Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

redirecting to wpkg.org

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

redirecting to wpkg.org

Unread postby artedesenyo » May 1st, 2015, 3:03 am

My Firefox, chrome and internet explorer all redirecting some site i prequent to hxxp://www.wpkg.org. i have tried everything and all failed.... my masterbootrecord have been destroyed by spyhunter4 tring to remove this crap.

also the DDS SCR is not running due to when i double click it NOTEPAD opens it.... ????

HOW? NEED HELP...
artedesenyo
Active Member
 
Posts: 3
Joined: May 1st, 2015, 2:50 am
Advertisement
Register to Remove

Re: redirecting to wpkg.org

Unread postby Gary R » May 1st, 2015, 5:58 am

Are you able to run a scan using FRST ?

  • Download FRST to your Desktop. (if yours is a 32 bit system)
  • Download FRST64 to your Desktop. (if yours is a 64 bit system)
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: redirecting to wpkg.org - FRST.TXT ( Addition on next po

Unread postby artedesenyo » May 1st, 2015, 10:15 am

Hi Gary, I assure and guarantee you guys that this is my home computer, i used it to play games, watch videos, and for training to develop my skills and find a job also for designing my own website and do my own 3d models and renderings as its my hobby. hope you guys can help me as i got no one to turn too unless i pay them. i only play world of tanks and total war BTW. best regards, ARTd.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Administrator (administrator) on DARPANET-MAC01 on 01-05-2015 21:57:40
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Chinese (Simplified, PRC)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.2.0.46\BaiduProtect.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(www.hideallip.com) C:\Program Files (x86)\Hide ALL IP\LauncherService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NETGATE Technologies s.r.o.) C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(www.hideallip.com) C:\Program Files (x86)\Hide ALL IP\HideALLIP.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Dropbox, Inc.) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files (x86)\Hide ALL IP\networktunnelx64helper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Autodesk Inc.) C:\Users\Administrator\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe
(Microsoft Corporation) C:\Users\Administrator\Desktop\Windows-KB890830-x64-V5.23.exe
(Microsoft Corporation) K:\43dd56847da94613f4453d5d\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe
(Microsoft Corporation) D:\用户目录\下载\msert.exe
(Microsoft Corporation) D:\用户目录\下载\msert.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-06] (Analog Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-05] (Avast Software s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-04-02] ()
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1282008 2015-02-28] ()
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
HKU\S-1-5-20\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
HKU\S-1-5-21-277522947-664571070-3038148859-500\...\Run: [Hide ALL IP] => C:\Program Files (x86)\Hide ALL IP\HideAllIP.exe [3880304 2015-03-31] (www.hideallip.com)
HKU\S-1-5-21-277522947-664571070-3038148859-500\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-277522947-664571070-3038148859-500\...\Policies\Explorer: []
HKU\S-1-5-21-277522947-664571070-3038148859-500\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-277522947-664571070-3038148859-500\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-277522947-664571070-3038148859-500\...\MountPoints2: {9b499ec5-71f6-11e4-9fad-806e6f6e6963} - F:\lge.exe
HKU\S-1-5-18\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\\PPSKernel.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.)
IFEO\overwolflauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\owuninstaller.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2015-02-13]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-05] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.131wz.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-277522947-664571070-3038148859-500\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
HKU\S-1-5-21-277522947-664571070-3038148859-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-277522947-664571070-3038148859-500\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
URLSearchHook: HKU\S-1-5-21-277522947-664571070-3038148859-500 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-277522947-664571070-3038148859-500 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={47C98A79-3FB3-4AB2-84FE-286CFDAA3029}&mid=cce759ebac3347cd864ed16dcaf82836-1d815aafb0496509ff0d70f1b7c5a431bc78adb6&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-02 12:54:29&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-277522947-664571070-3038148859-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-277522947-664571070-3038148859-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={47C98A79-3FB3-4AB2-84FE-286CFDAA3029}&mid=cce759ebac3347cd864ed16dcaf82836-1d815aafb0496509ff0d70f1b7c5a431bc78adb6&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215pit&pr=fr&d=2015-04-02 12:54:29&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-277522947-664571070-3038148859-500 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-277522947-664571070-3038148859-500 -> {FA1D999E-899E-48AE-B65F-60534650BE00} URL = http://ie.131wz.com/?wd={SearchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-05] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2015-01-20] (Yahoo! Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-05] (Avast Software s.r.o.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-04-02] (AVG)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2015-01-20] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-277522947-664571070-3038148859-500 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-277522947-664571070-3038148859-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://172.168.0.43:83/1Q2W3E4R5T6Y7U8I ... plugin.cab
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - No File
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Windows\SysWOW64\networkdlllsp.dll [433520 2015-01-28] (Network Tunnel Lab)
Winsock: Catalog9 01 C:\Windows\SysWOW64\networkdlllsp.dll [433520 2015-01-28] (Network Tunnel Lab)
Winsock: Catalog9 02 C:\Windows\SysWOW64\networkdlllsp.dll [433520 2015-01-28] (Network Tunnel Lab)
Winsock: Catalog9 03 C:\Windows\SysWOW64\networkdlllsp.dll [433520 2015-01-28] (Network Tunnel Lab)
Winsock: Catalog9 04 C:\Windows\SysWOW64\networkdlllsp.dll [433520 2015-01-28] (Network Tunnel Lab)
Winsock: Catalog9 05 C:\Windows\SysWOW64\networkdlllsp.dll [433520 2015-01-28] (Network Tunnel Lab)
Winsock: Catalog9 06 C:\Windows\SysWOW64\networkdlllsp.dll [433520 2015-01-28] (Network Tunnel Lab)
Winsock: Catalog9 07 C:\Windows\SysWOW64\networkdlllsp.dll [433520 2015-01-28] (Network Tunnel Lab)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4B73620B-089F-4C11-8020-47CE9236440E}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\01pc7fwh.default-1430233339025
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-26] ()
FF Plugin-x32: @cmbchina.com/npcmbedit -> C:\Windows\system32\NPCMBEdit.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-09-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @lattice3d.com/XVL Player -> C:\Program Files\Lattice\Player3_x86\npxvlplay.dll [2015-02-26] (Lattice Technology Co.,Ltd.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microdone.cn/UPEditor -> C:\Windows\system32\UPEdit\npUPEditor2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-13] (NVIDIA Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.3.0059\npplugin2.dll [2014-06-27] (PPLive Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2014-11-23] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2014-11-23] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.58\Bin\npSSOAxCtrlForPTLogin.dll [2014-05-23] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-277522947-664571070-3038148859-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-08] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-04-02]
FF Extension: Firebug - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\01pc7fwh.default-1430233339025\Extensions\firebug@software.joehewitt.com.xpi [2015-04-29]
FF Extension: SafeBrowser - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\01pc7fwh.default-1430233339025\Extensions\jid1-Y6skBMJOzmzplw@jetpack.xpi [2015-04-29]
FF Extension: Minimal Site Block - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\01pc7fwh.default-1430233339025\Extensions\minimal-site-block@clemens-bartz.de.xpi [2015-04-29]
FF Extension: Simple Site Blocker - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\01pc7fwh.default-1430233339025\Extensions\simplesiteblocker@example.com.xpi [2015-04-29]
FF Extension: Web Developer - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\01pc7fwh.default-1430233339025\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-04-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-15]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-25]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (JSON Formatter) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjindcccaagfpapjjmafapmmgkkhgoa [2015-04-05]
CHR Extension: (Web Developer) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-04-05]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25]
CHR Extension: (JSONView) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2015-04-05]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-01-15]
CHR Extension: (Collusion for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2015-04-05]
CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-25]
CHR Extension: (Print) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2015-04-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Skype Click to Call) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-27]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKU\S-1-5-21-277522947-664571070-3038148859-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-06] (Andrea Electronics Corporation)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-05] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-05] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-06] (Avast Software)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1516968 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 BDSGRTP; C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.2.0.46\BaiduProtect.exe [1170784 2014-01-13] (百度在线网络技术(北京)有限公司)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HideIPLaucherService; C:\Program Files (x86)\Hide ALL IP\LauncherService.exe [489328 2014-01-24] (www.hideallip.com)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 McNeelUpdate; c:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2013-10-09] (Robert McNeel & Associates)
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
R2 NGRegClnSrv; C:\Program Files\NETGATE\Registry Cleaner\RegistryCleanerSrv.exe [618832 2013-02-21] (NETGATE Technologies s.r.o.)
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [997664 2014-10-22] (Overwolf LTD)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-03-01] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2014-11-24] (AVG Technologies)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-11-24] (AVG Technologies)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-11-24] (AVG Technologies)
