:44 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-13 08:44 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-13 08:44 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 17:09 . 2011-08-16 05:52 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-13 08:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-04-15 15:51 . 2012-04-01 10:56 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 15:51 . 2011-04-29 23:11 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-25 03:24 . 2015-04-15 10:30 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 10:30 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 10:30 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 10:30 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 10:30 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 10:30 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 10:30 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 10:30 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 10:30 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 10:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 10:30 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 10:30 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 10:30 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 10:30 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 10:30 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 10:30 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 10:29 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 10:29 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 10:29 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 10:29 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 10:29 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 10:29 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-15 10:29 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-15 10:29 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 10:29 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 10:29 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 10:29 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 10:29 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-01 06:44 222712 ----a-w- c:\users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-01 06:44 222712 ----a-w- c:\users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-01 06:44 222712 ----a-w- c:\users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\frak\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\frak\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\frak\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="-scheduler" [X]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-05-11 2888384]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31280256]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-24 6595928]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-06-14 310064]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-06-14 843568]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-12-30 578560]
"googletalk"="c:\users\frak\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Akamai NetSession Interface"="c:\users\frak\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SignIn"="c:\program files (x86)\Microsoft Online Services\Sign In\SignIn.exe" [2011-03-16 1742704]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-06-26 442896]
"RIM PeerManager"="c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2013-09-12 4423168]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2014-05-11 683656]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-01-13 112408]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2011-08-14 1126264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2012-09-24 169528]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-08-26 12277248]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2011-04-19 522736]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-08-13 835288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-18 1022152]
.
c:\users\frak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\frak\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-03-07 17:59 75392 ------w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R1 qwzyowck;qwzyowck;c:\windows\system32\drivers\qwzyowck.sys;c:\windows\SYSNATIVE\drivers\qwzyowck.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MYOB AccountRight Server 2011.1;MYOB AccountRight Server 2011.1;c:\program files (x86)\MYOB\AccountRight\2011.1\AU\Huxley.Server.WindowsService.exe;c:\program files (x86)\MYOB\AccountRight\2011.1\AU\Huxley.Server.WindowsService.exe [x]
R2 MYOB AccountRight Server Locator;MYOB AccountRight Server Locator;c:\program files (x86)\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe;c:\program files (x86)\MYOB\AccountRight\Servers\Huxley.ServerLocator.WindowsService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys;c:\windows\SYSNATIVE\drivers\urfltv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [x]
R3 MySQL55;MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.5\my.ini MySQL55 [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys;c:\windows\SYSNATIVE\drivers\psd.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntelHaxm;Intel HAXM Service;c:\windows\system32\DRIVERS\IntelHaxm.sys;c:\windows\SYSNATIVE\DRIVERS\IntelHaxm.sys [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LogWatch;Event Log Watch;c:\program files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe ;c:\program files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe [x]
S2 MYOB AccountRight Library;MYOB AccountRight Library;c:\program files (x86)\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe;c:\program files (x86)\MYOB\AccountRight\Servers\Huxley.Library.WindowsService.exe [x]
S2 MYOB AccountRight Server 2013.1;MYOB AccountRight Server 2013.1;c:\program files (x86)\MYOB\AccountRight\2013.1\AU\Huxley.Server.WindowsService.exe;c:\program files (x86)\MYOB\AccountRight\2013.1\AU\Huxley.Server.WindowsService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NovacomD;Palm Novacom;c:\program files (x86)\HP webOS\SDK\bin\novacomd\amd64\novacomd.exe;c:\program files (x86)\HP webOS\SDK\bin\novacomd\amd64\novacomd.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi64.exe;c:\windows\SYSNATIVE\nvwmi64.exe [x]
S2 Palm_TCP_Relay;Palm TCP Relay;c:\program files (x86)\HP webOS\PDK\tcprelay.exe;c:\program files (x86)\HP webOS\PDK\tcprelay.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 ShareMouse Service;ShareMouse Service;c:\program files (x86)\ShareMouse\smService.exe;c:\program files (x86)\ShareMouse\smService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys;c:\windows\SYSNATIVE\DRIVERS\covpnv64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 02:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:51]
.
2015-06-06 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2034661297-170274631-3907706445-1001.job
- c:\users\frak\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-14 17:33]
.
2015-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 11:38]
.
2015-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 11:38]
.
2015-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034661297-170274631-3907706445-1001Core.job
- c:\users\frak\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 21:30]
.
2015-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034661297-170274631-3907706445-1001UA.job
- c:\users\frak\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-15 21:30]
.
2015-05-06 c:\windows\Tasks\HPCeeScheduleForFRAK-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-14 17:43]
.
2015-06-01 c:\windows\Tasks\HPCeeScheduleForfrak.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-14 17:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-01 06:44 261624 ----a-w- c:\users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-01 06:44 261624 ----a-w- c:\users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-01 06:44 261624 ----a-w- c:\users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-04-28 01:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 01:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 01:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-04-28 01:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-04-28 01:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-04-28 01:34 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-30 660360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-01-31 1664000]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-09-04 2722080]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2012-02-08 200704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-03-17 13880]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
LSP: %windir%\system32\vsocklib.dll
TCP: Interfaces\{125BF954-C35C-405E-875E-462AF65C787A}: NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{1E5B5157-D30B-46D7-B9BA-2EC482464796}: NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{42924C01-43F6-43C9-B801-4FC7E085C430}: NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{6B0B71F5-8C68-49AD-8FA0-D85F4DBAA962}: NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{A5691E8C-6A95-46A8-810F-D443897B43CD}: NameServer = 10.143.147.147 10.143.147.148
TCP: Interfaces\{F7324C72-3BD7-46AD-8B3F-618075520A80}: NameServer = 192.168.1.1,192.168.0.1
FF - ProfilePath - c:\users\frak\AppData\Roaming\Mozilla\Firefox\Profiles\mscgomu5.TopCoolApps\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe SVG Viewer - c:\windows\System32\Adobe\SVG Viewer\Uninst.isu
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL55]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.5\my.ini\" MySQL55"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CA\SharedComponents\CA_LIC\lic98Service.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files (x86)\ShareMouse\sharemouse.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ShareMouse\sharemouse.exe
c:\users\frak\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Common Files\Research In Motion\nginx\nginx.exe
c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files (x86)\Common Files\Research In Motion\nginx\nginx.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Steam\bin\steamwebhelper.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\Internet Explorer\IEXPLORE.EXE
c:\program files (x86)\BlueStacks\HD-LogRotator.exe
.
**************************************************************************
.
Completion time: 2015-06-06 16:49:55 - machine was rebooted
ComboFix-quarantined-files.txt 2015-06-06 06:49
.
Pre-Run: 2,809,344,000 bytes free
Post-Run: 5,227,831,296 bytes free
.
- - End Of File - - C21877E07BA17B4A9923BE0F1A1C591F


Additions.log

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by frak at 2015-06-06 15:11:32
Running from C:\Users\frak\Desktop\mal
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2034661297-170274631-3907706445-500 - Administrator - Disabled)
frak (S-1-5-21-2034661297-170274631-3907706445-1001 - Administrator - Enabled) => C:\Users\frak
Guest (S-1-5-21-2034661297-170274631-3907706445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2034661297-170274631-3907706445-1003 - Limited - Enabled)
LocalAdmin (S-1-5-21-2034661297-170274631-3907706445-1012 - Administrator - Enabled)
VUSR_FRAK-HP (S-1-5-21-2034661297-170274631-3907706445-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
3DBuildingDesigner (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\3DBuildingDesigner) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveState Komodo Edit 8.5.3 (HKLM-x32\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.3 - ActiveState Software Inc.)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.41 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements (HKLM-x32\...\Adobe Photoshop Elements 1.0) (Version: 1.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM-x32\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
AirMech (HKLM-x32\...\Steam App 206500) (Version: - Carbon Games)
Akamai NetSession Interface (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.31.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.31.0 - Alcor Micro Corp.) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Angry Birds (HKLM-x32\...\{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}) (Version: 2.1.0 - Rovio)
AppInventor Setup (HKLM-x32\...\AppInventor Setup) (Version: 1.1 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
AUSkey software 1.4.4 (HKLM-x32\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)
AuthoritySpy - Version 1.1.5 (HKLM-x32\...\com.authorityspy) (Version: 1.1.5 - Digital Kickstart)
AuthoritySpy - Version 1.1.5 (x32 Version: 1.1.5 - Digital Kickstart) Hidden
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.0.8179 - )
Avidemux 2.6 (HKLM-x32\...\Avidemux 2.6 (64-bit)) (Version: 2.6.0.8179 - )
BIG-IP Edge Client Components (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\F5 Networks Client Components) (Version: 70.2011.0623.0551 - F5 Networks, Inc.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.2.0.28 - BlackBerry Ltd.)
BlackBerry Link (x32 Version: 1.2.0.28 - BlackBerry Ltd.) Hidden
BlackBerry Native SDK 10.2.0 (HKLM-x32\...\{62FD4759-F795-45AE-A36B-23726CDFBCDB}) (Version: 10.2.0 - BlackBerry Corp.)
BlueStacks Notification Center (HKLM-x32\...\{981B38A6-E4D0-4D94-98C2-75AC645755F5}) (Version: 0.9.1.4057 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BookSmart® 3.4.4 3.4.4 (HKLM-x32\...\BookSmart® 3.4.4 3.4.4) (Version: - Blurb, Inc)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Buildbox version 1.2.2 (HKLM-x32\...\{48821C7F-98B9-48F6-B703-8F384F57EE14}_is1) (Version: 1.2.2 - Secret Headquarters, Inc.)
Canon Utilities Digital Photo Professional 1.0 (HKLM-x32\...\InstallShield_{F011B8F1-BCCD-4E73-84F8-CB2F2D258755}) (Version: 1.0 - Canon)
Canon Utilities Digital Photo Professional 1.0 (x32 Version: 1.0 - Canon) Hidden
CDR Import Plugin 1.3.0 (HKLM\...\{BCF9358E-21A3-4F6F-A8C0-EDD9E486B4FC}) (Version: 1.3.0 - Whole Group)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Cocos Studio (HKLM-x32\...\Cocos Studio2.0.0.0) (Version: 2.0.0.0 - ±±¾©´¥¿Ø°®ÆտƼ¼ÓÐÏÞ¹«Ë¾)
Corona SDK (HKLM-x32\...\{AD7902EB-6FCA-4C71-BB72-C51520DB9FBE}) (Version: 11.0.591 - Ansca)
CyberScan (HKLM-x32\...\CyberScan) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.10 - Hewlett-Packard Company)
DeZign for Databases V6.3.4 Professional (HKLM-x32\...\DeZign for Databases V6.3.4 Professional_is1) (Version: - )
Dia (remove only) (HKLM-x32\...\Dia) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.98.29476 - Hewlett-Packard Company)
Dropbox (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eMachineShop (HKLM-x32\...\eMachineShop_is1) (Version: - )
Embedded Security for HP ProtectTools (HKLM\...\{A674F348-9412-4AF5-89A5-BCC0FBB6FC22}) (Version: 6.0.300.2731 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESET NOD32 Antivirus (HKLM\...\{50E9E32F-063A-412A-9627-553D5DA57C17}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4399 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.15 - Hewlett-Packard Company)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FlashDevelop 4.0.4 (HKLM-x32\...\FlashDevelop) (Version: 4.0.4-RTM - FlashDevelop.org)
FlvGrabber (HKLM-x32\...\Flv Grabber_is1) (Version: - )
Freeciv 2.3.0 (SDL client) (HKLM-x32\...\Freeciv-2.3.0-sdl) (Version: - )
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
Frex16 (HKLM-x32\...\Frex162014.12.02) (Version: 2014.12.02 - Ken Uzzell)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Git version 1.7.8-preview20111206 (HKLM-x32\...\Git_is1) (Version: 1.7.8-preview20111206 - )
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Talk (remove only) (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden
HL-2240D (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HMA! Pro VPN 2.8.19.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.19.0 - Privax Ltd)
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Backlit Keyboard Controls (HKLM\...\{CD4F3229-4A37-463F-98A3-3DEEEEE8492C}) (Version: 1.5.6.1 - Hewlett-Packard Company)
HP Client Automation Agent Preload (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{840021F2-FFC0-467A-BF85-29B8B7803717}) (Version: 2.0.8.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.4.1 - Hewlett-Packard Company)
HP Performance Advisor (HKLM-x32\...\{2799064B-FFEE-4D40-A400-907A90D653AB}) (Version: 1.2.2728 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{CF9ACC81-C8C3-4BD1-BD1F-FE13CF344E20}) (Version: 2.0.3.1 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.08.1017 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{6B5E7B4F-64A2-4DEB-B210-0DD92F940A01}) (Version: 3.0.3.9925 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HP webOS SDK (HKLM\...\{53A97E00-7252-4ED0-A1EB-9F9712FC0AC9}) (Version: 3.0.669 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6428.0 - IDT)