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-04-02] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-03] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671000 2014-11-05] (Wacom Technology, Corp.)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-02] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-05] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-05] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-05] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-05] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [58136 2014-12-03] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [104264 2014-01-13] (Baidu)
R1 bd0004; C:\Windows\System32\DRIVERS\bd0004.sys [168264 2014-01-13] (Baidu)
R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [76104 2014-01-13] (Baidu Technology)
R2 BDArKit; C:\Windows\SysWOW64\DRIVERS\BDArKit.sys [144712 2014-11-14] (Baidu Technology)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 MpKsl018a1f13; C:\Windows\system32\MpEngineStore\MpKsl018a1f13.sys [45352 2015-05-01] (Microsoft Corporation)
R1 MpKsld481810e; C:\Windows\Temp\E5600B68-7DB3-E2C2-B924-C159CBFB3D2B\MpKsld481810e.sys [45352 2015-05-01] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175648 2013-12-27] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PassGuard; C:\Windows\system32\drivers\PassGuard_x64.sys [111416 2015-01-25] ()
S3 tap0901cn; C:\Windows\System32\DRIVERS\tap0901cn.sys [39616 2014-12-30] (Connectify)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-11-24] (TuneUp Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-06] (Avast Software)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [39048 2014-12-03] (The OpenVPN Project)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [97792 2011-09-22] (WIBU-SYSTEMS AG)
U3 Changer; No ImagePath
S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 21:57 - 2015-05-01 21:57 - 00042382 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-05-01 21:57 - 2015-05-01 21:57 - 00000000 ____D () C:\FRST
2015-05-01 21:56 - 2015-05-01 21:56 - 02101248 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-05-01 14:59 - 2015-05-01 14:59 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2015-05-01 14:51 - 2015-05-01 14:57 - 45142720 _____ (Microsoft Corporation) C:\Users\Administrator\Desktop\Windows-KB890830-x64-V5.23.exe
2015-05-01 11:21 - 2011-01-08 20:49 - 23730916 _____ () C:\Users\Administrator\Desktop\pop005_1.wav
2015-05-01 10:43 - 2015-05-01 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-01 10:42 - 2015-05-01 12:08 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-01 10:42 - 2015-05-01 10:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-05-01 10:19 - 2015-05-01 15:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-01 10:18 - 2015-05-01 10:18 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-01 10:18 - 2015-05-01 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-01 10:18 - 2015-05-01 10:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-01 10:18 - 2015-05-01 10:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-01 10:18 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-01 10:18 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-01 10:18 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-29 18:43 - 2015-04-30 07:48 - 00002532 _____ () C:\spyhunter.fix
2015-04-29 18:43 - 2015-04-29 18:24 - 00008192 _____ () C:\shldr.mbr
2015-04-29 18:43 - 2012-11-02 16:23 - 00285747 _____ () C:\shldr
2015-04-29 18:27 - 2015-04-29 18:28 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NETGATE Registry Cleaner
2015-04-29 18:27 - 2015-04-29 18:27 - 00001025 _____ () C:\Users\Public\Desktop\NETGATE Registry Cleaner.lnk
2015-04-29 18:27 - 2015-04-29 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGATE Registry Cleaner
2015-04-29 18:27 - 2015-04-29 18:27 - 00000000 ____D () C:\Program Files\NETGATE
2015-04-29 18:23 - 2015-04-29 18:24 - 00000000 ____D () C:\sh4ldr
2015-04-29 18:23 - 2015-04-29 18:23 - 00002296 _____ () C:\Users\Administrator\Desktop\SpyHunter.lnk
2015-04-29 18:23 - 2015-04-29 18:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-04-29 01:11 - 2015-04-29 01:15 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-04-28 23:04 - 2015-04-28 23:04 - 00001082 _____ () C:\Users\Administrator\Desktop\RegHunter.lnk
2015-04-28 23:04 - 2015-04-28 23:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Enigma Software Group
2015-04-28 23:02 - 2015-04-28 23:02 - 00000000 ____D () C:\Users\Administrator\Desktop\Old Firefox Data
2015-04-28 22:56 - 2015-04-28 22:56 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-04-28 22:56 - 2015-04-28 22:56 - 00000000 _____ () C:\autoexec.bat
2015-04-28 22:43 - 2015-04-28 23:04 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-27 13:52 - 2015-04-27 13:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-04-27 13:50 - 2015-04-27 13:50 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-04-27 13:50 - 2015-04-27 13:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Xiaomi
2015-04-27 13:50 - 2015-04-27 13:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\MiPhoneManager
2015-04-26 21:40 - 2015-04-30 13:40 - 00000000 ____D () C:\Users\Administrator\Desktop\photo works
2015-04-24 17:54 - 2015-04-25 00:55 - 00000000 ____D () C:\Users\Administrator\Desktop\my coming soon site
2015-04-24 02:48 - 2015-04-24 02:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Processing
2015-04-24 02:47 - 2014-05-19 21:13 - 00000000 ____D () C:\Users\Administrator\Desktop\processing-2.2.1
2015-04-24 00:45 - 2015-04-24 00:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-24 00:08 - 2015-04-24 00:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SumatraPDF
2015-04-23 23:50 - 2015-04-23 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\keygen
2015-04-23 23:48 - 2015-04-23 23:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\DFX
2015-04-23 23:47 - 2015-04-23 23:50 - 00000000 ____D () C:\Program Files (x86)\DFX
2015-04-23 23:47 - 2015-04-23 23:47 - 00001702 _____ () C:\Users\Public\Desktop\DFX.lnk
2015-04-23 23:47 - 2015-04-23 23:47 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc
2015-04-23 23:47 - 2015-04-23 23:47 - 00000000 ____D () C:\Users\Guest
2015-04-23 23:47 - 2015-04-23 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
2015-04-21 16:20 - 2015-04-21 16:20 - 00000944 _____ () C:\Users\Administrator\Desktop\Vector Magic - Shortcut.lnk
2015-04-21 16:20 - 2015-04-21 16:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Thinstall
2015-04-20 23:59 - 2015-04-20 23:59 - 00001514 _____ () C:\Users\Public\Desktop\Adobe Application Manager.lnk
2015-04-20 23:56 - 2015-04-20 23:59 - 00001250 _____ () C:\Users\Public\Desktop\Adobe Edge Animate CC 2014.lnk
2015-04-20 23:56 - 2015-04-20 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Edge Animate CC 2014
2015-04-20 23:54 - 2015-04-20 23:58 - 00001262 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Edge Animate CC 2014.lnk
2015-04-19 10:14 - 2015-04-19 10:14 - 00001966 _____ () C:\Users\Public\Desktop\3ds Max 2015.lnk
2015-04-19 09:47 - 2015-04-29 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegInOut System Utilities
2015-04-19 09:47 - 2015-04-29 00:21 - 00000000 ____D () C:\Program Files (x86)\RegInOut System Utilities
2015-04-19 09:47 - 2015-04-19 09:47 - 00001122 _____ () C:\Users\Public\Desktop\RegInOut System Utilities.lnk
2015-04-16 04:45 - 2015-04-16 04:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 04:45 - 2015-04-16 04:45 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 04:32 - 2015-04-16 04:32 - 00000000 ____D () C:\ProgramData\APN
2015-04-15 22:24 - 2015-04-15 22:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATViewer
2015-04-15 22:24 - 2015-04-15 22:24 - 00001047 _____ () C:\Users\Public\Desktop\Universal Viewer.lnk
2015-04-15 22:24 - 2015-04-15 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Viewer
2015-04-15 22:24 - 2015-04-15 22:24 - 00000000 ____D () C:\Program Files (x86)\Universal Viewer
2015-04-15 21:40 - 2015-04-15 21:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Nano
2015-04-15 21:40 - 2015-04-15 21:40 - 00001089 _____ () C:\Users\Public\Desktop\EPUB File Reader.lnk
2015-04-15 21:40 - 2015-04-15 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB File Reader
2015-04-15 21:40 - 2015-04-15 21:40 - 00000000 ____D () C:\Program Files (x86)\EPUB File Reader
2015-04-15 19:45 - 2013-05-28 03:17 - 00000000 ____D () C:\Users\Administrator\Desktop\CavnasRequireBackboneBoilerplate-master
2015-04-15 10:42 - 2015-03-23 11:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 10:42 - 2015-03-23 11:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 10:42 - 2015-03-23 11:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 10:42 - 2015-03-23 11:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 10:42 - 2015-03-23 11:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 10:42 - 2015-03-23 11:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 10:42 - 2015-03-23 11:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 10:42 - 2015-03-23 11:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 10:42 - 2015-01-28 07:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 10:40 - 2015-03-25 11:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 10:40 - 2015-03-25 11:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 10:40 - 2015-03-25 11:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 10:40 - 2015-03-25 11:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 10:40 - 2015-03-25 11:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 10:40 - 2015-03-25 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 10:40 - 2015-03-25 11:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 10:40 - 2015-03-25 11:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 10:40 - 2015-03-25 11:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 10:40 - 2015-03-25 11:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 10:40 - 2015-03-25 11:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 10:40 - 2015-03-25 11:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 10:40 - 2015-03-25 11:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 10:40 - 2015-03-25 11:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 10:40 - 2015-03-25 11:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 10:40 - 2015-03-25 11:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 10:40 - 2015-03-10 11:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:40 - 2015-03-10 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 10:40 - 2015-03-10 11:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 10:40 - 2015-03-10 11:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 10:40 - 2015-03-05 13:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 10:40 - 2015-03-05 12:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 10:39 - 2015-03-17 13:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:39 - 2015-03-17 13:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:39 - 2015-03-17 13:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 10:39 - 2015-03-17 13:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 10:39 - 2015-03-17 13:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 10:39 - 2015-03-17 13:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 10:39 - 2015-03-17 13:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 10:39 - 2015-03-17 13:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 10:39 - 2015-03-17 13:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 10:39 - 2015-03-17 13:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 10:39 - 2015-03-17 13:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 10:39 - 2015-03-17 13:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 10:39 - 2015-03-17 13:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 10:39 - 2015-03-17 13:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 10:39 - 2015-03-17 13:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 13:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 10:39 - 2015-03-17 13:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 10:39 - 2015-03-17 12:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 10:39 - 2015-03-17 12:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 10:39 - 2015-03-17 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 10:39 - 2015-03-17 12:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 10:39 - 2015-03-17 12:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 10:39 - 2015-03-17 12:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 10:39 - 2015-03-17 12:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 10:39 - 2015-03-17 12:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 10:39 - 2015-03-17 12:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 10:39 - 2015-03-17 12:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 10:39 - 2015-03-17 12:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 10:39 - 2015-03-17 12:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 10:39 - 2015-03-17 12:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 10:39 - 2015-03-17 12:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 10:39 - 2015-03-17 12:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 10:39 - 2015-03-17 12:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 10:39 - 2015-03-17 12:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 10:39 - 2015-03-17 12:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 10:39 - 2015-03-17 12:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 12:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 11:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 10:39 - 2015-03-17 11:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 10:39 - 2015-03-17 11:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 11:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 11:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:39 - 2015-03-17 11:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:38 - 2015-04-02 08:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:38 - 2015-04-02 07:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 10:38 - 2015-03-13 12:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:38 - 2015-03-13 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:38 - 2015-03-13 12:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:38 - 2015-03-13 12:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:38 - 2015-03-13 12:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:38 - 2015-03-13 12:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:38 - 2015-03-13 12:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:38 - 2015-03-13 12:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:38 - 2015-03-13 12:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:38 - 2015-03-13 12:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:38 - 2015-03-13 11:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:38 - 2015-03-13 11:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:38 - 2015-03-13 11:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:38 - 2015-03-13 11:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:38 - 2015-03-13 11:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 10:38 - 2015-03-13 11:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:38 - 2015-03-13 11:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:38 - 2015-03-13 11:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 10:38 - 2015-03-13 11:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 10:38 - 2015-03-13 11:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:38 - 2015-03-13 11:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:38 - 2015-03-13 11:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 10:38 - 2015-03-13 11:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 10:38 - 2015-03-13 11:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 10:38 - 2015-03-13 11:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 10:38 - 2015-03-13 11:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 10:38 - 2015-03-13 11:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:38 - 2015-03-13 11:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 10:38 - 2015-03-13 11:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:38 - 2015-03-13 11:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 10:38 - 2015-03-13 11:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 10:38 - 2015-03-13 11:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 10:38 - 2015-03-13 11:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 10:38 - 2015-03-13 11:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 10:38 - 2015-03-13 11:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 10:38 - 2015-03-13 11:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:38 - 2015-03-13 11:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:38 - 2015-03-13 11:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 10:38 - 2015-03-13 11:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:38 - 2015-03-13 11:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:38 - 2015-03-13 11:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 10:38 - 2015-03-13 11:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:38 - 2015-03-13 10:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 10:38 - 2015-03-13 10:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 10:38 - 2015-03-13 10:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 10:38 - 2015-03-13 10:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 10:38 - 2015-03-13 10:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:38 - 2015-03-13 10:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 10:38 - 2015-03-13 10:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 10:38 - 2015-03-13 10:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 10:38 - 2015-03-13 10:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 10:38 - 2015-03-13 10:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:38 - 2015-03-13 10:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:38 - 2015-03-13 10:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 10:38 - 2015-03-13 10:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 10:38 - 2015-03-13 10:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 10:38 - 2015-03-04 12:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:38 - 2015-03-04 12:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:38 - 2015-03-04 12:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 10:38 - 2015-02-25 11:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 01:16 - 2015-04-15 01:22 - 00000000 ____D () C:\Users\Administrator\Desktop\the one coming soon page
2015-04-14 00:58 - 2015-04-14 00:58 - 00000987 _____ () C:\Users\Administrator\Desktop\Focusky.lnk
2015-04-14 00:58 - 2015-04-14 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusky
2015-04-13 22:33 - 2015-04-13 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\com.wonderidea.focusky
2015-04-13 22:27 - 2015-04-13 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vertus Fluid Mask 3
2015-04-13 22:26 - 2015-04-13 22:27 - 00000000 ____D () C:\Program Files (x86)\Vertus Fluid Mask 3
2015-04-13 22:26 - 2015-04-13 22:26 - 00000000 ____D () C:\ProgramData\VertusTech
2015-04-13 22:23 - 2015-04-14 00:58 - 00000000 ____D () C:\Program Files (x86)\Focusky
2015-04-10 17:11 - 2015-04-18 15:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Notepad++
2015-04-10 17:11 - 2015-04-10 17:11 - 00001055 _____ () C:\Users\Administrator\Desktop\Notepad++.lnk
2015-04-10 17:11 - 2015-04-10 17:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-10 17:11 - 2015-04-10 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-10 17:11 - 2015-04-10 17:11 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-10 12:17 - 2015-04-10 12:17 - 00001302 _____ () C:\Users\Public\Desktop\Estelar PDF Unlock Tool.lnk
2015-04-10 12:17 - 2015-04-10 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Estelar PDF Unlock Tool
2015-04-10 01:43 - 2015-04-10 01:43 - 00002003 _____ () C:\Users\Public\Desktop\A360 Desktop.lnk
2015-04-10 01:42 - 2015-04-10 01:42 - 00002084 _____ () C:\Users\Public\Desktop\Autodesk ReCap 2016.lnk
2015-04-10 01:42 - 2015-04-10 01:42 - 00000000 ____D () C:\ProgramData\FARO
2015-04-10 01:41 - 2015-04-10 01:41 - 00002098 _____ () C:\Users\Public\Desktop\AutoCAD 2016 - English.lnk
2015-04-10 01:36 - 2015-04-20 23:58 - 00036602 _____ () C:\Windows\DirectX.log
2015-04-10 00:25 - 2014-03-04 20:43 - 00028672 _____ () C:\Windows\SysWOW64\nnr.dll
2015-04-10 00:23 - 2015-04-10 00:18 - 00002530 _____ () C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
2015-04-10 00:23 - 2015-04-10 00:17 - 00003065 _____ () C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk
2015-04-10 00:23 - 2015-04-10 00:17 - 00003062 _____ () C:\Users\Public\Desktop\Corel CAPTURE X7 (64-Bit).lnk
2015-04-10 00:23 - 2015-04-10 00:17 - 00003047 _____ () C:\Users\Public\Desktop\Corel DESIGNER X7 (64-Bit).lnk
2015-04-10 00:23 - 2015-04-10 00:17 - 00003017 _____ () C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2015-04-10 00:23 - 2015-04-10 00:17 - 00002350 _____ () C:\Users\Public\Desktop\Corel CONNECT X7 (64-Bit).lnk
2015-04-10 00:22 - 2015-04-10 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lattice3D Player 64-bit Edition
2015-04-10 00:19 - 2015-04-27 13:52 - 00001974 _____ () C:\Users\Public\Desktop\Lattice3D Studio Corel Edition x64.lnk
2015-04-10 00:19 - 2015-04-10 00:22 - 00000000 ____D () C:\Program Files\Lattice
2015-04-10 00:18 - 2015-04-10 00:18 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2015-04-10 00:18 - 2015-04-10 00:18 - 00000000 ____D () C:\Program Files\Common Files\Corel
2015-04-10 00:17 - 2015-04-10 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Technical Suite X7 (64-bit)
2015-04-10 00:16 - 2015-04-10 00:16 - 00000000 ____D () C:\Program Files\Corel
2015-04-09 21:00 - 2015-04-09 21:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\NexusFont
2015-04-09 21:00 - 2015-04-09 21:00 - 00001015 _____ () C:\Users\Public\Desktop\NexusFont.lnk
2015-04-09 21:00 - 2015-04-09 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NexusFont
2015-04-09 21:00 - 2015-04-09 21:00 - 00000000 ____D () C:\Program Files (x86)\NexusFont
2015-04-09 13:11 - 2015-04-24 01:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-04-05 16:10 - 2015-04-05 16:10 - 00292680 _____ () C:\Windows\Minidump\040515-32401-01.dmp