IM DVD Creator (HKLM-x32\...\IM DVD Creator_is1) (Version: - IMSOFT,INC)
ImageMagick 6.8.8-7 Q16 (64-bit) (2014-03-01) (HKLM\...\ImageMagick 6.8.8 Q16 (64-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iSkysoft DVD Creator(Build 1.5.1.6) (HKLM-x32\...\iSkysoft DVD Creator_is1) (Version: - iSkysoft Software)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
KDSubmitterPro (HKLM-x32\...\{C313063B-ECA1-4411-B9B7-5C098443180E}) (Version: 1.6.0 - KDPublishingPro.com)
Keywords Studio Pro (HKLM-x32\...\Keywords Studio Pro 1.0.0) (Version: 1.0.0 - intraSEO)
Keywords Studio Pro (x32 Version: 1.0.0 - intraSEO) Hidden
KeywordSnatcher (HKLM-x32\...\KeywordSnatcher) (Version: - )
Kindle Samurai version 1.9 (HKLM-x32\...\{78DC5FA8-D008-4DFC-9658-779641F5D41C}_is1) (Version: 1.9 - SoftEngine, Inc.)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Online Services Sign In (HKLM-x32\...\{A91E3887-5185-4091-AF33-AB0048444055}) (Version: 1.0.1442.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Database Providers (x86) ENU (HKLM-x32\...\{296E293F-C481-4DDE-9ED2-3F79FCF38731}) (Version: 3.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x64) (HKLM\...\{53D7A054-4598-4947-A159-E8FCC77720AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 (x64) (HKLM\...\{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}) (Version: 2.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM-x32\...\Visual Studio 6.0 Enterprise Edition) (Version: - )
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - )
Mozilla Firefox 38.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-GB)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-GB)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\MyFreeCodec) (Version: - )
MYOB AccountRight Standard 2013.1 AU (HKLM-x32\...\InstallShield_{BE925921-A155-47FB-ACC2-D170956556B8}) (Version: 2013.1 - MYOB Technology Pty Ltd)
MYOB AccountRight Standard 2013.1 AU (x32 Version: 2013.1 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM-x32\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.0.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (x32 Version: 10.0.0 - MYOB Technology Pty Ltd) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MySQL Connector C 6.0.2 (HKLM\...\{5B6A2A7C-658E-4661-A254-3C36F5B63943}) (Version: 6.0.2 - Sun Microsystems)
MySQL Connector C++ 1.1.0 (HKLM\...\{3C481CDB-34E8-4CEF-B487-4C9C60530CFC}) (Version: 1.1.0 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{0505C47B-6CBC-4DF5-9628-769566240F88}) (Version: 5.1.20.0 - Oracle Corporation)
MySQL Connector Net 6.5.4 (HKLM-x32\...\{92E19B5A-1985-49BF-9022-9CF4AD652C72}) (Version: 6.5.4 - Oracle)
MySQL Connector/ODBC 5.1 (HKLM\...\{BB2211D1-A5B5-4AEF-B0E6-DD7874ABF8EE}) (Version: 5.1.11 - Oracle Corporation)
MySQL Documents 5.5 (HKLM-x32\...\{802B73CE-447F-4353-93C0-7756B932706B}) (Version: 5.5.29 - Oracle Corporation)
MySQL Examples and Samples 5.5 (HKLM-x32\...\{45EF496C-9E09-4796-8E9B-BCEB968C5CB8}) (Version: 5.5.29 - Oracle Corporation)
MySQL For Excel 1.1.0 (HKLM-x32\...\{38404B7E-FF50-4525-8EA0-E1187E4171E4}) (Version: 1.1.0 - Oracle)
MySQL Installer (HKLM-x32\...\{236FF571-7197-40E9-921D-D5FDC752C697}) (Version: 1.1.5.0 - Oracle Corporation)
MySQL Notifier 1.0.3 (HKLM-x32\...\{5681C7AB-E29D-4EE9-B0F0-809A28ECECFC}) (Version: 1.0.3 - Oracle)
MySQL Server 5.5 (HKLM\...\{6150345A-1382-4713-B38B-482388DC7E7B}) (Version: 5.5.29 - Oracle Corporation)
MySQL Workbench 5.2 CE (HKLM-x32\...\{23C3EF87-AD08-4F76-982D-1AE137485F08}) (Version: 5.2.44 - Oracle Corporation)
Nero 11 (HKLM-x32\...\{F05851AA-ADDF-4321-BC61-0F7D76CF9B30}) (Version: 11.0.15202 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Nmap 6.25 (HKLM-x32\...\Nmap) (Version: - )
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.73 - Palm, Inc.)
NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA WMI 2.14.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.14.0 - NVIDIA Corporation)
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
PDF Complete Office Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.54 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PIAFpu (HKLM-x32\...\PIAFpu) (Version: 7.3 - Somerset)
PNGGauntlet (HKLM-x32\...\{B2D251E2-A78B-42C2-9D94-695A8CCC17E9}) (Version: 3.1.1 - Ben Hollis)
Privacy Manager for HP ProtectTools (HKLM\...\{5476AB75-E584-4497-80AF-7F205D8F6F54}) (Version: 6.01.842 - Hewlett-Packard Company)
Process Hacker 2.35 (r5898) (HKLM\...\Process_Hacker2_is1) (Version: 2.35.0.5898 - wj32)
PuTTY development snapshot 2011-09-08:r9270 (HKLM-x32\...\PuTTY_is1) (Version: 2011-09-08:r9270 - Simon Tatham)
Quest (HKLM-x32\...\{4290135C-A58A-468B-99EC-AFFABC8E0A09}) (Version: 5.10.0000 - Axe Software)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Quipu (HKLM-x32\...\{6823E1DF-16ED-469C-8995-8BE174A9952F}) (Version: 2.0.1 - QOSQO)
RAIDar 4.1.3 (HKLM-x32\...\RAIDar 4.1.3) (Version: - Netgear Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Secure Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.8.73.2 - Roxio)
Ruby 1.9.3-p545 (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p545 - RubyInstaller Team)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11014_49 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11014_49 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scrivener (HKLM-x32\...\Scrivener 1730) (Version: 1730 - Literature and Latte)
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden
SerpAlertPro (HKLM-x32\...\com.proresultsmarketing.SerpAlertPro) (Version: 0.2.9 - UNKNOWN)
SerpAlertPro (x32 Version: 0.2.9 - UNKNOWN) Hidden
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Shape Collage (HKLM-x32\...\ShapeCollage) (Version: - Shape Collage Inc.)
ShareMouse v2.0.54 (HKLM-x32\...\ShareMouse_is1) (Version: 2.0.54 - Bartels Media GmbH)
ShiVa Web Edition 1.9.1.0 (HKLM-x32\...\ShiVa Editor) (Version: 1.9.1.0 - Stonetrip)
ShoeBox (HKLM-x32\...\ShoeBox) (Version: 3.5.2 - UNKNOWN)
ShoeBox (x32 Version: 3.5.2 - UNKNOWN) Hidden
Sikuli X (HKLM-x32\...\Sikuli X) (Version: 1.0.3 - Sikuli Development Team)
Sikuli X (x32 Version: 1.0.3 - Sikuli Development Team) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartGit (HKLM-x32\...\SmartGit c:/program files (x86)/smartgit_is1) (Version: - syntevo GmbH)
SmartGit 2.1.6 (HKLM-x32\...\SmartGit 2.1_is1) (Version: - SyntEvo GmbH)
SmartGit/Hg 5.0.10 (HKLM-x32\...\SmartGit/Hg 5_is1) (Version: - syntevo GmbH)
SmartGit/Hg 6.0.7 (HKLM-x32\...\SmartGit/Hg 6_is1) (Version: - syntevo GmbH)
SQL Server 2008 R2 SP1 BI Development Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StencylWorks (HKLM-x32\...\StencylWorks) (Version: 1.3.4 - Stencyl, LLC)
Sweet Home 3D version 4.2 (HKLM-x32\...\Sweet Home 3D_is1) (Version: - eTeks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Tableau 9.0 (9000.15.0506.1800) (HKLM\...\{11E70C24-DF27-4A68-B498-29FA8371A34C}) (Version: 9.0.2816 - Tableau Software)
TexturePacker (HKLM\...\{EF8CA433-C03E-41C4-ADE9-6815EC0EABC7}) (Version: 3.6.0 - code-and-web.de)
TexturePacker (HKLM-x32\...\TexturePacker) (Version: 2.4.2 - Andreas Loew)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.33 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.33 - Hewlett-Packard Company) Hidden
Tiled - Tiled Map Editor (HKLM-x32\...\Tiled) (Version: - )
TweetAttacks (HKLM-x32\...\{888E3D8F-D4A0-4928-BC62-CCE7F0EBABC8}) (Version: 2.6.1 - Traffic Addict)
Twitterbot version 1.001 (HKLM-x32\...\{DE552BE6-DA73-4EA4-8A45-4EAA9D2C00F3}_is1) (Version: 1.001 - Magzmedia)
Unity (HKLM-x32\...\Unity) (Version: - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{BFA2D2A7-4FAC-4862-B7A3-960B329C2177}) (Version: 4.3.216.0 - Validity Sensors, Inc.)
VIP Access SDK (1.0.0.55) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.55 - Symantec Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Visual Studio CRT DLL Setup (HKLM-x32\...\{5419093A-5924-4CEF-BC84-B5B502FC7871}) (Version: 1.00.0000 - Your Company Name)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.0 - VMware, Inc)
VMware Player (Version: 6.0.0 - VMware, Inc.) Hidden
VMware View Client (DoHA Thinapp) (HKLM\...\{C8AFCCB6-ACF6-4E4E-B8C4-FE333CF9AF51}) (Version: 1.00.0000 - IBM SPMS)
Vodafone Mobile Broadband Lite (HKLM-x32\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.1.001.26030 - Vodafone)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.2.0w5 - Wacom Technology Corp.)
WebTablet FB Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.4 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
welcome (x32 Version: 11.0.21500.0.4 - Nero AG) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\WinDirStat) (Version: - )
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Grep 2.3 (HKLM-x32\...\Windows Grep_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wireshark 1.6.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.6.7 - The Wireshark developer community, http://www.wireshark.org)
Yahoo!7 Messenger (HKLM-x32\...\Yahoo!7 Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\frak\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\frak\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\frak\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\frak\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\frak\AppData\Local\Citrix\GoToMeeting\1831\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\frak\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\frak\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\frak\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\frak\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\ndishc.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\frak\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\frak\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2034661297-170274631-3907706445-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\frak\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-03-09 20:24 - 2014-08-23 22:08 - 00000797 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A00CA0F-D574-4BC5-BF33-A3B469E08DC7} - System32\Tasks\HPCeeScheduleForfrak => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {0B1887CE-D9BC-45D6-80DA-D08CA57619F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1061E8D2-FC8F-44DF-9A4D-7B524D5C7B4F} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-16] (Microsoft Corporation)
Task: {1577AFE9-6DF4-4499-BD91-DABF48709656} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {1C747E5B-D868-45BE-8422-F3BB3AB3481D} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {40819975-DBE6-4385-9C1E-05503B3F4649} - System32\Tasks\HPCeeScheduleForFRAK-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {46EDC016-6255-4BAF-B759-D64E2E8218E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {67201EC3-C2E5-4275-B5B3-D0BBA3F69E8B} - System32\Tasks\{EE959434-8A24-44FC-A6C0-CB9F91F661B6} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe" -d "C:\Program Files (x86)\Mozilla Thunderbird" -c /UpdateShortcutAppUserModelIds
Task: {7BB00105-6B89-40C2-862D-72BB60F726C2} - System32\Tasks\{22BF08FD-0330-4E8F-BC32-F12FAE842132} => pcalua.exe -a "C:\Users\frak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V96L388O\winsdk_web.exe" -d C:\Users\frak\Desktop
Task: {85AE564A-1F53-4B5F-BA8D-C820B39CF4D4} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {92821DAF-6EB8-4CF6-860D-B7DEB6D08609} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034661297-170274631-3907706445-1001Core => C:\Users\frak\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.)
Task: {97907A28-369D-4717-9FEF-62915EF57530} - System32\Tasks\G2MUpdateTask-S-1-5-21-2034661297-170274631-3907706445-1001 => C:\Users\frak\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {9812A9C0-9522-4AC5-9BCC-A53026C81BE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01] (Google Inc.)
Task: {98D762CD-1E27-4E54-8BB0-97C211B95CAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {99B3D6BC-6906-43DC-BDE7-D56B8B9F14B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A951AD15-2223-43BE-96E8-9DFD429F9B10} - System32\Tasks\task199036590 => C:\windows\Temp\_ex-08.exe <==== ATTENTION