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 01:53 - 2015-04-03 21:49 - 00000000 ____D () C:\Users\Administrator\Desktop\slidea
2015-04-05 00:19 - 2015-04-27 13:52 - 00002026 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-04-05 00:19 - 2015-04-27 13:52 - 00001966 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-04-05 00:19 - 2015-04-05 00:19 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-04-05 00:19 - 2015-04-05 00:19 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-05 00:19 - 2015-04-05 00:19 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-05 00:19 - 2015-04-05 00:19 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-04 15:18 - 2015-03-16 09:00 - 00000000 ____D () C:\Users\Administrator\Desktop\mrdoob-three.js-f73593b
2015-04-02 12:54 - 2015-04-02 16:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AVG Web TuneUp
2015-04-02 12:54 - 2015-04-02 12:54 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-04-02 12:54 - 2015-04-02 12:54 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-04-02 12:54 - 2015-04-02 12:54 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-04-02 12:54 - 2015-04-02 12:54 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-04-02 12:27 - 2015-04-02 12:27 - 00292616 _____ () C:\Windows\Minidump\040215-33899-01.dmp
2015-04-02 12:16 - 2015-04-09 12:24 - 00000242 _____ () C:\Windows\SysWOW64\userawacs.cfg
2015-04-02 03:52 - 2015-04-02 03:52 - 00000624 _____ () C:\Users\Administrator\Desktop\Data Safe.lnk
2015-04-02 03:26 - 2015-04-02 03:26 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2015
2015-04-02 03:25 - 2015-04-27 13:52 - 00000928 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-02 03:25 - 2015-04-09 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-02 03:25 - 2015-04-02 03:25 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2015-04-02 03:24 - 2015-04-17 20:56 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-02 03:24 - 2015-04-02 03:24 - 00000000 ___HD () C:\$AVG
2015-04-02 03:23 - 2015-05-01 21:29 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-02 03:23 - 2015-04-02 03:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2015
2015-04-02 03:23 - 2015-04-02 03:23 - 00000000 ____D () C:\Users\Administrator\AppData\Local\MFAData
2015-04-01 23:23 - 2015-04-01 23:23 - 00000000 ____D () C:\Users\Administrator\Tracing
2015-04-01 22:06 - 2015-04-01 22:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\4kdownload.com
2015-04-01 21:58 - 2015-04-01 21:58 - 00001256 _____ () C:\Users\Administrator\Desktop\4K Video Downloader.lnk
2015-04-01 21:58 - 2015-04-01 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2015-04-01 21:58 - 2015-04-01 21:58 - 00000000 ____D () C:\Program Files (x86)\4KDownload
2015-04-01 21:05 - 2015-04-05 16:10 - 965513954 _____ () C:\Windows\MEMORY.DMP
2015-04-01 21:05 - 2015-04-01 21:05 - 00292632 _____ () C:\Windows\Minidump\040115-19812-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-01 21:58 - 2014-11-25 21:34 - 00000552 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 21:33 - 2014-11-22 18:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2015-05-01 21:32 - 2014-12-17 02:28 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-05-01 21:18 - 2014-11-22 11:23 - 01233159 _____ () C:\Windows\WindowsUpdate.log
2015-05-01 18:58 - 2014-11-25 21:34 - 00000548 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 12:16 - 2009-07-14 12:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 12:16 - 2009-07-14 12:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 12:12 - 2011-04-12 22:46 - 00384014 _____ () C:\Windows\system32\prfh0804.dat
2015-05-01 12:12 - 2011-04-12 22:46 - 00120508 _____ () C:\Windows\system32\prfc0804.dat
2015-05-01 12:12 - 2009-07-14 13:13 - 01283240 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-01 12:07 - 2015-03-30 23:11 - 00026328 _____ () C:\Windows\PFRO.log
2015-05-01 12:07 - 2015-03-30 12:21 - 00006610 _____ () C:\Windows\setupact.log
2015-05-01 12:07 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-01 10:34 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-01 10:33 - 2015-03-13 23:01 - 00000000 ____D () C:\Program Files (x86)\Hide ALL IP
2015-05-01 10:33 - 2014-11-25 13:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\FirefoxToolbar
2015-05-01 10:33 - 2014-11-22 11:26 - 00000000 ____D () C:\Users\Administrator
2015-05-01 10:17 - 2014-12-09 13:10 - 00000000 ___RD () C:\Users\Administrator\Dropbox
2015-05-01 10:17 - 2014-12-09 12:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dropbox
2015-05-01 01:24 - 2015-02-15 12:54 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-30 07:48 - 2014-11-22 11:24 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\激活工具
2015-04-30 07:48 - 2014-11-22 11:24 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\激活工具
2015-04-29 20:01 - 2015-02-12 18:47 - 00000372 _____ () C:\Windows\Tasks\RegInOut Scheduled Scan - Administrator.job
2015-04-29 18:43 - 2015-02-12 18:47 - 00003258 _____ () C:\Windows\System32\Tasks\RegInOut Scheduled Scan - Administrator
2015-04-29 18:43 - 2015-02-12 18:47 - 00000000 ____D () C:\Program Files (x86)\RegInOut
2015-04-29 10:30 - 2014-12-09 13:10 - 00001003 _____ () C:\Users\Administrator\Desktop\Dropbox.lnk
2015-04-29 10:30 - 2014-12-09 13:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-29 00:42 - 2015-02-12 19:11 - 00000000 ____D () C:\ProgramData\Backup
2015-04-29 00:32 - 2015-02-12 19:13 - 00000697 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml
2015-04-28 23:07 - 2014-11-22 11:24 - 00002204 _____ () C:\Users\Default\Desktop\激活工具.lnk
2015-04-28 23:07 - 2014-11-22 11:24 - 00002204 _____ () C:\Users\Default User\Desktop\激活工具.lnk
2015-04-28 08:49 - 2009-07-14 12:45 - 05763632 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-27 23:20 - 2015-03-08 14:46 - 00000000 ____D () C:\Users\Administrator\Desktop\oncore powerpoint presentation
2015-04-27 16:02 - 2014-11-22 11:26 - 00271344 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-26 21:17 - 2014-07-17 15:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-26 21:17 - 2014-07-17 15:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-26 01:33 - 2014-11-23 18:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-04-24 22:57 - 2015-03-25 00:47 - 00000000 ____D () C:\Users\Administrator\Desktop\nietzsche template
2015-04-24 22:41 - 2015-02-28 22:43 - 00000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-04-24 16:57 - 2014-11-25 14:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 03:02 - 2014-11-23 18:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-24 03:01 - 2014-11-23 18:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-24 02:04 - 2014-11-23 16:26 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 23:59 - 2014-12-16 19:38 - 00001526 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2015-04-20 23:54 - 2014-11-23 18:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-20 23:54 - 2014-11-22 13:57 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-04-19 21:28 - 2014-11-23 19:48 - 00000034 _____ () C:\Users\Administrator\AppData\Roaming\AdobeWLCMCache.dat
2015-04-19 10:16 - 2014-11-23 16:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Autodesk
2015-04-19 10:16 - 2014-11-23 16:21 - 00000000 ____D () C:\ProgramData\Autodesk
2015-04-19 10:15 - 2014-11-23 16:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Autodesk
2015-04-19 10:14 - 2014-11-23 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-04-19 10:11 - 2014-11-23 16:39 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2015-04-19 10:11 - 2014-11-23 16:39 - 00000000 ____D () C:\Program Files\Autodesk
2015-04-16 13:41 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 04:43 - 2014-11-25 16:42 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 04:31 - 2014-11-25 16:42 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 04:30 - 2014-11-25 16:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-16 03:14 - 2014-11-23 16:25 - 01278396 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 03:11 - 2014-11-25 23:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 03:04 - 2009-07-14 10:34 - 00000580 _____ () C:\Windows\win.ini
2015-04-10 19:23 - 2015-03-01 00:43 - 00000000 ____D () C:\Users\Administrator\Desktop\mcoloso website
2015-04-10 01:43 - 2014-11-23 16:39 - 00000000 ____D () C:\Program Files (x86)\Autodesk
2015-04-10 01:32 - 2014-11-25 10:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-10 01:32 - 2014-11-23 19:05 - 00000000 ____D () C:\Autodesk
2015-04-10 01:26 - 2014-11-23 17:45 - 00000000 ____D () C:\ProgramData\Corel
2015-04-10 00:25 - 2014-11-23 17:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Corel
2015-04-07 03:05 - 2015-01-09 16:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2015-04-06 23:30 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-05 16:11 - 2015-01-04 02:22 - 00000000 ____D () C:\Windows\Minidump
2015-04-05 13:51 - 2015-02-15 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-05 00:19 - 2015-02-15 12:54 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-05 00:19 - 2015-02-15 12:54 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-05 00:19 - 2015-02-15 12:54 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-05 00:19 - 2015-02-15 12:54 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-05 00:19 - 2015-02-15 12:54 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-05 00:19 - 2015-02-15 12:54 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-05 00:19 - 2015-02-15 12:54 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-05 00:19 - 2015-02-15 12:54 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 10:03 - 2014-11-25 10:59 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2015-04-03 21:54 - 2015-03-06 21:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-02 04:06 - 2014-12-08 20:09 - 00000000 ____D () C:\Program Files\Lumion 5.0
2015-04-02 03:23 - 2014-12-02 22:36 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-01 23:22 - 2015-01-09 16:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-01 23:22 - 2015-01-09 16:19 - 00000000 ____D () C:\ProgramData\Skype
2015-04-01 11:16 - 2014-07-07 09:52 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-02-28 22:43 - 2015-04-24 22:41 - 0000132 _____ () C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-11-23 19:48 - 2015-04-19 21:28 - 0000034 _____ () C:\Users\Administrator\AppData\Roaming\AdobeWLCMCache.dat
2015-03-26 22:56 - 2015-03-26 22:56 - 0000015 _____ () C:\Users\Administrator\AppData\Roaming\PS12_panel.log
2015-01-28 10:41 - 2015-01-28 10:41 - 0000038 ___SH () C:\Users\Administrator\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-11-23 20:29 - 2014-11-23 20:29 - 181974983 _____ () C:\Users\Administrator\AppData\Local\ACCCx2_8_1_451.zip.aamdownload
2014-11-23 20:29 - 2014-11-23 20:29 - 0002129 _____ () C:\Users\Administrator\AppData\Local\ACCCx2_8_1_451.zip.aamdownload.aamd
2014-12-29 21:20 - 2014-12-29 21:45 - 0001456 _____ () C:\Users\Administrator\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-28 13:44 - 2015-02-24 00:34 - 0000600 _____ () C:\Users\Administrator\AppData\Local\PUTTY.RND
2015-02-12 19:26 - 2015-02-12 19:26 - 0006100 _____ () C:\ProgramData\InternetSettingsHistory.xml
2014-11-23 16:39 - 2014-11-23 16:39 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-02-12 19:13 - 2015-04-29 00:32 - 0000697 _____ () C:\ProgramData\SYSTEM_CLEANER_HISTORY.xml