Task: {AFCE15BC-FF5C-45DC-BBCF-BE8BFB2E772D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {C871277C-884E-4E08-B55E-5EA507D09F1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CC606AB5-692B-4A33-8D96-ADC7C45FF205} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034661297-170274631-3907706445-1001UA => C:\Users\frak\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.)
Task: {CD893E40-E0E1-4671-B595-84819AE7F949} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {CEBCAA11-BCF9-4D16-B332-3CD3702529C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01] (Google Inc.)
Task: {DE7FD7B3-6C20-4620-BD46-E9384153B1BC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {E1F403D7-D0F4-4651-A460-54DD6547F646} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {E3992154-0426-4B7C-B6C7-B65A0CB14B1B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {FFC72C23-51F3-4204-8EE0-8E59D29D8CEA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2034661297-170274631-3907706445-1001.job => C:\Users\frak\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034661297-170274631-3907706445-1001Core.job => C:\Users\frak\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034661297-170274631-3907706445-1001UA.job => C:\Users\frak\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForFRAK-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForfrak.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2011-07-27 19:07 - 2011-07-27 19:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-01-26 15:16 - 2005-03-12 00:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2011-07-18 16:48 - 2011-07-18 16:48 - 00156216 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-02-08 13:00 - 2012-02-08 13:00 - 03401216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2012-02-08 12:08 - 2012-02-08 12:08 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2012-05-23 20:07 - 2013-08-30 08:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-03 09:48 - 2012-01-23 07:38 - 01184632 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-01-20 21:35 - 2015-01-20 21:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 21:35 - 2015-01-20 21:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-03 00:42 - 2010-01-03 00:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-07-30 12:39 - 2010-07-30 12:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-10-07 15:07 - 2011-10-07 15:07 - 00011776 _____ () C:\Program Files (x86)\HP webOS\PDK\tcprelay.exe
2012-02-08 12:44 - 2012-02-08 12:44 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2014-03-25 13:24 - 2014-09-24 14:54 - 00197936 _____ () C:\Program Files (x86)\ShareMouse\smService.exe
2014-03-25 13:24 - 2014-09-24 14:54 - 04316464 _____ () C:\Program Files (x86)\ShareMouse\sharemouse.exe
2011-03-18 08:09 - 2011-03-18 08:09 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2011-04-19 16:57 - 2011-04-19 16:57 - 00522736 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2011-03-18 08:08 - 2011-03-18 08:08 - 00097336 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-03-18 08:08 - 2011-03-18 08:08 - 00046136 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2011-04-30 09:11 - 2010-12-14 06:49 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-04-09 02:57 - 2011-04-09 02:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2013-09-12 12:48 - 2013-09-12 12:48 - 00661008 _____ () C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
2014-10-30 21:19 - 2014-10-30 21:19 - 00134568 _____ () C:\Program Files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
2013-08-21 13:18 - 2015-04-17 03:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-27 09:44 - 2015-04-23 12:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-27 09:44 - 2015-04-23 12:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-27 09:44 - 2015-04-23 12:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-07-10 05:04 - 2015-05-12 08:03 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 07:27 - 2014-12-02 07:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 07:27 - 2014-12-02 07:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 07:27 - 2014-12-02 07:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 07:27 - 2014-12-02 07:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 07:27 - 2014-12-02 07:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-10-08 17:19 - 2015-05-12 08:03 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2011-03-04 12:02 - 2011-03-04 12:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-03-25 13:24 - 2014-09-24 14:54 - 00142640 _____ () C:\Program Files (x86)\ShareMouse\smkey.dll
2014-03-25 13:24 - 2014-09-24 14:54 - 00094000 _____ () C:\Program Files (x86)\ShareMouse\smlang.dll
2015-06-06 14:30 - 2015-06-06 14:30 - 00043008 _____ () c:\users\frak\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthtnsn.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00750080 _____ () C:\Users\frak\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00047616 _____ () C:\Users\frak\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00865280 _____ () C:\Users\frak\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 07:45 - 2015-03-05 07:45 - 00200704 _____ () C:\Users\frak\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2010-09-09 09:44 - 2010-09-09 09:44 - 00294400 _____ () C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
2009-07-14 07:03 - 2009-07-14 11:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2010-11-25 15:44 - 2010-11-25 15:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-04-09 02:57 - 2011-04-09 02:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2013-09-10 13:20 - 2015-05-12 05:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-10-17 08:01 - 2014-10-17 08:01 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67e9010a82d780d45c4fd2d359927737\IsdiInterop.ni.dll
2011-07-21 21:37 - 2011-01-13 11:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:30C4F293
AlternateDataStreams: C:\Users\frak\Downloads\HeyzapAds.framework.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\frak\Downloads\schemacrawler-12.04.02-main.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\frak\AppData\Local\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\frak\AppData\Local\Temp:zdi67tKk2MZA5FOWSMRLOsvL3oN3G