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps_1ob5.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 09:32

==================== End Of Log ============================


I ran out of space..... please find addition .txt on my next post
artedesenyo
Active Member
 
Posts: 3
Joined: May 1st, 2015, 2:50 am

Re: redirecting to wpkg.org

Unread postby artedesenyo » May 1st, 2015, 10:33 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Administrator at 2015-05-01 21:58:19
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-277522947-664571070-3038148859-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-277522947-664571070-3038148859-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-277522947-664571070-3038148859-500\...\uTorrent) (Version: 3.4.2.36318 - BitTorrent Inc.)
4K Video Downloader 3.5 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.5.2.1655 - Open Media LLC)
A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe After Effects CC 2014.1.1 (HKLM-x32\...\Adobe After Effects CC 2014.1.1) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Edge Animate CC 2014 (HKLM-x32\...\Adobe Edge Animate CC 2014) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM\...\{AF6524CF-0CED-4B0B-91BF-5757F381E52B}) (Version: 2014.2.1.10 - Adobe Systems, Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Any Video Converter Professional 5.5.0 (HKLM-x32\...\Any Video Converter Professional_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aslain's XVM Mod version 4.2.44 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 4.2.44 - Aslain)
AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.0.630.0 - Autodesk)
Autodesk 3ds Max 2015 (Version: 17.0.630.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)
Autodesk 3ds Max Design 2015 (HKLM\...\Autodesk 3ds Max Design 2015) (Version: 17.0.630.0 - Autodesk)
Autodesk 3ds Max Design 2015 (Version: 17.0.630.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk BIM 360 Revit 2015 Add-in 64 bit (HKLM\...\{37E1C3A1-7DBF-4250-9314-46167B68383D}) (Version: 3.32.3357 - Autodesk)
Autodesk Civil View for 3ds Max Design 2015 64-bit (HKLM\...\{1C4FFAF0-5DBB-4F7A-A386-46747D060826}) (Version: 17.0.0.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk Ecotect Analysis 2011 (HKLM-x32\...\{8B820540-400F-4F11-976E-4ADE5C1AAB88}_is1) (Version: 2011 - Autodesk, Inc.)
Autodesk Ecotect Shared Components (x32 Version: 20.11.0 - Autodesk, Inc.) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max Design 2015 (HKLM\...\{D7DEFF4A-BB64-48CC-81AB-845BA62D6032}) (Version: 17.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2015 (HKLM-x32\...\{4FBC9635-AC56-4378-8FDE-C4D3ED072681}) (Version: 5.2.8.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
Autodesk Revit Architecture 2015 (HKLM\...\Autodesk Revit Architecture 2015) (Version: 15.0.136.0 - Autodesk)
Autodesk Revit Architecture Content Libraries 2015 (HKLM\...\Autodesk Revit Architecture Content Libraries 2015) (Version: 15.0.136.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.107.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.107.0 - Autodesk) Hidden
Autodesk Workflows 2015 (HKLM\...\{A90DD6F8-60D2-4803-AFF6-796400E73E1B}) (Version: 5.2.11.100 - Autodesk, Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.238 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.238 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
CCleaner, версия 4.14.4808 (HKLM-x32\...\{80BD3FC0-9C5F-4ADA-83C7-91DC8E24D0B2}_is1) (Version: 4.14.4808 - Salat Production)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
CDTS17_Setup_x64 (Version: 17.4 - Corel Corporation) Hidden
CMB FirmBank (HKLM-x32\...\FirmBank) (Version: - (C) China Mechants Bank)
Corel Graphics - Windows Shell Extension (HKLM\...\_{9DA7C2FD-AD83-4E2E-B9F2-9996749318E0}) (Version: 17.4.0.887 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.4.887 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.4.887 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Capture (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Common (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Common App (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Connect (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Custom Data (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - DE (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Designer (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Draw (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - EN (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Equation Editor (x32 Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Filters (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - FontNav (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - FR (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - IPM Content (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - IPM T (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - IPM XVL (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - PHOTO-PAINT (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Photozoom Plugin (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Redist (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Setup Files (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - VBA (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - VideoBrowser (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 - Writing Tools (x64) (Version: 17.4 - Corel Corporation) Hidden
CorelDRAW Technical Suite X7 (64-Bit) (HKLM\...\_{A4B5A413-B7CF-415F-8994-595DB2EFE848}) (Version: 17.4.0.887 - Corel Corporation)
DFX (HKLM-x32\...\DFX) (Version: 11.400.0.0 - Power Technology)
DNIWEbot 2.3.9 (HKLM-x32\...\{BE0EE349-4608-4BB7-A2E2-B73AB4DB7BBC}_is1) (Version: 2.3.9 - WarPack Team)
Dropbox (HKU\S-1-5-21-277522947-664571070-3038148859-500\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
Estelar PDF Unlock Tool (HKLM-x32\...\{F5E02016-3371-4958-985B-96F5A7A4691A}_is1) (Version: 4.2 - Estelar Software Inc.)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
FlippingBook Publisher Professional (HKLM-x32\...\FlippingBook Publisher Professional 2.2.28) (Version: 2.2.28 - FlippingBook)
FlippingBook Publisher Professional (x32 Version: 2.2.28 - FlippingBook) Hidden
Focusky 2.2 (HKLM-x32\...\Focusky_is1) (Version: 2.2 - Focusky Solution)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Earth (HKLM-x32\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hide ALL IP 2015.02.28 (HKLM-x32\...\{02FC1980-2123-451F-8CB7-C9B60BE40717}_is1) (Version: - www.hideallip.com)
HTML Compiler (HKLM-x32\...\{F64279EF-99C1-4B09-91DD-D33A6F9EF98D}_is1) (Version: - David Esperalta)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
keygen (HKLM-x32\...\{EE86B096-68AE-49DE-8B1B-688272}_is1) (Version: - )
KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.0 64 bit - Luxion ApS)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.133 - PandoraTV)
Lattice3D Player / Lattice3D Player Pro 64-bit Edition (HKLM-x32\...\{936575FE-E49B-4CE9-9934-0329727476C8}) (Version: 14.1a - Lattice Technology)
Lattice3D Studio Corel Edition x64 (HKLM-x32\...\{A7161767-5AFE-4725-9DB0-AED7FB5FBA40}) (Version: 2.0 - Lattice Technology)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{9A52C8BA-FF30-4983-8BC1-3D2FFCF7CEE9}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Video Pro X6 (HKLM\...\MX.{8937AA4E-F2E9-42E8-8D28-DE06BCA35954}) (Version: 13.0.3.24 - MAGIX AG)
MAGIX Video Pro X6 (Version: 13.0.3.24 - MAGIX AG) Hidden
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)语言包 - 简体中文 (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - CHS) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Movavi Video Suite 12 (HKLM-x32\...\Movavi Video Suite 12) (Version: 12.0.0 - Movavi)
Mozilla Firefox 37.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-GB)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-GB)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGATE Registry Cleaner (HKLM\...\NETGATE Registry Cleaner_is1) (Version: - NETGATE Technologies s.r.o.)
NexusFont 2.5 (ver 2.5.8.1582) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.81.34.0 - Overwolf Ltd.)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PageBreeze Free HTML Editor (HKLM-x32\...\PageBreeze Free HTML Editor) (Version: - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RegHunter (HKLM-x32\...\RegHunter) (Version: 1.3.3.1613 - Enigma Software Group, LLC)
RegInOut System Utilities (HKLM-x32\...\RegInOut System Utilities_is1) (Version: 4.0 - SORCIM Technologies Pvt Ltd)
Revit Architecture 2015 (Version: 15.0.136.0 - Autodesk) Hidden
Revit Architecture 2015 Language Pack - English (Version: 15.0.136.0 - Autodesk) Hidden
Revit Architecture Content Libraries 2015 (Version: 15.0.136.0 - Autodesk) Hidden
Rhinoceros 5 (64-bit) (HKLM\...\{63413335-F0C8-4EAF-853D-599D810E0451}) (Version: 5.6.31009.15315 - Robert McNeel & Associates)
Rhinoceros 5 (HKLM-x32\...\{F2FABDAB-8FAC-41FC-A834-126F0FCD6DEC}) (Version: 5.6.31009.15315 - Robert McNeel & Associates)
Rhinoceros 5 Help Media (HKLM-x32\...\{BB5C93E7-1CC1-4628-9EFC-A521B65EBFF4}) (Version: 5.6.30815.20365 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (en-US) (HKLM-x32\...\{AD2551C7-033D-47EA-95F7-6437C87C716A}) (Version: 5.6.31009.15315 - Robert McNeel & Associates)
RhinoThearos Exporter 1.0 (HKLM\...\RhinoThearos) (Version: - )
Runtime VS2005 SP1 CRT 6195 (x32 Version: 0 - Lattice Technology Co.,Ltd.) Hidden
Runtime VS2005 SP1 MFC 6195 (x32 Version: 0 - Lattice Technology Co.,Ltd.) Hidden
Runtime VS2005 SP1 x64 All 6195 (x32 Version: 0 - Lattice Technology Co.,Ltd.) Hidden
Runtime VS2005 SP1 x64 CRT 762 (x32 Version: 0 - Lattice Technology Co.,Ltd.) Hidden
Runtime VS2005 SP1 x64 OpenMP 762 (x32 Version: 0 - Lattice Technology Co.,Ltd.) Hidden
Runtime VS2008 x64 CRT 1 (x32 Version: 0 - Lattice Technology Co.,Ltd.) Hidden
Runtime_MSI_VS2005_SP1_CRT_6195 (x32 Version: 1.00.0000 - Your Company Name) Hidden
Runtime_MSI_VS2005_SP1_MFC_6195 (x32 Version: 1.00.0000 - Your Company Name) Hidden
Runtime_MSI_VS2005_SP1_MFCLOC_6195 (x32 Version: 1.00.0000 - Lattice Technology) Hidden
Runtime_MSI_VS2005_SP1_x64_CRT_6195 (Version: 1.00.0000 - Your Company Name) Hidden
Runtime_MSI_VS2005_SP1_x64_MFC_6195 (Version: 1.00.0000 - Your Company Name) Hidden
Runtime_MSI_VS2005_SP1_x64_MFCLOC_6195 (Version: 1.00.0000 - Lattice Technology) Hidden
Screen Split (HKLM-x32\...\{7F0C2357-33B0-4408-A9AD-A7623FAA22B1}) (Version: 6.34 - LG Electronics Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
SpyHunter (HKLM-x32\...\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}) (Version: 4.15.1.4270 - Enigma Software Group USA, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Texas Instruments TUSB3410 drivers. (HKLM-x32\...\InstallShield_{FA66245E-0E77-40D5-94A4-CB7AB753034F}) (Version: 6.5.9019.1 - Texas Instruments Inc.)
Thea Render (HKLM\...\TheaRender) (Version: 1.3 - Solid Iris Technologies)
Total War - Attila (Update to v1.2) (HKLM-x32\...\Total War - Attila (Update to v1.2)_is1) (Version: - )
Total War: Attila (HKLM-x32\...\Total War: Attila_is1) (Version: - )
TUSB3410 (x32 Version: 6.5.9019.1 - Texas Instruments Inc.) Hidden
UnionPay Security Control for non-IE 3.0.0.2 (HKLM-x32\...\UnionPay Security Control for non-IE) (Version: 1.0.0.7 - China UnionPay)
Unity (HKLM-x32\...\Unity) (Version: 4.6.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-277522947-664571070-3038148859-500\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Universal Viewer Pro version 6.5.6.2 (HKLM-x32\...\Universal Viewer Pro_is1) (Version: 6.5.6.2 - UVViewSoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Vertus Fluid Mask 3 3.3.12 (HKLM-x32\...\vertusFluidMask3) (Version: 3.3.12 - )
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
V-Ray for 3dsmax 2015 for x64 (HKLM\...\V-Ray for 3dsmax 2015 for x64) (Version: 3.00.07 - Chaos Software Ltd)
V-Ray for Rhinoceros 5 x64 adv (HKLM-x32\...\V-Ray for Rhinoceros 5 x64 adv 2.00.23938) (Version: 2.00.23938 - Chaos Software, Ltd)
V-Ray for SketchUp adv (HKLM-x32\...\V-Ray for SketchUp adv 2.00.25244) (Version: 2.00.25244 - Chaos Software, Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.10w2 - Wacom Technology Corp.)
WarPack 0.8.9 (HKLM-x32\...\{9C076DD8-F898-4CE0-B869-AD4D664378CC}_is1) (Version: 0.8.9 - WarPack Team)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-277522947-664571070-3038148859-500\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812ASIA}_is1) (Version: - Wargaming.net)
Xilisoft PowerPoint to Video Converter Business (HKLM-x32\...\Xilisoft PowerPoint to Video Converter Business) (Version: 1.1.1.20120601 - Xilisoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
YouTube Downloader Pro YTD 4.8.1.0 Final (HKLM-x32\...\YouTube Downloader Pro YTD 4.8.1.0 Final4.8.1.0) (Version: 4.8.1.0 - Friends in War)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
坦克世界 最新版 v.0.9.5 (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version: - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-277522947-664571070-3038148859-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

17-04-2015 07:05:52 Windows Update
17-04-2015 21:46:29 Windows Update
19-04-2015 03:00:11 Windows Update
19-04-2015 10:03:37 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
19-04-2015 10:03:54 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
19-04-2015 10:04:24 Installed DirectX
19-04-2015 10:08:09 Installed Autodesk 3ds Max 2015
19-04-2015 20:36:39 Windows Update
20-04-2015 03:00:11 Windows Update
20-04-2015 14:24:34 Windows Update
20-04-2015 23:53:39 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
20-04-2015 23:54:19 Installed DirectX
20-04-2015 23:57:29 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
20-04-2015 23:58:02 Installed DirectX
21-04-2015 01:15:39 Windows Update
22-04-2015 03:00:11 Windows Update
22-04-2015 06:53:41 Windows Update
23-04-2015 03:00:10 Windows Update
23-04-2015 04:19:07 Windows Update
24-04-2015 02:04:21 Office Mix
24-04-2015 03:00:11 Windows Update
24-04-2015 04:24:53 Windows Update
25-04-2015 03:00:13 Windows Update
25-04-2015 03:14:24 Windows Update
25-04-2015 11:14:23 Windows Update
26-04-2015 03:00:13 Windows Update
26-04-2015 04:51:17 Windows Update
26-04-2015 19:59:28 Windows Update
27-04-2015 03:00:13 Windows Update
27-04-2015 14:40:07 Windows Update
27-04-2015 23:40:22 Windows Update
28-04-2015 00:58:37 Windows Update
28-04-2015 01:00:58 Windows Update
28-04-2015 01:45:18 Windows Update
28-04-2015 22:55:39 Installed SpyHunter
28-04-2015 22:58:18 Removed SpyHunter
28-04-2015 22:59:23 Installed SpyHunter
28-04-2015 22:59:34 Windows Update
28-04-2015 23:06:21 Removed SpyHunter
28-04-2015 23:11:01 Installed SpyHunter
29-04-2015 01:11:09 Removed SpyHunter
29-04-2015 03:00:11 Windows Update
29-04-2015 04:58:07 Windows Update
29-04-2015 18:22:54 Installed SpyHunter
30-04-2015 08:28:20 Windows Update
01-05-2015 03:00:11 Windows Update
01-05-2015 03:43:30 Windows Update
01-05-2015 10:28:04 Windows Update
01-05-2015 10:31:15 Windows Update
01-05-2015 11:11:15 Windows Update
01-05-2015 11:13:55 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2015-04-28 23:11 - 00008751 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 na2m-pr.licenses.adobe.com
127.0.0.1 na4r.services.adobe.com
127.0.0.1 ims-na1-prprod.adobelogin.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.de
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.de
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.de
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.de
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com

There are 148 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01D6C70F-D0FB-4D46-88B1-494D2D5BF2F1} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {10E23787-A816-4C79-AAFA-515B04CBE7FA} - System32\Tasks\{1932D723-BDE7-479A-A639-1BAA4A563B9B} => pcalua.exe -a D:\用户目录\下载\safeeditinstall(1).exe -d D:\用户目录\下载
Task: {1B38F3D9-95DE-4CA5-BA2C-E59AABBA9C26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: {1B5ACE31-BBCB-4A74-B502-5F3DB7531157} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12] (Adobe Systems Incorporated)
Task: {1DC29CE5-013B-4D18-8635-28A070F72A97} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-10-22] (Overwolf LTD)
Task: {3C28C749-80BD-4C57-903B-C3E515A1DC99} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {4EB7C8FE-D8BD-4356-872C-F20E1D34A2A8} - System32\Tasks\{80FE04E6-939D-443C-AF34-620878A022AA} => pcalua.exe -a D:\用户目录\下载\vcredist_x64.exe -d D:\用户目录\下载
Task: {4F6949F4-382F-4B8E-A71E-58213F2C5B52} - System32\Tasks\RegInOut Scheduled Scan - Administrator => C:\Program Files (x86)\RegInOut\RegInOut.exe
Task: {57A27355-18A4-4DD4-98B7-B065CB353D16} - System32\Tasks\{CA70EAB5-177B-47DE-AE09-52906C8E7EB6} => pcalua.exe -a D:\用户目录\下载\SoundMAX2000B_Audio_V610X6585_Windows7\SoundMAX2000B_Audio_V610X6585_Windows7\setup.exe -d D:\用户目录\下载\SoundMAX2000B_Audio_V610X6585_Windows7\SoundMAX2000B_Audio_V610X6585_Windows7
Task: {588AE69F-B397-48A9-B7C3-0D842D828987} - System32\Tasks\{8A023B78-9605-45E3-BABC-F9A00D29E26A} => pcalua.exe -a C:\Users\Administrator\Desktop\NPSafeEditInstall.exe -d C:\Users\Administrator\Desktop
Task: {5CC51C94-9AFA-4383-843B-C1774C3D0DB1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: {5E1CF1B9-46FF-4C38-9946-5693F69E38C4} - System32\Tasks\avastBCLRestartS-1-5-21-277522947-664571070-3038148859-500 => Firefox.exe
Task: {622D1E6A-60A7-4972-9E4C-40855642E567} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {65E9046D-ACC3-4DE1-ABC3-2A85330324C4} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10] (Oracle Corporation)
Task: {68F05CAA-08DA-4C45-864E-ADC5180732B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6D328C7F-FDD3-40B2-ABC4-F0D96C9D57F5} - System32\Tasks\{492D42E8-838A-4FB8-89F9-D56C60E2B177} => pcalua.exe -a D:\用户目录\下载\vcredist_x86.exe -d D:\用户目录\下载
Task: {825041D0-C53B-404C-BD50-0BB3C4FA1ED8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {84AA0A73-152C-4CB6-B62E-17CF7BE18451} - System32\Tasks\{478D5774-ABF9-46F1-86FE-B80DC2FC4243} => pcalua.exe -a "D:\用户目录\下载\Hotdoor CADtools v8.2.0 AI Win\Install Hot Door CADtools.exe" -d "D:\用户目录\下载\Hotdoor CADtools v8.2.0 AI Win"
Task: {8CBA2579-722D-401E-A556-4FD96193B400} - System32\Tasks\{1D1EA37B-C8D1-418E-B106-A2FC43E1C805} => pcalua.exe -a D:\用户目录\下载\SafeEditInstall.exe -d D:\用户目录\下载
Task: {99DA8882-1B3D-4A28-8A1E-643313E477C7} - System32\Tasks\{6B73E6D8-C9D0-4AC2-84EB-B6CD355E84A8} => pcalua.exe -a D:\用户目录\下载\dxwebsetup(1).exe -d D:\用户目录\下载
Task: {9C61614E-3C65-46B3-9177-45785B2B3B3A} - System32\Tasks\{C2F22291-25B3-44AE-A727-1236472C5D76} => pcalua.exe -a D:\用户目录\下载\dotnetfx35.exe -d D:\用户目录\下载
Task: {9E0FCC7F-05B9-48A2-B1CD-FB9EF336C6E6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-05] (Avast Software s.r.o.)
Task: {9E14B46B-F1B0-492D-ADD5-E33E07C23A06} - System32\Tasks\{CD59BBF6-FA6B-42B0-B508-1ED2FA7CF203} => pcalua.exe -a D:\用户目录\下载\dotnetfx35(1).exe -d D:\用户目录\下载
Task: {A4738BBE-EBF7-4EA9-8B37-BC7BE3EE56E8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A4DAFDF2-DA9D-4077-8E5A-45A7213B1096} - System32\Tasks\AdobeAAMUpdater-1.0-DARPANET-MAC01-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {A6779F6D-5DB2-4A78-925D-002F2BDC4596} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A9E9C956-EAD2-486D-8C01-CBB03D4541C3} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-11-24] (AVG Technologies)
Task: {B31ED2E6-1F36-478A-A669-6D055612E04E} - System32\Tasks\{55AF1953-4ACE-4D28-A649-BB6DC48950E2} => pcalua.exe -a C:\Users\Administrator\Desktop\IMSM_V8901023\Driver\AsusSetup.exe -d C:\Users\Administrator\Desktop\IMSM_V8901023\Driver
Task: {B7B2A2A6-5A3D-42CD-A5FE-A4F97D2074E6} - System32\Tasks\Google Update Services => C:\Program Files\Google\GoogleUpdate.exe
Task: {C75A92BB-0F4F-44B1-8C72-F13A62FD6FB4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C811032F-0E47-41D6-9FFA-97DB5AD27D35} - System32\Tasks\{6FA65020-AEDD-4F3E-B1F0-63B57318A820} => pcalua.exe -a D:\用户目录\下载\VisualBasicPowerPacksSetup.exe -d D:\用户目录\下载
Task: {C8DE6C81-9576-48F8-A378-A58EA237012C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E8585499-B396-4919-B318-165ECFFA40EB} - System32\Tasks\{67C34AB9-B12E-4F31-A607-827CC420C7FE} => pcalua.exe -a C:\dotnetfx35.exe -d C:\
Task: {ED13862C-D2FD-4E28-A2DE-6E7CCBC09A6E} - System32\Tasks\{92B4B640-913D-4E86-8438-27F448D33048} => pcalua.exe -a C:\Users\Administrator\Desktop\IMSM_V8901023\Install\AsusSetup.exe -d C:\Users\Administrator\Desktop\IMSM_V8901023\Install
Task: {FC4E59D5-F673-446B-875F-927EDE3CFFB3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FD4D6035-C25A-4A99-B7D6-1234E54CC89F} - System32\Tasks\{17FCFF72-2661-409B-9C37-20A83B31E9B7} => pcalua.exe -a "D:\用户目录\下载\RegInOut System Utilities V3.0.0.2 {Precracked} {blaze69}\reginout_setup.exe" -d "D:\用户目录\下载\RegInOut System Utilities V3.0.0.2 {Precracked} {blaze69}"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegInOut Scheduled Scan - Administrator.job => C:\Program Files (x86)\RegInOut\RegInOut.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-02 12:54 - 2015-04-02 12:54 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-11-22 11:27 - 2014-01-13 18:52 - 00426824 _____ () C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.2.0.46\bdsg0002.dll
2014-12-16 07:00 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-11-24 12:48 - 2014-11-24 12:48 - 00713528 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-04-02 12:54 - 2015-04-02 12:54 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-01 10:28 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-06-27 18:10 - 2014-06-27 18:10 - 02590544 _____ () C:\Windows\system32\shellfire.dll
2014-05-12 17:49 - 2014-05-12 17:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-04-02 12:54 - 2015-04-02 12:54 - 03033112 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-11-24 12:49 - 2014-11-24 12:49 - 00856888 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2015-02-28 10:21 - 2015-02-28 10:21 - 01282008 _____ () C:\Program Files (x86)\DFX\DFX.exe
2015-03-14 20:38 - 2015-03-31 12:54 - 00772464 _____ () C:\Program Files (x86)\Hide ALL IP\networktunnelx64helper.exe
2014-11-30 17:22 - 2014-11-05 02:49 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-02-28 10:14 - 2015-02-28 10:14 - 00130520 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2015-02-28 10:18 - 2015-02-28 10:18 - 00131544 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2015-02-28 10:48 - 2015-02-28 10:48 - 00048088 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2015-03-14 20:38 - 2013-07-17 09:41 - 00204144 _____ () C:\Program Files (x86)\Hide ALL IP\networkdllx64_l.dll
2015-03-14 20:38 - 2015-01-15 11:27 - 01193840 _____ () C:\Program Files (x86)\Hide ALL IP\networkdllx64.dll
2015-04-05 00:19 - 2015-04-05 00:19 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-05 00:19 - 2015-04-05 00:19 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-01 01:24 - 2015-05-01 01:24 - 02926592 _____ () C:\Program Files\AVAST Software\Avast\defs\15043001\algo.dll
2015-04-02 12:54 - 2015-04-02 12:54 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-14 20:38 - 2001-07-26 14:17 - 00692224 _____ () C:\Program Files (x86)\Hide ALL IP\libeay32.dll
2015-05-01 12:24 - 2015-05-01 12:24 - 00043008 _____ () c:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps_1ob5.dll
2015-03-05 05:45 - 2015-03-05 05:45 - 00750080 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 05:45 - 2015-03-05 05:45 - 00047616 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 05:45 - 2015-03-05 05:45 - 00865280 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 05:45 - 2015-03-05 05:45 - 00200704 _____ () C:\Users\Administrator\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-06 10:23 - 2015-03-06 10:23 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-02 12:54 - 2015-04-02 12:54 - 01711128 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-04-02 12:54 - 2015-04-02 12:54 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2015-02-28 10:43 - 2015-02-28 10:43 - 00049112 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2015-05-01 12:24 - 2014-12-05 10:27 - 00104328 _____ () C:\Users\Administrator\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:D282699C