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2034661297-170274631-3907706445-1001\...\4age.net -> www.4age.net (http://www.4age.net)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2034661297-170274631-3907706445-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\frak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{854FA555-1EE0-4F0B-8AFF-924A908A3B43}] => (Allow) C:\Users\frak\AppData\Local\Temp\migD666.tmp\migwiz.exe
FirewallRules: [{223F0367-826D-4F63-A1C1-D73B7CBD4815}] => (Allow) C:\Users\frak\AppData\Local\Temp\migD666.tmp\migwiz.exe
FirewallRules: [{7633740D-C25B-4DE7-849D-52AD48BF2523}] => (Allow) C:\Users\frak\AppData\Local\Temp\mig99C8.tmp\migwiz.exe
FirewallRules: [{947628F8-DF1B-4A71-B622-2F573996702F}] => (Allow) C:\Users\frak\AppData\Local\Temp\mig99C8.tmp\migwiz.exe
FirewallRules: [{6F7B315C-215E-45BF-8E2C-32B7D560FB6A}] => (Allow) C:\Users\frak\AppData\Local\Temp\mig763D.tmp\migwiz.exe
FirewallRules: [{084E278D-AD0F-4312-84D7-D328087A89B6}] => (Allow) C:\Users\frak\AppData\Local\Temp\mig763D.tmp\migwiz.exe
FirewallRules: [TCP Query User{C584C984-ED9B-4D94-BA37-2C877702C415}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{88F1DBF1-D4B8-4FCD-80E4-DB16AB4A5081}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{95115C8E-FE1F-4369-8F76-52F2D0FF4F01}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F24E51A2-64F0-4E73-BAD3-975BED6233A4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{88883586-0A22-4A80-B6AF-F750BEF10FA3}C:\program files (x86)\ansca\corona sdk\corona.debugger.exe] => (Allow) C:\program files (x86)\ansca\corona sdk\corona.debugger.exe
FirewallRules: [UDP Query User{F8FA563C-6D61-4489-AFBB-5F59019B406A}C:\program files (x86)\ansca\corona sdk\corona.debugger.exe] => (Allow) C:\program files (x86)\ansca\corona sdk\corona.debugger.exe
FirewallRules: [TCP Query User{F3E396DA-AD2B-4776-BD9B-73D559936505}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Block) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe
FirewallRules: [UDP Query User{0C780386-253A-4B58-BECC-3EEF343A2430}C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe] => (Block) C:\program files (x86)\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe
FirewallRules: [TCP Query User{7B7106DB-B56A-423F-BDA1-248139D07EF5}C:\program files (x86)\freeciv-2.3.0-sdl\freeciv-server.exe] => (Allow) C:\program files (x86)\freeciv-2.3.0-sdl\freeciv-server.exe
FirewallRules: [UDP Query User{5CD15F23-41E6-41DC-A969-02C1F6061EFB}C:\program files (x86)\freeciv-2.3.0-sdl\freeciv-server.exe] => (Allow) C:\program files (x86)\freeciv-2.3.0-sdl\freeciv-server.exe
FirewallRules: [TCP Query User{FD5B1FB2-0B51-49F9-9A33-23EFF8822005}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{33E82289-F74F-4317-BBC2-7B39A065FB95}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{9CFD742A-DB29-4B8B-8779-922D3F4914FA}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [UDP Query User{2F29BCE4-F8DD-446A-8634-7CA4E4C02CE2}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [TCP Query User{A8B27795-D49D-49DD-832A-B8EE42D567DE}C:\program files (x86)\the game creators\agktrial\projects\basic\examples\multiplayer\gettingstarted\gettingstarted.exe] => (Block) C:\program files (x86)\the game creators\agktrial\projects\basic\examples\multiplayer\gettingstarted\gettingstarted.exe
FirewallRules: [UDP Query User{8A1C5A5D-F37D-4B3E-8DBF-CD5DC55D98DD}C:\program files (x86)\the game creators\agktrial\projects\basic\examples\multiplayer\gettingstarted\gettingstarted.exe] => (Block) C:\program files (x86)\the game creators\agktrial\projects\basic\examples\multiplayer\gettingstarted\gettingstarted.exe
FirewallRules: [TCP Query User{97EE1D32-D267-43F7-8926-71C395B955FD}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{5E171EC7-5ED0-4D7A-91E9-16AB535180F0}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [{48DB3388-86A6-4D17-9161-A03146DDC1C8}] => (Allow) C:\Users\frak\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DDE74BEA-891D-4D41-8A19-68DF1295B5F8}] => (Allow) C:\Users\frak\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{35EB4F3B-3795-4837-BC3C-6A3F18AC96F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{512C2982-F043-4BD2-99D9-D0EC7F41C714}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B8701580-84F8-4576-B9CE-72C5411202D5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5C0A77D6-FBF6-400E-B920-800DBA89D276}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{C9843DAE-4D56-4A49-9AF3-38E68B8B8497}C:\users\frak\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\frak\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{361B592F-F318-42C8-A62C-242AFC422704}C:\users\frak\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\frak\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2C6A1914-745D-4F08-8E5C-A97FE9783DE5}] => (Allow) LPort=6961
FirewallRules: [{E6FB4A17-119C-4077-B3AB-00B613642C57}] => (Allow) LPort=6961
FirewallRules: [TCP Query User{A3F44FA8-C2B3-4F82-A183-C122A3FAAE32}C:\users\frak\downloads\rtmpdump-20110925-git-6230845-win32\rtmpsrv.exe] => (Allow) C:\users\frak\downloads\rtmpdump-20110925-git-6230845-win32\rtmpsrv.exe
FirewallRules: [UDP Query User{43749993-14FA-4945-895C-3D1B57C526A3}C:\users\frak\downloads\rtmpdump-20110925-git-6230845-win32\rtmpsrv.exe] => (Allow) C:\users\frak\downloads\rtmpdump-20110925-git-6230845-win32\rtmpsrv.exe
FirewallRules: [{F36ED436-5E0D-43BC-9F9F-FD60F0254C64}] => (Block) C:\users\frak\downloads\rtmpdump-20110925-git-6230845-win32\rtmpsrv.exe
FirewallRules: [{1E195BC6-8AA8-4189-8517-FA17DEA608FD}] => (Block) C:\users\frak\downloads\rtmpdump-20110925-git-6230845-win32\rtmpsrv.exe
FirewallRules: [{DA1D1A8F-C4CC-42BD-9100-659836D0A487}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1577B5A7-4CCE-4208-B045-D80A39A1E248}] => (Allow) LPort=2869
FirewallRules: [{DE7E9746-8B0D-4EB5-985A-E9A7D2619745}] => (Allow) LPort=1900
FirewallRules: [{29D4314C-41A1-4BA2-B46B-CD45B88626EC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{E1FE63EA-B729-46E9-8EF9-8D8B5AF81622}C:\users\frak\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\frak\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5E0358EC-7064-4050-B815-1C09493B0550}C:\users\frak\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\frak\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F97EA7F8-46AB-4F6C-8F8A-963669F27B64}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{BF154CFE-2C31-47E5-B36E-717293853BAE}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [{4F07343A-7A41-4795-8139-018BDCB7CDA7}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{436482DC-F13F-435E-A9D5-C15FEAE24DFC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{B6FF0B6F-C097-4E57-B8EB-CD114F8810B4}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{901291E9-CC70-49C1-BAF1-28A9E65845A4}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{E98E3B9C-4D0F-4706-83B4-54338C569700}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{864278D5-ABE9-4243-919D-76A701BC3400}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{16AF1BB0-8512-48CD-A3CF-99E4F4C3AC65}] => (Allow) C:\Users\frak\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{052648A3-077E-460E-A001-8DD317ACCFCF}C:\users\frak\appdata\roaming\thinstall\vmwareviewclient\skel\ed3dfc023780e406ced62f4a02d3a049b66a807a\wsnm.exe] => (Allow) C:\users\frak\appdata\roaming\thinstall\vmwareviewclient\skel\ed3dfc023780e406ced62f4a02d3a049b66a807a\wsnm.exe
FirewallRules: [UDP Query User{C55C4CB2-EA74-409E-A38C-C36FFAC62D15}C:\users\frak\appdata\roaming\thinstall\vmwareviewclient\skel\ed3dfc023780e406ced62f4a02d3a049b66a807a\wsnm.exe] => (Allow) C:\users\frak\appdata\roaming\thinstall\vmwareviewclient\skel\ed3dfc023780e406ced62f4a02d3a049b66a807a\wsnm.exe
FirewallRules: [{775CDCC9-B1CD-4ED8-A32E-B0339957F342}] => (Block) C:\users\frak\appdata\roaming\thinstall\vmwareviewclient\skel\ed3dfc023780e406ced62f4a02d3a049b66a807a\wsnm.exe
FirewallRules: [{6967600D-A196-463A-8148-66A90B49A7C4}] => (Block) C:\users\frak\appdata\roaming\thinstall\vmwareviewclient\skel\ed3dfc023780e406ced62f4a02d3a049b66a807a\wsnm.exe
FirewallRules: [TCP Query User{08336470-8F72-406F-9464-3DC39C074203}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{B07BC9A5-4394-4A65-B68A-EF7DEDBB78E1}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{0F5F1F13-3873-464C-B36A-A8B851BFF5A1}] => (Block) C:\windows\system32\java.exe
FirewallRules: [{1A11EE7A-83F8-46BC-867E-C7302850BE3A}] => (Block) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{BAFD37F5-76BD-4D97-A863-6912AF8BE377}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{91FAC14F-7CB6-4BC5-8A29-94A9E901C07E}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{FD5262F7-7C23-42C6-8755-E3441EAD8B87}] => (Allow) LPort=6962
FirewallRules: [{4BBB3CD8-970C-4AA9-A191-6B9E019E3353}] => (Allow) LPort=6962
FirewallRules: [{7274A35D-8518-46A2-9EF5-34F17BCC5665}] => (Allow) LPort=6963
FirewallRules: [{B767041C-F42A-4248-B71A-C04D9C22FEC6}] => (Allow) LPort=6963
FirewallRules: [{2FE0A12F-6106-420A-B233-394626D62E4F}] => (Allow) LPort=16973
FirewallRules: [{B7345013-AF45-4A91-AA51-1C76C37E542A}] => (Allow) LPort=16973
FirewallRules: [TCP Query User{FECE39D1-B9BE-4D9E-95C0-4F235E6BF749}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{1D5078DB-E3BE-4690-AE3C-BCEE158B517A}C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files (x86)\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [{4AF9C1AB-2F46-49A0-B1B4-1A7BE51374EA}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{39C14BEF-67B5-426D-BB73-A1B6352A9C73}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{40673AA0-DD37-46A4-9377-5D75EC8835A5}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
FirewallRules: [{B7AFD95E-6D1C-4AF0-884A-FD1601D5C796}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
FirewallRules: [{48F8C5CC-0794-4A86-BBD5-0D72563C5533}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
FirewallRules: [{29697301-627E-48A2-ABDA-A907FF0C68F9}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
FirewallRules: [{654E0253-87FA-448F-A69D-BC75F33ADC72}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe
FirewallRules: [{0C4857D9-1E88-427A-9891-A3BFB1D7258F}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
FirewallRules: [{E74EE8BE-5B00-4047-88AD-0A75DDFC2808}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{597317B7-1026-4477-A7BE-1747B0184542}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F9306A83-7543-4BF0-8798-376C85D2E919}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe
FirewallRules: [{E6024695-70C5-404D-8B6F-2D12EB68CBEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe
FirewallRules: [{22B54EE6-274B-42A1-B14F-13973757DB21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe
FirewallRules: [{C1CDEB9B-6539-4F1C-B67C-A5C589B0132E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe
FirewallRules: [{B8871037-41CE-4D9F-9291-19AF1EC37608}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe
FirewallRules: [{8789FDB9-C180-4AF9-A646-D10003A3A23C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe
FirewallRules: [{585E088A-FFB7-45AE-AF70-FD422D594CAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe
FirewallRules: [{CBCD61E1-9C11-4C0B-8D79-E4E85E6BFD5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\AirMech\AirMech.exe
FirewallRules: [{8F7A3C21-D55E-40B5-AF09-D7A2BA333085}] => (Allow) C:\Program Files (x86)\ShareMouse\ShareMouse.exe
FirewallRules: [{D5358201-8397-4F89-9622-DA653117A4C1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B7D024C8-F64E-4BCD-A861-88FBD46F2CE2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D55FED9A-E34B-4C44-AA90-3907F91848FA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{91FF1AF5-BEF5-4067-841E-E64CDFD99D3E}] => (Allow) C:\Program Files (x86)\ShareMouse\ShareMouse.exe
FirewallRules: [TCP Query User{C2E5CEFC-C580-4967-B096-EF1FCDEB8873}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{80932075-3CCC-4C28-82A6-E933277952AB}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{9CD67DEC-5CA7-47EC-AAB4-3315BB654292}] => (Block) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{1C30A2CC-5BAD-45FE-9F85-B6A594645A88}] => (Block) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{77469E09-2114-456D-97E9-60FF3A0D0F55}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE63FC9C-DD07-40E4-8A71-7C0B9F8C1B00}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AD67FBEF-A84C-495F-BC93-F1FA23C9C620}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{04454702-2A00-432F-8DC2-10CFD820822E}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{FE979115-607D-42F5-81A7-91FCAFB45AEB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1DB392AC-A920-46E8-8542-B235EDB283F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{FF45588A-2A80-4A98-9E00-40581D7BF7CB}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2015 02:40:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 134.0.168.192.in-addr.arpa. PTR frak-HP.local.

Error: (06/06/2015 02:40:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.134:5353 17 134.0.168.192.in-addr.arpa. PTR frak-HP-2.local.

Error: (06/06/2015 02:39:59 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 1.188.168.192.in-addr.arpa. PTR frak-HP-2.local.

Error: (06/06/2015 02:39:59 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.188.1:5353 15 1.188.168.192.in-addr.arpa. PTR frak-HP.local.

Error: (06/06/2015 02:39:59 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 1.11.168.192.in-addr.arpa. PTR frak-HP-2.local.

Error: (06/06/2015 02:39:59 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.11.1:5353 15 1.11.168.192.in-addr.arpa. PTR frak-HP.local.

Error: (06/06/2015 02:39:59 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: Local Hostname frak-HP.local already in use; will try frak-HP-2.local instead

Error: (06/06/2015 02:39:59 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 frak-HP.local. Addr 192.168.0.134

Error: (06/06/2015 02:39:59 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.134:5353 16 frak-HP.local. AAAA FE80:0000:0000:0000:D84B:34F0:5511:26FA

Error: (06/06/2015 02:39:58 PM) (Source: RIM MDNS) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 frak-HP.local. Addr 192.168.0.134


System errors:
=============
Error: (06/06/2015 02:36:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (06/06/2015 02:33:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (06/06/2015 02:28:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/06/2015 02:28:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iPod Service service failed to start due to the following error:
%%1053

Error: (06/06/2015 02:28:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

Error: (06/06/2015 02:28:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (06/06/2015 02:28:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.

Error: (06/06/2015 02:27:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (06/06/2015 02:26:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VMware Authorization Service service failed to start due to the following error:
%%1053

Error: (06/06/2015 02:26:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VMware Authorization Service service to connect.


Microsoft Office:
=========================
Error: (01/19/2015 03:05:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 381707 seconds with 1140 seconds of active time. This session ended with a crash.

Error: (10/11/2014 04:17:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 805997 seconds with 2400 seconds of active time. This session ended with a crash.

Error: (09/29/2014 07:09:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 15263 seconds with 2460 seconds of active time. This session ended with a crash.

Error: (09/29/2014 02:54:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 16397 seconds with 1920 seconds of active time. This session ended with a crash.

Error: (09/29/2014 10:20:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 6828 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (09/20/2014 07:27:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2213 seconds with 720 seconds of active time. This session ended with a crash.

Error: (09/19/2014 01:42:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 13092 seconds with 3180 seconds of active time. This session ended with a crash.

Error: (09/15/2014 10:58:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 62073 seconds with 4020 seconds of active time. This session ended with a crash.

Error: (09/10/2014 10:49:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/10/2014 10:43:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 229 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-06-03 00:25:20.591
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\MYOB\AccountRight\2013.1\AU\BASlink\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-02 21:14:33.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\MYOB\AccountRight\2013.1\AU\BASlink\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-23 11:49:59.951
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\MYOB\AccountRight\2013.1\AU\BASlink\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-21 11:10:48.096
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\MYOB\AccountRight\2013.1\AU\BASlink\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-21 11:10:47.956
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\MYOB\AccountRight\2013.1\AU\BASlink\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-21 11:10:47.796
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\MYOB\AccountRight\2013.1\AU\BASlink\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-21 11:06:22.720
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\MYOB\AccountRight\2013.1\AU\BASlink\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 18:07:37.877
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\MYOB\AccountRight\2013.1\AU\BASlink\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 18:07:37.704
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\MYOB\AccountRight\2013.1\AU\BASlink\bcrypt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-05-17 18:07:37.516
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\MYOB\AccountRight\2013.1\AU\BASlink\bcrypt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 25%
Total physical RAM: 16334.36 MB
Available physical RAM: 12241 MB
Total Pagefile: 20099.63 MB
Available Pagefile: 15490.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.82 GB) (Free:2.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:14.64 GB) (Free:2.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.12 GB) FAT32
Drive h: () (Removable) (Total:3.74 GB) (Free:0.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FB3C4DDA)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: BB4CD866)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)

==================== End of log ============================

Dakeyras
2015-06-11, 16:00
Hi. :)


Thanks glad to see you!
You're welcome and please refrain from posting any log I request inside of a code-box as it makes is somewhat difficult to review, thank you.

Also since it appears you have opted to save various tools to this folder:-

C:\Users\frak\Desktop\mal

By all means continue to do so as it will actually make it that bit more easier when I give the all clear and employ a specific methodology to remove all etc.

Uninstall Software:

Please click on Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

Akamai NetSession Interface <-- Is actually a pseudo P2P application and will have to be removed per the forum rules. Plus has very undesirable characteristics overall.
Ad-Aware Browsing Protection <-- Utter dross in my humble opinion.

To do so click once on each of the above to highlight, then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to this folder on your desktop: C:\Users\frak\Desktop\mal

12216


Now right-click on FRST.exe and select Run as Administrator to start FRST.
Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
Your machine should now automatically reboot itself.
Post the contents of the newly created Fixlog in your next reply.

Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Scan with JRT:

Please download and save the Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/).

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).


Right-click on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Next:

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered ?
Fix Log from the Custom FRST Script.
Junkware Removal Tool Log.

Dakeyras
2015-06-15, 14:01
Due to the lack of feedback this Topic is closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of both awsMBR and FRST logs plus a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.