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-277522947-664571070-3038148859-500\...\Break.com -> Break.com
IE restricted site: HKU\S-1-5-21-277522947-664571070-3038148859-500\...\clip.vn -> clip.vn
IE restricted site: HKU\S-1-5-21-277522947-664571070-3038148859-500\...\Dailymotion.com -> Dailymotion.com
IE restricted site: HKU\S-1-5-21-277522947-664571070-3038148859-500\...\video.google.com -> video.google.com
IE restricted site: HKU\S-1-5-21-277522947-664571070-3038148859-500\...\Vimeo.com -> Vimeo.com
IE restricted site: HKU\S-1-5-21-277522947-664571070-3038148859-500\...\youku.com -> youku.com
IE restricted site: HKU\S-1-5-21-277522947-664571070-3038148859-500\...\youtube.com -> youtube.com
IE restricted site: HKU\S-1-5-21-277522947-664571070-3038148859-500\...\zing.vn -> zing.vn

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-277522947-664571070-3038148859-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: BDSGRTP => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PPTV.lnk => C:\Windows\pss\PPTV.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Prerun FlippingBook Publisher Professional Printer.lnk => C:\Windows\pss\Prerun FlippingBook Publisher Professional Printer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrueColorFinder.lnk => C:\Windows\pss\TrueColorFinder.lnk.CommonStartup
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: PPAP => "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" -background
MSCONFIG\startupreg: PPS Accelerator => D:\PPS.tv\PPStream\\PPSKernel.exe
MSCONFIG\startupreg: QQ2009 => "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [TCP Query User{1E780C68-5F25-4F8D-8389-86DA4ED35727}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{1BA1F39F-1113-4431-9536-A755EFC458FE}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{AC7B15A0-51CF-4004-9A0C-FD1C058D0948}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe
FirewallRules: [{E382D5AE-A471-4D60-A3A8-07DDCB20FD19}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe
FirewallRules: [{9BC867FF-C21F-48CD-836B-9758924BEBDA}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{72764554-2790-4444-942E-8162AB326876}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{BD302380-8B44-4C09-AACA-607F44BE6CCC}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.3.0059\PluginInstaller.exe
FirewallRules: [{FC9F3DFF-D94B-4EFD-A763-627FFC403446}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.3.0059\PluginInstaller.exe
FirewallRules: [{3DF9D405-11DE-499E-BB36-30BE4E420CF1}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DB697061-4D1A-4F46-A8E9-0688566F1AA9}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{478C4994-A1BD-4432-B6F5-5EA8559A5F76}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F7CAE102-26E8-4F17-9AE4-A4649550D727}] => (Allow) LPort=50248
FirewallRules: [{8591C48D-7F59-4D65-A246-365D1F1FCD97}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{91125F5D-F33E-44FD-BB2E-9A6333BC2C2F}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{5BBFF70F-FE85-4490-870B-F1FBBB500473}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{3EE55F88-EDD1-47AC-9C39-BE71F0225274}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{59944B5D-86A7-495B-9A3A-D2D96C9D848A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F1C5BC43-F228-4E9D-9728-40EE34854845}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EE1688FC-90B9-47A6-9F94-8FF7552389CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{45F3FF4A-AF18-4E7C-BF87-2A2E0C6FFEB3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BFD589E8-19EB-4902-90A9-FB3142EDE6FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\outlook.exe
FirewallRules: [{0C3C56C8-BBF9-449A-B624-83D5E8484014}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{77EE3131-31F6-4AE4-BBE8-2BF9C5D1E61E}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [TCP Query User{842D3092-327D-4B6C-A30C-828409406941}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{565B61CA-C21D-4675-A297-0AD6CF5BF33E}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{73524920-AEA1-4F83-B18A-A1973C3D48BF}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{921E7FF5-1750-4E97-8665-F0F63376034A}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{A24969DE-D2AB-4F9B-BC4A-9E174A9310B9}C:\program files (x86)\sketchup\sketchup 2014\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2014\sketchup.exe
FirewallRules: [UDP Query User{148A138F-226A-4AE2-A74D-9C5C650E9D5D}C:\program files (x86)\sketchup\sketchup 2014\sketchup.exe] => (Block) C:\program files (x86)\sketchup\sketchup 2014\sketchup.exe
FirewallRules: [{04589645-3AD2-4094-8B83-20D1E3BBBBE6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{06FE21CC-5702-43A2-A40E-D70ECC6C8B23}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Block) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe
FirewallRules: [UDP Query User{B1F1918B-B3AD-45D9-A6C6-75C0A8CC07DA}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Block) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe
FirewallRules: [{2CD46859-D7D8-417D-B823-8D467EAFCF55}] => (Allow) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7D265CED-65DB-42F1-873D-1750E0E435D1}] => (Allow) C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{018731C1-E4B6-4EB6-AB9D-E89105019E43}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3FFE64C6-A4D7-471F-8416-63FC937BA7A8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6740FF8D-990D-48AF-8584-43ABDADC090E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E16DC2CA-FA46-4B08-84D1-1EE308AA72DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3AF274B4-3744-404F-92D4-B9B548C54728}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EF27DD47-A4DA-4043-84EF-1AED64883798}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{88D9035C-D354-4921-9824-4D773DE3A6DF}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Block) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [UDP Query User{BADEC791-8DDC-4CF5-99A9-1D013F0C54A8}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Block) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [TCP Query User{6DB5483C-04CC-4BD5-B131-BA468469655D}L:\fg742p.exe] => (Allow) L:\fg742p.exe
FirewallRules: [UDP Query User{BFCCF40B-CF4F-4042-BAE4-B5B5FA2AA135}L:\fg742p.exe] => (Allow) L:\fg742p.exe
FirewallRules: [TCP Query User{5F633613-BBAE-432F-82D9-BFF61DE8D7AE}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{64E1A842-F677-4B19-9D7A-A2496F4E34B7}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [{125DBBE5-6A51-4CFB-A47B-39A283C39970}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot5.exe
FirewallRules: [{2D8EEFA2-ACF4-486A-B06B-773AC52F7B55}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{E68846B2-21F1-407F-A0D1-35D587024061}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{8699FDD6-2C0F-4166-BD67-571A98D2D570}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{850BF2F1-3C7F-48EC-AF28-FAE3F7B3A94B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{989A8B33-6F13-4888-9B44-D4BD569F0E47}C:\games\world_of_tanks_china\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_china\wotlauncher.exe
FirewallRules: [UDP Query User{665F1265-0E25-4F0A-A0BF-538E4BC816EA}C:\games\world_of_tanks_china\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_china\wotlauncher.exe
FirewallRules: [{3819E415-A49F-4E1D-B752-E3E84947769D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B2F8619A-7475-4817-B1FE-8B72075775FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8AB00C3F-56A2-45F7-89B4-32D764376B39}C:\program files\thea render\thea.exe] => (Block) C:\program files\thea render\thea.exe
FirewallRules: [UDP Query User{4299B264-3EF1-48F8-919E-C7AB2442C7C0}C:\program files\thea render\thea.exe] => (Block) C:\program files\thea render\thea.exe
FirewallRules: [TCP Query User{62A1BF7D-6365-4ACA-9293-AB825F88142A}C:\games\world_of_tanks\dniwebot\guibotold.exe] => (Allow) C:\games\world_of_tanks\dniwebot\guibotold.exe
FirewallRules: [UDP Query User{DFF36CEE-5937-409A-A0A2-5041DDF2F23B}C:\games\world_of_tanks\dniwebot\guibotold.exe] => (Allow) C:\games\world_of_tanks\dniwebot\guibotold.exe
FirewallRules: [TCP Query User{296C3C76-EB40-45BC-9F75-CD7A80919973}C:\games\world_of_tanks\dniwebot\dniwebot.exe] => (Allow) C:\games\world_of_tanks\dniwebot\dniwebot.exe
FirewallRules: [UDP Query User{E9CDBA5A-8864-41B6-8ED3-C61AF0E7951A}C:\games\world_of_tanks\dniwebot\dniwebot.exe] => (Allow) C:\games\world_of_tanks\dniwebot\dniwebot.exe
FirewallRules: [{C6B39162-44FE-4254-8B22-C458155376E3}] => (Block) C:\games\world_of_tanks\dniwebot\dniwebot.exe
FirewallRules: [{C1A0D2DE-9B8F-470A-8480-3FC1573062C5}] => (Block) C:\games\world_of_tanks\dniwebot\dniwebot.exe
FirewallRules: [{B3241710-806A-4B65-97BA-90683565F110}] => (Allow) C:\Program Files (x86)\Hide ALL IP\HideAllIP.exe
FirewallRules: [{57FCD7B6-3360-43E5-BB4C-F487BD946AF8}] => (Allow) C:\Program Files (x86)\Hide ALL IP\HideAllIP.exe
FirewallRules: [TCP Query User{8E38AA98-57F6-4C8D-AEF7-4F6117A36DFE}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [UDP Query User{D516A6C9-0FD4-473D-9A21-049AC2C7AB69}C:\program files\sketchup\sketchup 2015\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2015\sketchup.exe
FirewallRules: [TCP Query User{694AD056-9CF1-4D37-A469-8AAF531AE05E}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{6E7B1DC2-AC7B-478D-9E22-9B376EEC93D5}C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc101\distributed rendering\xmldrspawner.exe
FirewallRules: [TCP Query User{19BE0941-3118-4674-94AF-2DF98EFEBA50}K:\adobe muse cc 2014\muse.exe] => (Allow) K:\adobe muse cc 2014\muse.exe
FirewallRules: [UDP Query User{AFA70F47-FCC1-47EE-8BFD-5209EE42D42E}K:\adobe muse cc 2014\muse.exe] => (Allow) K:\adobe muse cc 2014\muse.exe
FirewallRules: [TCP Query User{79D002D2-4929-441E-961F-A1B0D6E6C718}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9F6BC996-377F-47F1-9DE7-98EE8BB78119}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A505FF32-D5F3-48D6-AD7F-480450C0DB78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3F08A11B-EEFD-49B8-A75D-221D23CA1907}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17744C3F-6629-4C69-8777-3154AC46F943}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A000BF64-DA72-44EA-BABC-4A5347BE1AB2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B24B37D8-219A-499B-96F6-B79EE0FEA8CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4300BECE-6316-4B7A-AC74-26A67966A450}] => (Allow) C:\Program Files (x86)\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{2CAB01C8-0FB6-4BCA-BE04-1FF0F8A76240}] => (Allow) C:\Program Files (x86)\simplitec\simplifast\PowerSuite.exe
FirewallRules: [{04D1CCC6-D086-4335-9337-5B2F59B78128}] => (Allow) C:\Program Files (x86)\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{2D32B321-C501-4852-9F69-3ACAD33B250D}] => (Allow) C:\Program Files (x86)\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{0D47946B-3AAD-48DF-AA50-698ABEE5F870}] => (Allow) C:\Program Files (x86)\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{B36801FB-C6D2-4E84-965A-B7BFEE2621B2}] => (Allow) C:\Program Files (x86)\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{505832B0-33CB-483D-8F66-5F5878F6DC0C}] => (Allow) C:\Program Files (x86)\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{D6BE87E9-B22B-451A-9A04-09E1347F5477}] => (Allow) C:\Program Files (x86)\simplitec\simplifast\ServiceProvider.exe
FirewallRules: [{1EA390EE-DB46-42B1-AC4D-9591E98AD4CC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{14771A56-BBB6-422F-A05E-3AF446BA34FE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3C9381C0-F894-4E6C-9F21-B922CB878FD8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F230A063-E5C3-42D2-8C9D-77F5CFC21DD8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{03064E04-BB30-41D7-9B0B-6BE4EBE28CE1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{E3E1DD91-09CF-4FEB-9CD7-7D6702DDF166}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{11114D73-BF45-41B0-873B-06D8C86609E2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6645AEAA-8DEB-4B39-AAC8-A2473E52D3D4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{7BDE952B-72D6-452E-9FFA-118460BCAC84}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{4850FFFB-E125-43F7-9E73-3F7EF33098B3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{70F406BA-FC0A-4BBB-B281-9F63F90D371F}] => (Block) c:\Program Files\Corel\CorelDRAW Technical Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{45E12988-A160-4F03-9A8F-5F5C9A476580}] => (Block) c:\Program Files\Corel\CorelDRAW Technical Suite X7\Programs64\Designer.exe
FirewallRules: [{7E663BF4-53F0-4710-9477-80A5FACDE2E1}] => (Block) c:\Program Files\Corel\CorelDRAW Technical Suite X7\Programs64\CorelPP.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2015 00:09:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 00:08:09 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 00:08:09 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 10:48:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbae.exe version 1.6.1.1019 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c20

Start Time: 01d083b88e40e9bd

Termination Time: 60000

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

Report Id: 4f7359a8-efac-11e4-b260-00248c1cc1c5

Error: (05/01/2015 10:35:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 10:35:24 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 10:35:24 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 10:14:54 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 10:14:54 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 10:14:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/01/2015 00:07:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:05:54 on ‎2015/‎5/‎1 was unexpected.

Error: (05/01/2015 11:16:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2570947).

Error: (05/01/2015 11:14:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2991963).

Error: (05/01/2015 11:13:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2570947).

Error: (05/01/2015 11:11:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2991963).

Error: (05/01/2015 10:33:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2570947).

Error: (05/01/2015 10:31:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2991963).

Error: (05/01/2015 10:31:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2570947).

Error: (05/01/2015 10:28:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: 用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2991963).

Error: (05/01/2015 10:14:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
{128614e8-07dd-4e11-b9ec-ca2c14f812c5}Gw64


Microsoft Office Sessions:
=========================
Error: (05/01/2015 00:09:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 00:08:09 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 00:08:09 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 10:48:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbae.exe1.6.1.10191c2001d083b88e40e9bd60000C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe4f7359a8-efac-11e4-b260-00248c1cc1c5

Error: (05/01/2015 10:35:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/01/2015 10:35:24 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 10:35:24 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 10:14:54 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 10:14:54 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (05/01/2015 10:14:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 50%
Total physical RAM: 12279.12 MB
Available physical RAM: 6062.18 MB
Total Pagefile: 24556.43 MB
Available Pagefile: 19125.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:400 GB) (Free:133.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:65.76 GB) (Free:38.5 GB) NTFS
Drive e: (bie764111) (CDROM) (Total:3.76 GB) (Free:0 GB) CDFS
Drive k: (Projects & Softwares) (Fixed) (Total:1863.02 GB) (Free:1676.72 GB) NTFS
Drive m: (Movies Music & Others) (Fixed) (Total:1863.02 GB) (Free:1016.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7415E9E5)
Partition 1: (Active) - (Size=400 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=65.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: F557AE1E)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: F557AE03)

Partition: GPT Partition Type.

==================== End Of Log ============================
artedesenyo
Active Member
 
Posts: 3
Joined: May 1st, 2015, 2:50 am

Re: redirecting to wpkg.org

Unread postby Gary R » May 1st, 2015, 12:33 pm

There's definite evidence in your logs that you have cracked/illegal software installed on your computer.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs :
  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware