Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

DNS Hijack?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

DNS Hijack?

Unread postby bluey2 » October 3rd, 2014, 8:35 am

Hi

for the last month I noticed a very odd behavior in my browser: it would time out and not load random pages including many known websites (like microsoft.com and so on). Those same websites would be accessible though from other machines on my home network. Trying to find out why I tried the following steps: reinstalled chrome, firefox and safari; full scan of system with antivirus and two malware checkers as well as TDSSKiller, added OpenDNS and Google DNS servers. It was not until I looked at the DNS listing obtained from cmd/ipconfig all to check that the new DNS setting were operational that I noticed two strange servers at the top of the list of servers: 75.126.206.18 and 184.173.169.186. Flush DNS would not get rid of them and a quick search revealed that they are connected to instances of DNS Hijack. DDS log available on request. Hope you guys can help me solve this.

Here is the DDS scan of my machine:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
Run by Pietro at 18:37:17 on 2014-10-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1255.972.1033.18.7637.4613 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\System32\TC2Tray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pietro\AppData\Local\Skillbrains\lightshot\5.1.4.9\Lightshot.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
C:\Users\Pietro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TC2Service.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\IHAMCNotify.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uDefault_Page_URL = hxxp://www.velocitymicro.com
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: 1Password: {037C06D5-3893-49E8-9AC0-41F7524AFBF5} - C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\CoIEPlg.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Pietro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [LightShot] C:\Users\Pietro\AppData\Local\Skillbrains\lightshot\Lightshot.exe
uRun: [D94054F4A9BCC164BA2CF668881FF7F5490C37F3._service_run] "C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
uRun: [AdobeBridge] <no file>
uRunOnce: [*NPE (1)] "C:\Users\Pietro\Downloads\NPE (1).exe" /POSTFIX
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Backup Utility TaskTray Tool] "C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe"
mRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Agile1pAgent] C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
dRunOnce: [Application Restart #0] C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe /RestartByRestartManager:126B7888-D5D7-416b-9073-3CEE81DC0D83
dRunOnce: [Application Restart #1] C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe /RestartByRestartManager:48513ABB-B4B8-45c3-8B6D-55A0D7BF0961
StartupFolder: C:\Users\Pietro\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Pietro\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FORTEM~1.LNK - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {35BA58F0-BE4F-4DB5-B6D7-4A593C4B7951} - {67C241CC-D372-4BC0-BA82-12652D200F0C} - C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 75.126.206.18,184.173.169.186
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{231FB5F7-3F1E-40F2-BE3D-9BA81C07C536} : NameServer = 75.126.206.18 184.173.169.186 8.8.8.8 8.8.4.4
TCP: Interfaces\{231FB5F7-3F1E-40F2-BE3D-9BA81C07C536} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3DBB9606-AB84-4C06-BBCE-A30A8FDDA302} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{3DBB9606-AB84-4C06-BBCE-A30A8FDDA302} : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{4320F49C-F5CD-40E6-BC0C-3440328845F7} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{4320F49C-F5CD-40E6-BC0C-3440328845F7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{548562BC-628A-46ED-B8D7-C5129FB08544} : NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{6EB35DA3-04CF-4E4B-9CA8-0B473A041F29} : NameServer = 75.126.206.18,184.173.169.186
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: 1Password: {037C06D5-3893-49E8-9AC0-41F7524AFBF5} - C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\CoIEPlg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [TC2Tray] "C:\Windows\System32\TC2Tray.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {35BA58F0-BE4F-4DB5-B6D7-4A593C4B7951} - {67C241CC-D372-4BC0-BA82-12652D200F0C} - C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 BFRD4G;BUFFALO RAM Disk Driver;C:\Windows\System32\drivers\BFRD4G.sys [2012-9-13 47232]
R0 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;C:\Windows\System32\drivers\bftpdskc64.sys [2012-11-29 72016]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2011-2-10 297000]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1506000.020\SymDS64.sys [2014-9-25 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1506000.020\SymEFA64.sys [2014-9-25 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [2014-9-12 1586904]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1506000.020\ccSetx64.sys [2014-9-25 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20140930.003\IDSviA64.sys [2014-10-1 633560]
R1 SMR430;Symantec SMR Utility Service 4.3.0;C:\Windows\System32\drivers\SMR430.SYS [2014-10-2 108216]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1506000.020\Ironx64.sys [2014-9-25 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1506000.020\symnets.sys [2014-9-25 593112]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 BFBackupUtilityService;Backup Utility Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?]
R2 BFBackupUtilityVSSService;Backup Utility VSS Service;C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute --> C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe -Service_Execute [?]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-28 358984]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [2014-9-25 276376]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TC2Service;TurboPC EX FileCopy Service;C:\Windows\System32\TC2Service.exe -Service_Execute --> C:\Windows\System32\TC2Service.exe -Service_Execute [?]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-4 5095264]
R2 tpcexdccs;TurboPC EX DiskCache Control Service;C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [2012-9-13 134216]
R2 WinisoCDBus;WinISO Virtual CD Drive;C:\Windows\System32\drivers\WinisoCDBus.sys [2013-1-1 204032]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-22 121832]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-22 364520]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-11-29 245760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-26 142640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2011-12-31 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-2-10 209424]
S3 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;C:\Windows\System32\drivers\bftpusbx64.sys [2012-11-29 20608]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2011-10-13 14336]
S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2011-10-13 18432]
S3 megasas2;megasas2;C:\Windows\System32\drivers\megasas2.sys [2011-7-25 52304]
S3 MegaSR1;MegaSR1;C:\Windows\System32\drivers\MegaSR1.sys [2011-7-25 465488]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 mv91cons;mv91cons;C:\Windows\System32\drivers\mv91cons.sys [2011-3-9 24880]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 184968]
S3 Si3124r5;Si3124r5;C:\Windows\System32\drivers\Si3124r5.sys [2011-2-10 340008]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 visctap0901;Viscosity Virtual Adapter V9.1;C:\Windows\System32\drivers\visctap0901.sys [2013-4-3 39048]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
.
=============== Created Last 30 ================
.
2014-10-02 21:53:05 -------- d-----w- C:\NPE
2014-10-02 21:49:40 108216 ----a-w- C:\Windows\System32\drivers\SMR430.SYS
2014-09-30 22:04:40 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-30 22:04:40 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-28 14:02:26 -------- d-----w- C:\Program Files (x86)\ASE Computing
2014-09-26 00:31:24 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2014-09-25 23:30:20 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-25 23:30:09 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-25 23:30:09 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-25 23:30:09 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 23:30:08 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-25 23:30:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-24 06:08:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-24 06:08:28 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-23 10:10:55 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DEB9D78F-8EE0-489C-8295-341775633A01}\mpengine.dll
2014-09-18 17:55:07 -------- d-----w- C:\Users\Pietro\AppData\Local\Citrix
2014-09-11 23:25:49 -------- d-----w- C:\ProgramData\Freemake
2014-09-11 23:25:40 -------- d-----w- C:\Program Files (x86)\Freemake
2014-09-11 22:13:39 -------- d-----w- C:\Program Files (x86)\SubtitleCreator
2014-09-11 22:08:37 -------- d-----w- C:\Program Files (x86)\Subtitle Workshop
2014-09-11 07:01:32 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-11 07:01:32 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 00:36:32 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-11 00:36:32 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-11 00:36:22 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-11 00:36:22 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-11 00:36:12 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-11 00:36:12 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-11 00:36:12 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-11 00:36:12 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-11 00:36:12 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-09 10:29:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-09 10:29:48 -------- d-----w- C:\Program Files\iTunes
2014-09-09 10:29:48 -------- d-----w- C:\Program Files\iPod
.
==================== Find3M ====================
.
2014-09-26 00:28:44 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-09-24 18:02:08 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 18:02:08 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-15 13:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-26 02:26:58 593112 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\symnets.sys
2014-08-26 02:26:57 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys
2014-08-26 02:26:57 1148120 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\SymEFA64.sys
2014-08-26 02:26:56 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\SymDS64.sys
2014-08-26 02:20:22 876248 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-14 07:50:16 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2014-08-14 07:50:16 1002728 ----a-w- C:\Windows\System32\WinUSBCoInstaller2.dll
2014-08-06 19:48:16 266968 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\Ironx64.sys
2014-07-25 16:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 18:37:46.97 ===============
bluey2
Active Member
 
Posts: 5
Joined: October 2nd, 2014, 9:05 pm
Advertisement
Register to Remove

Re: DNS Hijack?

Unread postby nunped » October 5th, 2014, 5:12 pm

Hello bluey2, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: DNS Hijack?

Unread postby nunped » October 5th, 2014, 5:33 pm

Hi bluey2,

Please run this scan:
Step 1 - Scan with FRST
Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: DNS Hijack?

Unread postby bluey2 » October 5th, 2014, 7:04 pm

Here is the FRST scan:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by Pietro at 2014-10-05 18:36:04
Running from C:\Users\Pietro\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them.

The adware programs should be uninstalled manually.)

1Password 4.0.1.503 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
ACBL Convention Card Editor (HKLM-x32\...\Product_Name) (Version: - )
ACDSee Pro (HKLM-x32\...\{F99F74B4-972B-4B06-B893-6B3B0DB0128B}) (Version: 8.0.67 - ACD

Systems Ltd.)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8

Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe

Systems) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version:

15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152

- Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 -

Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version:

10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 -

Adobe Systems, Inc.)
Advanced Archive Password Recovery (HKCU\...\Advanced Archive Password Recovery) (Version:

4.53 - ElcomSoft Co. Ltd.)
Advanced File Fixer 2013 version 2.8 (HKLM-x32\...\{ACE1BD0A-7317-4AC4-8DCB-F085E65053A3}

_is1) (Version: 2.8 - http://advancedfilefixer.com/)
Advanced X Video Converter (HKLM-x32\...\Advanced X Video Converter_is1) (Version: -

AoAMedia.Com)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon

Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
Any Video Converter 5 5.0.4 (HKLM-x32\...\Any Video Converter 5_is1) (Version: - Any-

Video-Converter.com)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version:

3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version:

7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version:

2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1})

(Version: 2.3.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.3.9.2 - ASUSTek COMPUTER INC.) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bridge Base Online (HKLM-x32\...\Bridge_Base_Online) (Version: - )
Brother MFL-Pro Suite HL-2280DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487})

(Version: 1.0.7.0 - Brother Industries, Ltd.)
BUFFALO Backup Utility (HKLM-x32\...\UN091222) (Version: - )
BUFFALO BuffaloTools Launcher (HKLM-x32\...\UN091201) (Version: - )
Buffalo RAMDISK Utility (HKLM\...\Buffalo BFRD4G) (Version: - )
BUFFALO TurboPC EX (HKLM-x32\...\UN110613) (Version: - )
calibre (HKLM-x32\...\{04DA2FBD-B750-4070-90DE-D387DAC13C71}) (Version: 1.21.0 - Kovid

Goyal)
Canon CanoScan LiDE 110 User Registration (HKLM-x32\...\Canon CanoScan LiDE 110 User

Registration) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414)

(Version: - )
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: -

)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
CometBird 11.0 (x86 en-US) (HKLM-x32\...\CometBird 11.0 (x86 en-US)) (Version: 11.0 -

CometNetwork)
Crusader Kings II (HKLM-x32\...\Crusader Kings II_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...

\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-

778512BE5D4C}) (Version: - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: - Blizzard Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Europa Universalis - Rome (HKLM-x32\...\{7FD14A8A-FBCC-4442-ACAC-A0E9EC223AED}) (Version:

- )
Europa Universalis III (HKLM-x32\...\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}) (Version: - )
Europa Universalis III (HKLM-x32\...\Europa Universalis III_is1) (Version: - Paradox

Interactive)
Female Voice Pack (HKLM-x32\...\{59A614F6-27DE-4F65-A173-554A26DA2DEE}) (Version: 3.3.0 -

Screaming Bee)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
forteManager (HKLM-x32\...\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}) (Version: 3.18 - LG Soft

India)
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1)

(Version: 4.1.4 - Ellora Assets Corporation)
Fritz 13 (HKLM-x32\...\{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}) (Version: 13.0.0.0 -

ChessBase)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Chrome Canary (HKCU\...\Google Chrome SxS) (Version: 40.0.2179.0 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 -

Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{859963C1-E908-49E8-9FA3-9E833D717563}) (Version: 1.8.8 -

Verizon)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version:

1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A})

(Version: 7.0.0.1144 - Intel Corporation)
IPEVO Control Center (HKLM-x32\...\{C9092301-E8A2-4568-AD64-A3100EE061AD}) (Version:

1.0.3.10 - IPEVO)
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex

Feinman)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 -

Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle

Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Kindle Auto eBook Converter 0.4.50 (HKLM-x32\...\Kindle Auto eBook Converter) (Version:

0.4.50 - The Messenger)
K-Lite Codec Pack 3.01 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 3.01 - )
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version:

1.18.18.1 - LightScribe)
Lightshot-5.1.4.9 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version:

5.1.4.9 - Skillbrains)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 -

Logitech)
Male Voice Pack (HKLM-x32\...\{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}) (Version: 1.3.0 -

Screaming Bee)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1)

(Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International

Limited)
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033)

(Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)

Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 -

Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version:

14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft

Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:

5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-

AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0

-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-

51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-

1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-

2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-

3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-

1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-

6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-

3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-

37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-

39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-

2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-

ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-

8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-

321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-

413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 -

Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 -

Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MorphVOX Pro (HKLM-x32\...\{2D7CF073-6583-464A-84D4-F86DE59DCA42}) (Version: 4.4.8 -

Screaming Bee)
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version:

4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version:

4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version:

4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36})

(Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E})

(Version: 4.30.2117.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{d3d4a61f-f6c4-4997-8a77-3e1a0a9b850d}) (Version: - Nero

AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.23.100 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.39.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.27.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.40.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.40.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.19.100 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (x32 Version: 1.0.0.0 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version:

12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version:

5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update)

(Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - )
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version:

1.00.0001 - Nuance Communications, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.3.30275 -

Grinding Gear Games)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 -

Nitro PDF Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 -

Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc)

Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc)

Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476})

(Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})

(Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Redist (HKLM-x32\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.03 - Enterbrain)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple

Inc.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...

\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-

A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: -

Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version:

7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 -

Skype Technologies S.A.)
Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version: - )
SubtitleCreator (HKLM-x32\...\SubtitleCreator) (Version: V2.3rc1 - Erik Vullings)
SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51 (HKLM-x32\...\{B93DCF58-AA57

-41EC-8D69-B05C66C6312D}_is1) (Version: v2012.build.51 - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2894 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0463 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wnyiper (x32 Version: 011.000.1523 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2083 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wnyiper (x32 Version: 012.000.1503 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1874 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0477 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0164 - Intuit Inc.) Hidden
TurboTax 2013 wnyiper (x32 Version: 013.000.1311 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31})

(Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E})

(Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-

002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443})

(Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-

003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443})

(Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-

003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-

0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: -

Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-

0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-

0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-

0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-

040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8})

(Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-

0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C})

(Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-

0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E})

(Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E})

(Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-

0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F})

(Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D})

(Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-

0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87})

(Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-

003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872})

(Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...

\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-

C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A})

(Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-

003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F})

(Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-

0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD})

(Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
Verizon Media Manager (HKLM-x32\...\Verizon Media Manager) (Version: 9.6.12 - Verizon)
Videora iPod touch Converter 6 (HKLM-x32\...\Videora iPod touch Converter) (Version: 6 -

Red Kawa)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
VueScan (HKLM\...\VueScan) (Version: - )
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
WBF CCE (HKLM-x32\...\WBF CCE_is1) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation)

Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft

Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft

Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4})

(Version: 1.0.0.8 - Microsoft Corp)
WinISO (HKLM-x32\...\WinISO) (Version: 6.3.0.4969 - WinISO Computing Inc.)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WiTopia (HKLM\...\{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1) (Version: 2.1.9.178 -

WiTopia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual

file will not be moved.)

CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{005A3A96-

BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin

\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{355EC88A-

02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Pietro\AppData\Local\Google\Update

\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{90B3DFBF-

AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pietro\AppData\Local\Google\Update

\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{E8CF3E55-

F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pietro\AppData\Local\Google\Update

\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314ED9-

A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDA-

A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDB-

A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDC-

A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDD-

A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDE-

A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDF-

A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EE0-

A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin

\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FE498BAB-

CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Pietro\AppData\Local\Google\Update

\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

20-09-2014 01:20:48 Windows Update
23-09-2014 10:10:21 Windows Update
24-09-2014 07:00:13 Windows Update
01-10-2014 07:00:12 Windows Update
02-10-2014 22:00:01 Norton_Power_Eraser_20141002175955994

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated

file could be listed separately to be moved.)

Task: {0017B1A6-75B1-4AD2-B8AE-15B053C544E0} - System32\Tasks\{EB09D44E-8505-4915-8C49-

57DA4CCF443E} => C:\civ2\CIV2MONEY.exe [2003-07-19] (N\A)
Task: {0D250734-5BE6-4BC5-A7E2-74393DCD3869} - System32\Tasks\{9AAEDBD4-A515-4202-B033-

EBAB2B61B6BB} => C:\civilization\civ2.exe [2013-01-01] ()
Task: {13C9775B-B56E-42C2-9A48-BB3987DE5DED} - System32\Tasks\Microsoft\Windows

\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {15251273-9E5E-4BF6-B3BA-5EA8DB3F5964} - System32\Tasks\GoogleUpdateTaskMachineUA =>

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12] (Google Inc.)
Task: {167799A4-21EE-4887-9DC6-CD4727F5D735} - System32\Tasks\GoogleUpdateTaskMachineCore

=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12] (Google Inc.)
Task: {192AE1A7-116B-426E-A163-66A2D1ABF112} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21

-781834376-2653657104-3512697799-1001UA => C:\Users\Pietro\AppData\Local\Google\Update

\GoogleUpdate.exe [2011-10-13] (Google Inc.)
Task: {2676F7E1-FB87-4AF4-8B37-CC0E0B694F06} - System32\Tasks\update-sys => C:\Program

Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {333F34F5-3241-41DB-B360-0738D155C7CF} - System32\Tasks\{CC6F09C8-4925-47F2-8781-

C87E6C6DF7C8} => C:\Av Voice Software Diamond Edition 6.0.10\AV Voice Changer Software

Diamond Edition 6.0.10\Nickvoices\NP1.exe
Task: {390BDD39-332E-44D7-B445-9E1C580893F9} - System32\Tasks\AdobeAAMUpdater-1.0-Pietro-

VM-Pietro => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {43870751-6A47-46DF-B18A-52B43602385C} - System32\Tasks\Apple\AppleSoftwareUpdate =>

C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4BFD36B2-268D-4AB9-A2C5-10B2B26B95B6} - System32\Tasks\{1AAE4C6E-25A9-40DE-A8E5-

4E2EF4636D79} => C:\Program Files (x86)\Screaming Bee\MorphVOX Junior\VP-Male_Install.exe

[2007-12-12] ()
Task: {5A9A8AB3-28E0-43A0-89FC-6AEBFFB599F0} - System32\Tasks\{167D2426-5532-4CC1-9C24-

2EA60C2D1177} => C:\Program Files (x86)\Screaming Bee\MorphVOX Junior\VP-Female_Install.exe

[2007-12-12] ()
Task: {5BC6A1EA-6D73-41F1-94EB-13468E2FB242} - System32\Tasks\{562E0184-1988-41D8-96E4-

CCFDF18DA455} => C:\Program Files (x86)\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe [2005-12

-23] (ACD Systems Ltd.)
Task: {5E441F49-B958-4E6F-95D0-6D64DDE070D5} - System32\Tasks\Maxthon Update => C:\Program

Files (x86)\Maxthon\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.)
Task: {66D0E17C-5FE7-494F-9E56-413188132639} - System32\Tasks\Norton 360\Norton Error

Processor => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe
Task: {8021EFE2-32AB-4AFA-AF6E-DAA05BD6095D} - System32\Tasks\{EADA2F0B-2F25-4D61-B913-

3CA5C7F0EC42} => C:\Civilization 2 gold\civ2gold\civ2.exe [2012-11-10] ()
Task: {90819F46-61D2-4FC4-BADA-F74081EF8346} - System32\Tasks\Norton WSC Integration => C:

\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21]

(Symantec Corporation)
Task: {92C2D5A1-35A7-4139-A89F-D1D11CBE0C9B} - System32\Tasks\CCleanerSkipUAC => C:\Program

Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {92D07083-8D42-40BE-9A3E-161B9D745035} - System32\Tasks\Adobe Flash Player Updater =>

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems

Incorporated)
Task: {94FC3EAA-1CFC-4843-8C91-A39933E39EA4} - System32\Tasks

\RealPlayerRealUpgradeLogonTaskS-1-5-21-781834376-2653657104-3512697799-1001 => C:\Program

Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9B097162-3084-4D02-9FD7-41BC753AB4CC} - System32\Tasks\{455F43AB-0CD2-4BA3-8AF6-

547682200A26} => C:\civilization\civ2.exe [2013-01-01] ()
Task: {ADAD901F-5DF6-4994-B5FC-FA5155FF934A} - System32\Tasks\Norton 360\Norton Error

Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe
Task: {B309B1AA-B66D-4D10-82AC-DA383A2C8F66} - System32\Tasks\update-S-1-5-21-781834376-

2653657104-3512697799-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014

-03-25] ()
Task: {B935F7EE-E9E4-41F9-8F51-A08A6C430948} - System32\Tasks\{3A81C847-5525-4FA2-8075-

57B2E75A1484} => C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe [2009-

04-24] ()
Task: {DB6191C2-F493-4A76-AEB3-8E056B60FE58} - System32\Tasks\Norton Internet Security

\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine

\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EB9FBEEB-C50E-4517-9BFE-A91AA8370140} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21

-781834376-2653657104-3512697799-1001Core => C:\Users\Pietro\AppData\Local\Google\Update

\GoogleUpdate.exe [2011-10-13] (Google Inc.)
Task: {EE4EC1B7-5480-4843-83B3-984CA7393FD4} - System32\Tasks\Norton Internet Security

\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine

\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F246C346-964E-4E58-B334-D08FE06062DB} - System32\Tasks\{32174CFD-6A18-4EE3-A567-

81D99F33D1BD} => C:\Program Files (x86)\Screaming Bee\MorphVOX Junior\VP-Male_Install.exe

[2007-12-12] ()
Task: {F8B45193-3109-4FB4-B928-CBA93C0C32B5} - \Funmoods No Task File <==== ATTENTION
Task: {FB8B751B-E52E-4D9D-A3DD-49B3BF5FBD54} - System32\Tasks

\RealPlayerRealUpgradeScheduledTaskS-1-5-21-781834376-2653657104-3512697799-1001 => C:

\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed

\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781834376-2653657104-3512697799-

1001Core.job => C:\Users\Pietro\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781834376-2653657104-3512697799-

1001UA.job => C:\Users\Pietro\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-781834376-2653657104-3512697799-1001.job => C:

\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater

\Updater.exe

==================== Loaded Modules (whitelisted) =============

2012-11-18 04:02 - 2013-10-23 04:20 - 00102176 _____ () C:\Program Files\NVIDIA

Corporation\Display\NvSmartMax64.dll
2011-11-20 20:06 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\FileZilla FTP Client

\fzshellext_64.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++

\NppShell_06.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2011-10-13 16:33 - 2009-04-24 17:01 - 01683456 _____ () C:\Program Files (x86)\LG Soft

India\forteManager\bin\Monitor.exe
2013-09-07 14:12 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint

\khalwrapper.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files

(x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-07 14:12 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint

\x86\SetPoint32.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common

Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common

Files\Apple\Apple Application Support\libxml2.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 02121728 _____ () C:\Program Files (x86)\Common

Files\LightScribe\QtCore4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 07745536 _____ () C:\Program Files (x86)\Common

Files\LightScribe\QtGui4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 00135168 _____ () C:\Program Files (x86)\Common

Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-08-07 15:25 - 2013-08-07 15:25 - 00093696 _____ () C:\FileZilla FTP Client

\fzshellext.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00090112 _____ () C:\Program Files (x86)\LG Soft

India\forteManager\bin\ACRHOOK.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00122880 _____ () C:\Program Files (x86)\LG Soft

India\forteManager\bin\ApplicationManager.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00053248 _____ () C:\Program Files (x86)\LG Soft

India\forteManager\bin\ErrorHandler.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00159744 _____ () C:\Program Files (x86)\LG Soft

India\forteManager\bin\DeviceManager.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00073728 _____ () C:\Program Files (x86)\LG Soft

India\forteManager\bin\ProtocolEngine.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00069632 _____ () C:\Program Files (x86)\LG Soft

India\forteManager\bin\MonitorEngRes.dll
2014-10-03 09:39 - 2014-10-03 09:39 - 00043008 _____ () c:\users\pietro\appdata\local\temp

\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5stscd.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Pietro\AppData\Roaming

\Dropbox\bin\libcef.dll
2012-11-29 12:50 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother

\BrUtilities\BrLogAPI.dll
2014-09-24 23:48 - 2014-09-23 00:06 - 01098056 _____ () C:\Users\Pietro\AppData\Local

\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 23:48 - 2014-09-23 00:06 - 00174408 _____ () C:\Users\Pietro\AppData\Local

\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 23:48 - 2014-09-23 00:07 - 08577864 _____ () C:\Users\Pietro\AppData\Local

\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 23:48 - 2014-09-23 00:07 - 00331592 _____ () C:\Users\Pietro\AppData\Local

\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 23:48 - 2014-09-23 00:06 - 01660232 _____ () C:\Users\Pietro\AppData\Local

\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common

Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft

Office\Office14\ADDINS\UmOutlookAddin.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common

Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common

Files\Apple\Internet Services\libxml2.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 26065408 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\libcef.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00739840 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\libGLESv2.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00905216 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\platforms\qwindows.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00130048 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\libEGL.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00020992 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\imageformats\qgif.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00020992 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\imageformats\qico.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00205312 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\imageformats\qjpeg.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00225792 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\imageformats\qmng.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00312832 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\imageformats\qtiff.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00010240 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\qml\QtQuick.2\qtquick2plugin.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00054272 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00010240 _____ () C:\Program Files (x86)\Diablo III

\Battle.net\Battle.net.5115\qml\QtQml\Models.2\modelsplugin.dll
2013-06-05 18:49 - 2013-07-11 20:30 - 00258944 _____ () C:\Program Files (x86)\Maxthon\bin

\Maxzlib.dll
2013-06-05 18:49 - 2013-07-11 20:30 - 00258944 _____ () C:\Program Files (x86)\Maxthon\Bin

\maxzlib.dll
2013-06-05 18:49 - 2013-08-01 05:18 - 00232760 _____ () C:\Program Files (x86)\Maxthon

\Addons\Mobile\MxMobile.dll
2013-06-05 18:49 - 2013-08-08 20:36 - 00755000 _____ () C:\Program Files (x86)\Maxthon

\Core\Webkit\libglesv2.dll
2013-06-05 18:49 - 2013-08-08 20:36 - 00149304 _____ () C:\Program Files (x86)\Maxthon

\Core\Webkit\libegl.dll
2013-06-05 18:49 - 2013-08-13 05:15 - 14586736 _____ () C:\Program Files (x86)\Maxthon

\Core\Webkit\Npplugins\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:3B71D0B4
AlternateDataStreams: C:\Users\Pietro\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The

"AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries

will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-781834376-2653657104-3512697799-500 - Administrator - Disabled)
Guest (S-1-5-21-781834376-2653657104-3512697799-501 - Limited - Disabled)
Pietro (S-1-5-21-781834376-2653657104-3512697799-1001 - Administrator - Enabled) => C:

\Users\Pietro
UpdatusUser (S-1-5-21-781834376-2653657104-3512697799-1000 - Limited - Enabled) => C:

\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: G:\
Description: USB CF Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information

(in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure

opening the service subkey, or if the driver name cannot be obtained from the service

subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the

troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this

device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the

troubleshooting wizard.

Name: I:\
Description: USB MS Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information

(in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure

opening the service subkey, or if the driver name cannot be obtained from the service

subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the

troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers

required for this device. (Code 31)
Resolution: Update the driver

Name: F:\
Description: USB SD Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information

(in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure

opening the service subkey, or if the driver name cannot be obtained from the service

subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the

troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts

the Enable Device wizard. Follow the instructions.

Name: H:\
Description: USB SM Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information

(in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure

opening the service subkey, or if the driver name cannot be obtained from the service

subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the

troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2014 09:39:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 09:27:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinRAR.exe, version: 5.1.0.0, time stamp:

0x529aee4c
Faulting module name: ieframe.dll, version: 11.0.9600.17280, time stamp: 0x53f26cbd
Exception code: 0xc000041d
Fault offset: 0x0000000000146890
Faulting process id: 0x1a94
Faulting application start time: 0xWinRAR.exe0
Faulting application path: WinRAR.exe1
Faulting module path: WinRAR.exe2
Report Id: WinRAR.exe3

Error: (10/03/2014 09:26:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinRAR.exe, version: 5.1.0.0, time stamp:

0x529aee4c
Faulting module name: ieframe.dll, version: 11.0.9600.17280, time stamp: 0x53f26cbd
Exception code: 0xc0000005
Fault offset: 0x0000000000146890
Faulting process id: 0x1a94
Faulting application start time: 0xWinRAR.exe0
Faulting application path: WinRAR.exe1
Faulting module path: WinRAR.exe2
Report Id: WinRAR.exe3

Error: (10/02/2014 05:53:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 05:28:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 04:55:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time stamp:

0x4e5dcc07
Faulting module name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dcc07
Exception code: 0xc0000409
Fault offset: 0x000000000004395b
Faulting process id: 0x654
Faulting application start time: 0xmDNSResponder.exe0
Faulting application path: mDNSResponder.exe1
Faulting module path: mDNSResponder.exe2
Report Id: mDNSResponder.exe3

Error: (10/01/2014 05:00:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location

J:\. The error is: The backup location cannot be found or is not valid. Review your backup

settings and check the backup location. (0x81000006).

Error: (09/26/2014 07:46:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: splwow64.exe, version: 6.1.7601.17777, time stamp:

0x4f35fbfe
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xdc8
Faulting application start time: 0xsplwow64.exe0
Faulting application path: splwow64.exe1
Faulting module path: splwow64.exe2
Report Id: splwow64.exe3

Error: (09/26/2014 07:44:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/02/2014 05:50:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service. However, the

system is configured to not allow interactive services. This service may not function

properly.

Error: (10/02/2014 04:55:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time

(s).

Error: (09/29/2014 09:03:15 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (09/29/2014 09:03:15 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (09/29/2014 09:03:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (09/29/2014 09:03:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (09/26/2014 09:27:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (09/26/2014 09:27:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (09/20/2014 00:22:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time

(s).

Error: (09/18/2014 02:14:26 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (10/03/2014 09:39:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 09:27:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description:

WinRAR.exe5.1.0.0529aee4cieframe.dll11.0.9600.1728053f26cbdc000041d00000000001468901a9401cf

df0dae59a109C:\Program Files\WinRAR\WinRAR.exeC:\Windows\System32\ieframe.dllf4a4044e-4b00

-11e4-bbc0-f46d04145fda

Error: (10/03/2014 09:26:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description:

WinRAR.exe5.1.0.0529aee4cieframe.dll11.0.9600.1728053f26cbdc000000500000000001468901a9401cf

df0dae59a109C:\Program Files\WinRAR\WinRAR.exeC:\Windows\System32\ieframe.dllf1f66674-4b00

-11e4-bbc0-f46d04145fda

Error: (10/02/2014 05:53:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 05:28:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 04:55:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:

mDNSResponder.exe3.0.0.104e5dcc07mDNSResponder.exe3.0.0.104e5dcc07c0000409000000000004395b6

5401cfddbaa106991fC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Bonjour

\mDNSResponder.exe7ead46f5-4a76-11e4-9b44-f46d04145fda

Error: (10/01/2014 05:00:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup

settings and check the backup location. (0x81000006)

Error: (09/26/2014 07:46:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:

splwow64.exe6.1.7601.177774f35fbfentdll.dll6.1.7601.18247521eaf24c000037400000000000c4102dc

801cfd9e405db82d5C:\Windows\splwow64.exeC:\Windows\SYSTEM32\ntdll.dll46978bb7-45d7-11e4-

9598-f46d04145fda

Error: (09/26/2014 07:44:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-05-04 23:56:16.821
Description: Windows is unable to verify the image integrity of the file \Device

\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be

found on the system. A recent hardware or software change might have installed a file that

is signed incorrectly or damaged, or that might be malicious software from an unknown

source.

Date: 2013-05-04 23:56:16.728
Description: Windows is unable to verify the image integrity of the file \Device

\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be

found on the system. A recent hardware or software change might have installed a file that

is signed incorrectly or damaged, or that might be malicious software from an unknown

source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 73%
Total physical RAM: 7637.22 MB
Available physical RAM: 2045.5 MB
Total Pagefile: 84005.4 MB
Available Pagefile: 76992 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:673.61 GB) NTFS ==>[Drive with boot components

(obtained from BCD)]
Drive d: (DVD_ROM) (CDROM) (Total:0.53 GB) (Free:0 GB) UDF
Drive e: (BFRD-DRIVE) (Fixed) (Total:0.5 GB) (Free:0.47 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 78440729)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================
bluey2
Active Member
 
Posts: 5
Joined: October 2nd, 2014, 9:05 pm

Re: DNS Hijack?

Unread postby bluey2 » October 5th, 2014, 7:05 pm

And here is the Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by Pietro at 2014-10-05 18:36:04
Running from C:\Users\Pietro\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Password 4.0.1.503 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
ACBL Convention Card Editor (HKLM-x32\...\Product_Name) (Version: - )
ACDSee Pro (HKLM-x32\...\{F99F74B4-972B-4B06-B893-6B3B0DB0128B}) (Version: 8.0.67 - ACD Systems Ltd.)
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.0.0 - Adobe Systems) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Advanced Archive Password Recovery (HKCU\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)
Advanced File Fixer 2013 version 2.8 (HKLM-x32\...\{ACE1BD0A-7317-4AC4-8DCB-F085E65053A3}_is1) (Version: 2.8 - http://advancedfilefixer.com/)
Advanced X Video Converter (HKLM-x32\...\Advanced X Video Converter_is1) (Version: - AoAMedia.Com)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.0.1 - Amazon Services LLC) Hidden
Any Video Converter 5 5.0.4 (HKLM-x32\...\Any Video Converter 5_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.3.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.3.9.2 - ASUSTek COMPUTER INC.) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bridge Base Online (HKLM-x32\...\Bridge_Base_Online) (Version: - )
Brother MFL-Pro Suite HL-2280DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
BUFFALO Backup Utility (HKLM-x32\...\UN091222) (Version: - )
BUFFALO BuffaloTools Launcher (HKLM-x32\...\UN091201) (Version: - )
Buffalo RAMDISK Utility (HKLM\...\Buffalo BFRD4G) (Version: - )
BUFFALO TurboPC EX (HKLM-x32\...\UN110613) (Version: - )
calibre (HKLM-x32\...\{04DA2FBD-B750-4070-90DE-D387DAC13C71}) (Version: 1.21.0 - Kovid Goyal)
Canon CanoScan LiDE 110 User Registration (HKLM-x32\...\Canon CanoScan LiDE 110 User Registration) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version: - )
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
CometBird 11.0 (x86 en-US) (HKLM-x32\...\CometBird 11.0 (x86 en-US)) (Version: 11.0 - CometNetwork)
Crusader Kings II (HKLM-x32\...\Crusader Kings II_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: - Blizzard Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Europa Universalis - Rome (HKLM-x32\...\{7FD14A8A-FBCC-4442-ACAC-A0E9EC223AED}) (Version: - )
Europa Universalis III (HKLM-x32\...\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}) (Version: - )
Europa Universalis III (HKLM-x32\...\Europa Universalis III_is1) (Version: - Paradox Interactive)
Female Voice Pack (HKLM-x32\...\{59A614F6-27DE-4F65-A173-554A26DA2DEE}) (Version: 3.3.0 - Screaming Bee)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
forteManager (HKLM-x32\...\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}) (Version: 3.18 - LG Soft India)
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Fritz 13 (HKLM-x32\...\{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}) (Version: 13.0.0.0 - ChessBase)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Chrome Canary (HKCU\...\Google Chrome SxS) (Version: 40.0.2179.0 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{859963C1-E908-49E8-9FA3-9E833D717563}) (Version: 1.8.8 - Verizon)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
IPEVO Control Center (HKLM-x32\...\{C9092301-E8A2-4568-AD64-A3100EE061AD}) (Version: 1.0.3.10 - IPEVO)
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Kindle Auto eBook Converter 0.4.50 (HKLM-x32\...\Kindle Auto eBook Converter) (Version: 0.4.50 - The Messenger)
K-Lite Codec Pack 3.01 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 3.01 - )
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Lightshot-5.1.4.9 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.9 - Skillbrains)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Male Voice Pack (HKLM-x32\...\{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}) (Version: 1.3.0 - Screaming Bee)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
Menu Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MorphVOX Pro (HKLM-x32\...\{2D7CF073-6583-464A-84D4-F86DE59DCA42}) (Version: 4.4.8 - Screaming Bee)
Movie Templates - Starter Kit (x32 Version: 9.6.0.0 - Nero AG) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{d3d4a61f-f6c4-4997-8a77-3e1a0a9b850d}) (Version: - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.23.100 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.39.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.27.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.40.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.40.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.19.100 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (x32 Version: 1.0.0.0 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
OpenVPN 2.1.4 (HKLM-x32\...\OpenVPN) (Version: 2.1.4 - )
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.3.30275 - Grinding Gear Games)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Redist (HKLM-x32\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.03 - Enterbrain)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version: - )
SubtitleCreator (HKLM-x32\...\SubtitleCreator) (Version: V2.3rc1 - Erik Vullings)
SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51 (HKLM-x32\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2012.build.51 - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2894 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0463 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wnyiper (x32 Version: 011.000.1523 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2083 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wnyiper (x32 Version: 012.000.1503 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1874 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0477 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0164 - Intuit Inc.) Hidden
TurboTax 2013 wnyiper (x32 Version: 013.000.1311 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
Verizon Media Manager (HKLM-x32\...\Verizon Media Manager) (Version: 9.6.12 - Verizon)
Videora iPod touch Converter 6 (HKLM-x32\...\Videora iPod touch Converter) (Version: 6 - Red Kawa)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
VueScan (HKLM\...\VueScan) (Version: - )
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
WBF CCE (HKLM-x32\...\WBF CCE_is1) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinISO (HKLM-x32\...\WinISO) (Version: 6.3.0.4969 - WinISO Computing Inc.)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WiTopia (HKLM\...\{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1) (Version: 2.1.9.178 - WiTopia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Pietro\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pietro\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pietro\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-781834376-2653657104-3512697799-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Pietro\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

20-09-2014 01:20:48 Windows Update
23-09-2014 10:10:21 Windows Update
24-09-2014 07:00:13 Windows Update
01-10-2014 07:00:12 Windows Update
02-10-2014 22:00:01 Norton_Power_Eraser_20141002175955994

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0017B1A6-75B1-4AD2-B8AE-15B053C544E0} - System32\Tasks\{EB09D44E-8505-4915-8C49-57DA4CCF443E} => C:\civ2\CIV2MONEY.exe [2003-07-19] (N\A)
Task: {0D250734-5BE6-4BC5-A7E2-74393DCD3869} - System32\Tasks\{9AAEDBD4-A515-4202-B033-EBAB2B61B6BB} => C:\civilization\civ2.exe [2013-01-01] ()
Task: {13C9775B-B56E-42C2-9A48-BB3987DE5DED} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {15251273-9E5E-4BF6-B3BA-5EA8DB3F5964} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12] (Google Inc.)
Task: {167799A4-21EE-4887-9DC6-CD4727F5D735} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12] (Google Inc.)
Task: {192AE1A7-116B-426E-A163-66A2D1ABF112} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-781834376-2653657104-3512697799-1001UA => C:\Users\Pietro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-13] (Google Inc.)
Task: {2676F7E1-FB87-4AF4-8B37-CC0E0B694F06} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {333F34F5-3241-41DB-B360-0738D155C7CF} - System32\Tasks\{CC6F09C8-4925-47F2-8781-C87E6C6DF7C8} => C:\Av Voice Software Diamond Edition 6.0.10\AV Voice Changer Software Diamond Edition 6.0.10\Nickvoices\NP1.exe
Task: {390BDD39-332E-44D7-B445-9E1C580893F9} - System32\Tasks\AdobeAAMUpdater-1.0-Pietro-VM-Pietro => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {43870751-6A47-46DF-B18A-52B43602385C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4BFD36B2-268D-4AB9-A2C5-10B2B26B95B6} - System32\Tasks\{1AAE4C6E-25A9-40DE-A8E5-4E2EF4636D79} => C:\Program Files (x86)\Screaming Bee\MorphVOX Junior\VP-Male_Install.exe [2007-12-12] ()
Task: {5A9A8AB3-28E0-43A0-89FC-6AEBFFB599F0} - System32\Tasks\{167D2426-5532-4CC1-9C24-2EA60C2D1177} => C:\Program Files (x86)\Screaming Bee\MorphVOX Junior\VP-Female_Install.exe [2007-12-12] ()
Task: {5BC6A1EA-6D73-41F1-94EB-13468E2FB242} - System32\Tasks\{562E0184-1988-41D8-96E4-CCFDF18DA455} => C:\Program Files (x86)\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe [2005-12-23] (ACD Systems Ltd.)
Task: {5E441F49-B958-4E6F-95D0-6D64DDE070D5} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.)
Task: {66D0E17C-5FE7-494F-9E56-413188132639} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe
Task: {8021EFE2-32AB-4AFA-AF6E-DAA05BD6095D} - System32\Tasks\{EADA2F0B-2F25-4D61-B913-3CA5C7F0EC42} => C:\Civilization 2 gold\civ2gold\civ2.exe [2012-11-10] ()
Task: {90819F46-61D2-4FC4-BADA-F74081EF8346} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {92C2D5A1-35A7-4139-A89F-D1D11CBE0C9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {92D07083-8D42-40BE-9A3E-161B9D745035} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {94FC3EAA-1CFC-4843-8C91-A39933E39EA4} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-781834376-2653657104-3512697799-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9B097162-3084-4D02-9FD7-41BC753AB4CC} - System32\Tasks\{455F43AB-0CD2-4BA3-8AF6-547682200A26} => C:\civilization\civ2.exe [2013-01-01] ()
Task: {ADAD901F-5DF6-4994-B5FC-FA5155FF934A} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\SymErr.exe
Task: {B309B1AA-B66D-4D10-82AC-DA383A2C8F66} - System32\Tasks\update-S-1-5-21-781834376-2653657104-3512697799-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {B935F7EE-E9E4-41F9-8F51-A08A6C430948} - System32\Tasks\{3A81C847-5525-4FA2-8075-57B2E75A1484} => C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe [2009-04-24] ()
Task: {DB6191C2-F493-4A76-AEB3-8E056B60FE58} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EB9FBEEB-C50E-4517-9BFE-A91AA8370140} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-781834376-2653657104-3512697799-1001Core => C:\Users\Pietro\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-13] (Google Inc.)
Task: {EE4EC1B7-5480-4843-83B3-984CA7393FD4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F246C346-964E-4E58-B334-D08FE06062DB} - System32\Tasks\{32174CFD-6A18-4EE3-A567-81D99F33D1BD} => C:\Program Files (x86)\Screaming Bee\MorphVOX Junior\VP-Male_Install.exe [2007-12-12] ()
Task: {F8B45193-3109-4FB4-B928-CBA93C0C32B5} - \Funmoods No Task File <==== ATTENTION
Task: {FB8B751B-E52E-4D9D-A3DD-49B3BF5FBD54} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-781834376-2653657104-3512697799-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781834376-2653657104-3512697799-1001Core.job => C:\Users\Pietro\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781834376-2653657104-3512697799-1001UA.job => C:\Users\Pietro\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-781834376-2653657104-3512697799-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2012-11-18 04:02 - 2013-10-23 04:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-20 20:06 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2011-10-13 16:33 - 2009-04-24 17:01 - 01683456 _____ () C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
2013-09-07 14:12 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-07 14:12 - 2009-07-20 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-08-16 13:21 - 2010-08-16 13:21 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-08-07 15:25 - 2013-08-07 15:25 - 00093696 _____ () C:\FileZilla FTP Client\fzshellext.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00090112 _____ () C:\Program Files (x86)\LG Soft India\forteManager\bin\ACRHOOK.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00122880 _____ () C:\Program Files (x86)\LG Soft India\forteManager\bin\ApplicationManager.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00053248 _____ () C:\Program Files (x86)\LG Soft India\forteManager\bin\ErrorHandler.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00159744 _____ () C:\Program Files (x86)\LG Soft India\forteManager\bin\DeviceManager.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00073728 _____ () C:\Program Files (x86)\LG Soft India\forteManager\bin\ProtocolEngine.dll
2011-10-13 16:33 - 2009-04-24 16:03 - 00069632 _____ () C:\Program Files (x86)\LG Soft India\forteManager\bin\MonitorEngRes.dll
2014-10-03 09:39 - 2014-10-03 09:39 - 00043008 _____ () c:\users\pietro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5stscd.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Pietro\AppData\Roaming\Dropbox\bin\libcef.dll
2012-11-29 12:50 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-09-24 23:48 - 2014-09-23 00:06 - 01098056 _____ () C:\Users\Pietro\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 23:48 - 2014-09-23 00:06 - 00174408 _____ () C:\Users\Pietro\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 23:48 - 2014-09-23 00:07 - 08577864 _____ () C:\Users\Pietro\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 23:48 - 2014-09-23 00:07 - 00331592 _____ () C:\Users\Pietro\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 23:48 - 2014-09-23 00:06 - 01660232 _____ () C:\Users\Pietro\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 26065408 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\libcef.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00739840 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\libGLESv2.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00905216 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\platforms\qwindows.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00130048 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\libEGL.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00020992 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\imageformats\qgif.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00020992 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\imageformats\qico.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00205312 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\imageformats\qjpeg.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00225792 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\imageformats\qmng.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00312832 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\imageformats\qtiff.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00010240 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\qml\QtQuick.2\qtquick2plugin.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00054272 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-10-02 15:44 - 2014-10-02 15:44 - 00010240 _____ () C:\Program Files (x86)\Diablo III\Battle.net\Battle.net.5115\qml\QtQml\Models.2\modelsplugin.dll
2013-06-05 18:49 - 2013-07-11 20:30 - 00258944 _____ () C:\Program Files (x86)\Maxthon\bin\Maxzlib.dll
2013-06-05 18:49 - 2013-07-11 20:30 - 00258944 _____ () C:\Program Files (x86)\Maxthon\Bin\maxzlib.dll
2013-06-05 18:49 - 2013-08-01 05:18 - 00232760 _____ () C:\Program Files (x86)\Maxthon\Addons\Mobile\MxMobile.dll
2013-06-05 18:49 - 2013-08-08 20:36 - 00755000 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libglesv2.dll
2013-06-05 18:49 - 2013-08-08 20:36 - 00149304 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libegl.dll
2013-06-05 18:49 - 2013-08-13 05:15 - 14586736 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\Npplugins\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:3B71D0B4
AlternateDataStreams: C:\Users\Pietro\AppData\Roaming\default.rss:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-781834376-2653657104-3512697799-500 - Administrator - Disabled)
Guest (S-1-5-21-781834376-2653657104-3512697799-501 - Limited - Disabled)
Pietro (S-1-5-21-781834376-2653657104-3512697799-1001 - Administrator - Enabled) => C:\Users\Pietro
UpdatusUser (S-1-5-21-781834376-2653657104-3512697799-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: G:\
Description: USB CF Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: I:\
Description: USB MS Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: F:\
Description: USB SD Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: H:\
Description: USB SM Reader
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2014 09:39:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 09:27:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinRAR.exe, version: 5.1.0.0, time stamp: 0x529aee4c
Faulting module name: ieframe.dll, version: 11.0.9600.17280, time stamp: 0x53f26cbd
Exception code: 0xc000041d
Fault offset: 0x0000000000146890
Faulting process id: 0x1a94
Faulting application start time: 0xWinRAR.exe0
Faulting application path: WinRAR.exe1
Faulting module path: WinRAR.exe2
Report Id: WinRAR.exe3

Error: (10/03/2014 09:26:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinRAR.exe, version: 5.1.0.0, time stamp: 0x529aee4c
Faulting module name: ieframe.dll, version: 11.0.9600.17280, time stamp: 0x53f26cbd
Exception code: 0xc0000005
Fault offset: 0x0000000000146890
Faulting process id: 0x1a94
Faulting application start time: 0xWinRAR.exe0
Faulting application path: WinRAR.exe1
Faulting module path: WinRAR.exe2
Report Id: WinRAR.exe3

Error: (10/02/2014 05:53:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 05:28:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 04:55:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dcc07
Faulting module name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dcc07
Exception code: 0xc0000409
Fault offset: 0x000000000004395b
Faulting process id: 0x654
Faulting application start time: 0xmDNSResponder.exe0
Faulting application path: mDNSResponder.exe1
Faulting module path: mDNSResponder.exe2
Report Id: mDNSResponder.exe3

Error: (10/01/2014 05:00:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (09/26/2014 07:46:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: splwow64.exe, version: 6.1.7601.17777, time stamp: 0x4f35fbfe
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xdc8
Faulting application start time: 0xsplwow64.exe0
Faulting application path: splwow64.exe1
Faulting module path: splwow64.exe2
Report Id: splwow64.exe3

Error: (09/26/2014 07:44:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/02/2014 05:50:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/02/2014 04:55:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/29/2014 09:03:15 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (09/29/2014 09:03:15 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (09/29/2014 09:03:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (09/29/2014 09:03:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR6.

Error: (09/26/2014 09:27:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (09/26/2014 09:27:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (09/20/2014 00:22:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/18/2014 02:14:26 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (10/03/2014 09:39:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 09:27:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WinRAR.exe5.1.0.0529aee4cieframe.dll11.0.9600.1728053f26cbdc000041d00000000001468901a9401cfdf0dae59a109C:\Program Files\WinRAR\WinRAR.exeC:\Windows\System32\ieframe.dllf4a4044e-4b00-11e4-bbc0-f46d04145fda

Error: (10/03/2014 09:26:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WinRAR.exe5.1.0.0529aee4cieframe.dll11.0.9600.1728053f26cbdc000000500000000001468901a9401cfdf0dae59a109C:\Program Files\WinRAR\WinRAR.exeC:\Windows\System32\ieframe.dllf1f66674-4b00-11e4-bbc0-f46d04145fda

Error: (10/02/2014 05:53:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 05:28:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 04:55:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mDNSResponder.exe3.0.0.104e5dcc07mDNSResponder.exe3.0.0.104e5dcc07c0000409000000000004395b65401cfddbaa106991fC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Bonjour\mDNSResponder.exe7ead46f5-4a76-11e4-9b44-f46d04145fda

Error: (10/01/2014 05:00:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2014 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (09/26/2014 07:46:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: splwow64.exe6.1.7601.177774f35fbfentdll.dll6.1.7601.18247521eaf24c000037400000000000c4102dc801cfd9e405db82d5C:\Windows\splwow64.exeC:\Windows\SYSTEM32\ntdll.dll46978bb7-45d7-11e4-9598-f46d04145fda

Error: (09/26/2014 07:44:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-05-04 23:56:16.821
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-04 23:56:16.728
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 73%
Total physical RAM: 7637.22 MB
Available physical RAM: 2045.5 MB
Total Pagefile: 84005.4 MB
Available Pagefile: 76992 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:673.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DVD_ROM) (CDROM) (Total:0.53 GB) (Free:0 GB) UDF
Drive e: (BFRD-DRIVE) (Fixed) (Total:0.5 GB) (Free:0.47 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 78440729)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================
bluey2
Active Member
 
Posts: 5
Joined: October 2nd, 2014, 9:05 pm

Re: DNS Hijack?

Unread postby nunped » October 6th, 2014, 5:59 pm

Hi bluey2,

You posted Addition.txt twice. Please post the FRST.txt log.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: DNS Hijack?

Unread postby bluey2 » October 6th, 2014, 9:13 pm

Sorry..copy and paste accident :)

FRST scan

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014
Ran by Pietro (administrator) on PIETRO-VM on 05-10-2014 18:36:04
Running from C:\Users\Pietro\Desktop
Loaded Profiles: UpdatusUser & Pietro (Available profiles: UpdatusUser & Pietro)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-

tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be

moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate

\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BUFFALO INC.) C:\Windows\System32\TC2Tray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe

\LightScribeControlPanel.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(Skillbrains) C:\Users\Pietro\AppData\Local\Skillbrains\lightshot\5.1.4.9\Lightshot.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopia.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine

\21.6.0.32\NIS.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Dropbox, Inc.) C:\Users\Pietro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
(BUFFALO INC.) C:\Windows\System32\TC2Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopiaService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine

\21.6.0.32\NIS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service

v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core

\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared

\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services

\ApplePhotoStreams.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Diablo III\Battle.net

\Battle.net.5115\Battle.net.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realonemessagecenter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM

Updates Notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(http://emuleplus.info) C:\eMuleplus\eMule.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Google Inc.) C:\Users\Pietro\AppData\Local\Google\Chrome\Application\chrome.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or

removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011

-06-09] (Realtek Semiconductor)
HKLM\...\Run: [TC2Tray] => C:\Windows\system32\TC2Tray.exe [581704 2011-07-14] (BUFFALO

INC.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576

2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE

\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple

Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX

\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe

[46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

[29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus

\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer

Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe

[139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

[2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Backup Utility TaskTray Tool] => C:\Program Files (x86)\BUFFALO

\Backup_Utility\BUTray.exe [3603528 2011-09-06] (BUFFALO INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BrowserSafeguard] => "C:\Program Files (x86)\Browsersafeguard

\BrowserSafeguard.exe"
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update

\realsched.exe [295512 2014-04-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe

\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888

2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe

[3675920 2014-07-10] (AgileBits)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java

Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple

Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

(Logitech, Inc.)
HKU\S-1-5-21-781834376-2653657104-3512697799-1000\...\Run: [Google Update] => C:\Users

\Pietro\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-13] (Google Inc.)
HKU\S-1-5-21-781834376-2653657104-3512697799-1000\...\Run: [ISUSPM Startup] => C:\Program

Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17]

(InstallShield Software Corporation)
HKU\S-1-5-21-781834376-2653657104-3512697799-1000\...\Run: [IPEVO Control Center] => C:

\Program Files (x86)\IPEVO\Control Center\IPEVO Control Center.exe [1363968 2008-07-15]

(IPEVO)
HKU\S-1-5-21-781834376-2653657104-3512697799-1000\...\Run: [LightScribe Control Panel] =>

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-

08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-781834376-2653657104-3512697799-1000\...\Run: [RockMelt Update] => "C:\Users

\Pietro\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
HKU\S-1-5-21-781834376-2653657104-3512697799-1000\...\Run: [SkypeVoiceChanger] => C:

\Program Files (x86)\Athtek\Skype Voice Changer\SkypeVoiceChanger.exe /auto
HKU\S-1-5-21-781834376-2653657104-3512697799-1000\...\Run: [LightShot] => C:\Users

\UpdatusUser\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
HKU\S-1-5-21-781834376-2653657104-3512697799-1000\...\Run: [Skype] => C:\Program Files

(x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-781834376-2653657104-3512697799-1000\...\Run: [ISUSPM] => C:\ProgramData

\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-781834376-2653657104-3512697799-1000\...\MountPoints2: {c839f94e-f049-11e0-

b669-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-781834376-2653657104-3512697799-1001\...\Run: [Google Update] => C:\Users

\Pietro\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-13] (Google Inc.)
HKU\S-1-5-21-781834376-2653657104-3512697799-1001\...\Run: [LightScribe Control Panel] =>

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-

08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-781834376-2653657104-3512697799-1001\...\Run: [LightShot] => C:\Users\Pietro

\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-781834376-2653657104-3512697799-1001\...\Run:

[D94054F4A9BCC164BA2CF668881FF7F5490C37F3._service_run] => C:\Users\Pietro\AppData\Local

\Google\Chrome\Application\chrome.exe [852808 2014-09-23] (Google Inc.)
HKU\S-1-5-21-781834376-2653657104-3512697799-1001\...\Run: [WiTopia] => C:\Program Files

\WiTopia\WiTopia.exe [814368 2014-06-06] (SparkLabs)
HKU\S-1-5-21-781834376-2653657104-3512697799-1001\...\Run: [MobileAppSync] => "C:\Program

Files (x86)\Mobile App Sync\D2MClient.exe"
HKU\S-1-5-21-781834376-2653657104-3512697799-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-781834376-2653657104-3512697799-1001\...\MountPoints2: {c839f94e-f049-11e0-

b669-806e6f6e6963} - D:\Start.exe
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\ASUS\GPU

Tweak\Monitor.exe [2611200 2013-05-16] (ASUS)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\GPU

Tweak\Monitor.exe [2611200 2013-05-16] (ASUS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed

Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-

F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat

Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat

8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk
ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin

\Monitor.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Logitech, Inc.)
Startup: C:\Users\Pietro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pietro\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or

restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.velocitymicro.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-

us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =

0x5C635C28FF88CC01
SearchScopes: HKLM-x32 - DefaultScope {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL =

http://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKLM-x32 - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL =

http://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKCU - DefaultScope {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL =

http://fastestwebsearch.com/search?q={searchterms}
SearchScopes: HKCU - {0169E633-8781-F882-9BC7-7B014AE4DE4E} URL =

http://www.bing.com/search?q={searchTerms}

&pc=Z206&form=ZGAIDF&install_date=20111019&iesrc={referrer:source}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =

http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}

&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKCU - {B4834A5E-8670-43BB-AD82-F616D4F92CEE} URL =

http://www.mysearchresults.com/search?c=3253&t=15&q={searchTerms}
SearchScopes: HKCU - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL =

http://fastestwebsearch.com/search?q={searchterms}
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files

(x86)\1Password 4\x64\Agile1pIE4.dll (AgileBits)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program

Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->

C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft

Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program

Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files

(x86)\1Password 4\x86\Agile1pIE4.dll (AgileBits)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-

4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE

\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program

Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program

Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:

\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec

Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:

\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:

\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

(Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} ->

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems

Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-

F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

(Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:

\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:

\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files

(x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files

(x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program

Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files

(x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{231FB5F7-3F1E-40F2-BE3D-9BA81C07C536}: [NameServer] 75.126.206.18

184.173.169.186 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{3DBB9606-AB84-4C06-BBCE-A30A8FDDA302}: [NameServer]

75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{4320F49C-F5CD-40E6-BC0C-3440328845F7}: [NameServer]

75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{548562BC-628A-46ED-B8D7-C5129FB08544}: [NameServer]

75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{6EB35DA3-04CF-4E4B-9CA8-0B473A041F29}: [NameServer]

75.126.206.18,184.173.169.186

FireFox:
========
FF ProfilePath: C:\Users\Pietro\AppData\Roaming\Mozilla\Firefox\Profiles\jo6ko5ly.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.1: http://fastestwebsearch.com/search?q={searchTerms}
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.facebook.com/
FF Keyword.URL: hxxp://fastestwebsearch.com/search?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash

\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight

\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:

\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director

\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth

\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin

\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java

\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft

Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:

\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:

\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows

Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows

Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation

\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real

\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData

\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

(RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks

\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData

\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

(RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real

\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks

\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google

\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google

\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC

\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC

\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR

\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Pietro\AppData\Local

\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Pietro\AppData\Local

\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Pietro\AppData\Roaming\Mozilla\Firefox\Profiles

\jo6ko5ly.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll

(Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

(Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll

(RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins

\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Pietro\AppData\Roaming\mozilla\plugins\np-

mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Pietro\AppData\Roaming\mozilla\plugins\nppdf32.dll

(Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pietro\AppData\Roaming\mozilla\plugins

\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pietro\AppData\Roaming\mozilla\plugins

\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pietro\AppData\Roaming\mozilla\plugins

\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pietro\AppData\Roaming\mozilla\plugins

\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pietro\AppData\Roaming\mozilla\plugins

\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pietro\AppData\Roaming\mozilla\plugins

\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pietro\AppData\Roaming\mozilla\plugins

\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Pietro\AppData\Roaming\Mozilla\Firefox\Profiles\jo6ko5ly.default

\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Pietro\AppData\Roaming\Mozilla\Firefox\Profiles\jo6ko5ly.default

\searchplugins\safesearch.xml
FF Extension: Test Pilot - C:\Users\Pietro\AppData\Roaming\Mozilla\Firefox\Profiles

\jo6ko5ly.default\Extensions\testpilot@labs.mozilla.com.xpi [2012-04-10]
FF Extension: AllAccounts (Formerly Multifox 2 BETA) - C:\Users\Pietro\AppData\Roaming

\Mozilla\Firefox\Profiles\jo6ko5ly.default\Extensions\{42f25d10-4944-11e2-96c0-

0b6a95a8daf0}.xpi [2013-04-10]
FF Extension: RightToClick - C:\Users\Pietro\AppData\Roaming\Mozilla\Firefox\Profiles

\jo6ko5ly.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2013-05-19]
FF Extension: Adblock Plus - C:\Users\Pietro\AppData\Roaming\Mozilla\Firefox\Profiles

\jo6ko5ly.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions

\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-21]
FF HKLM-x32\...\Firefox\Extensions: [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] - C:\Program

Files (x86)\Object\facetheme
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:

\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins

\Firefox\Ext [2014-04-13]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:

\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:

\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-

AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:

\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2014-10-03]
FF HKCU\...\Firefox\Extensions: [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] - C:\Program Files

(x86)\Object\facetheme
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions

\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/ca/?extsrc=mailto&url=%s
CHR Profile: C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2012-11-11]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Pietro\AppData\Local

\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2012-07-31]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Pietro\AppData

\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2014-

08-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pietro\AppData\Local\Google

\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-04]
CHR Extension: (YouTube) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default

\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Adblock Plus) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-11-07]
CHR Extension: (Google Search) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (Context Menu URL Shortener) - C:\Users\Pietro\AppData\Local\Google\Chrome

\User Data\Default\Extensions\ecehogjcciopmihcocdchiaciibinajf [2013-05-19]
CHR Extension: (Unfriend Finder for Facebook) - C:\Users\Pietro\AppData\Local\Google

\Chrome\User Data\Default\Extensions\ecolodplncpedbpiicabmflhfemjnool [2012-09-11]
CHR Extension: (Search All) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk [2012-07-31]
CHR Extension: (Facebook Timeline Remover and Disabler - FB Disable Timeline) - C:\Users

\Pietro\AppData\Local\Google\Chrome\User Data\Default\Extensions

\ejbekfpjlolophhkmkphcpcoangmgpoi [2012-04-09]
CHR Extension: (Click Trap Remover And Shortlinker) - C:\Users\Pietro\AppData\Local\Google

\Chrome\User Data\Default\Extensions\gbjnnkbagjpofgaljnneciaeihcnogno [2012-12-22]
CHR Extension: (HTTPS Everywhere) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-09-27]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Pietro\AppData\Local\Google\Chrome

\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2012-06-03]
CHR Extension: (RealDownloader) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-13]
CHR Extension: (MOD) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default

\Extensions\iemjhfknooceghgonnkgagbfglghhkhd [2014-06-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Pietro\AppData\Local\Google\Chrome\User

Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-25]
CHR Extension: (Meebo Cleaner) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\kmcmomgbhgjfflaoanonjkcccnlmeham [2012-07-31]
CHR Extension: (FVD Downloader) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2012-10-15]
CHR Extension: (Skype Click to Call) - C:\Users\Pietro\AppData\Local\Google\Chrome\User

Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-24]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Pietro\AppData\Local\Google\Chrome

\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2012-09-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Pietro\AppData\Local\Google\Chrome\User

Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-09-25]
CHR Extension: (ChromeReload) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo [2012-11-11]
CHR Extension: (Google Wallet) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Auto Refresh Plus) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data

\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [2013-04-14]
CHR Extension: (Gmail) - C:\Users\Pietro\AppData\Local\Google\Chrome\User Data\Default

\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files

(x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKCU\...\Chrome\Extension: [ogagfffadkfjgmjapaihfpolkjjgnjoc] - C:\Users\Pietro

\AppData\Local\CRE\ogagfffadkfjgmjapaihfpolkjjgnjoc.crx [2012-04-18]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData

\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files

(x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files

(x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [ogagfffadkfjgmjapaihfpolkjjgnjoc] - C:\Users\Pietro

\AppData\Local\CRE\ogagfffadkfjgmjapaihfpolkjjgnjoc.crx [2012-04-18]
CHR StartMenuInternet: Google Chrome - C:\Users\Pietro\AppData\Local\Google\Chrome

\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The

file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 BFBackupUtilityService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe

[320888 2010-08-20] (BUFFALO INC.)
R2 BFBackupUtilityVSSService; C:\Program Files (x86)\BUFFALO\Backup_Utility

\BUVSSService64.exe [359288 2010-04-28] (BUFFALO INC.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother

Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate

\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520

2014-07-14] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared

\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-10-13] (Macrovision Europe Ltd.)

[File not signed]
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin

\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728

2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376

2014-09-21] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] ()

[File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672

2010-03-09] (Nuance Communications, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks

\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TC2Service; C:\Windows\system32\TC2Service.exe [309320 2011-07-12] (BUFFALO INC.)
R2 tpcexdccs; C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134216

2011-07-20] (BUFFALO INC.)
R2 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [70432 2014-06-06]

(SparkLabs)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The

file will not be moved unless listed separately.)

S3 ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [209424 2007-12-19] (AMD Technologies

Inc.)
R0 BFRD4G; C:\Windows\System32\DRIVERS\BFRD4G.sys [47232 2010-03-10] (BUFFALO INC.)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc64.sys [72016 2011-07-13] (BUFFALO INC.)
S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-10-21] (BUFFALO INC.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData

\21.6.0.32\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec

Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-

20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216

2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE

\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData

\21.6.0.32\Definitions\IPSDefs\20141003.001\IDSvia64.sys [633560 2014-09-25] (Symantec

Corporation)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336

2009-04-24] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys

[18432 2009-04-24] () [File not signed]
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [52304 2011-01-26] (LSI Corporation)
S3 MegaSR1; C:\Windows\system32\drivers\MegaSR1.sys [465488 2010-06-14] (LSI Corporation,

Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData

\21.6.0.32\Definitions\VirusDefs\20141005.001\ENG64.SYS [129752 2014-08-11] (Symantec

Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData

\21.6.0.32\Definitions\VirusDefs\20141005.001\EX64.SYS [2137304 2014-08-11] (Symantec

Corporation)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [151848 2007-04-15] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries

Ltd.)
S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [340008 2010-04-13] (Silicon Image,

Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2010-04-13] (Silicon Image,

Inc.)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2010-04-13] (Silicon Image,

Inc.)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2014-10-03] (Symantec

Corporation)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25]

(Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25]

(Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-08-25]

(Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25]

(Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-25] (Symantec

Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06]

(Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-08-25]

(Symantec Corporation)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [39048 2014-06-06] (The OpenVPN

Project)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2013-08-09]

(WinISO.com)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any

associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 18:35 - 2014-10-05 18:35 - 00043218 _____ () C:\Users\Pietro\Desktop\FRST.txt
2014-10-05 18:34 - 2014-10-05 18:35 - 00000000 ____D () C:\FRST
2014-10-05 18:32 - 2014-10-05 18:32 - 02109440 _____ (Farbar) C:\Users\Pietro\Desktop

\FRST64.exe
2014-10-03 20:07 - 2014-10-03 20:08 - 99843500 _____ () C:\Users\Pietro\Downloads

\kdlinksv1.6_0907.zip
2014-10-03 20:07 - 2014-10-03 20:08 - 101104934 _____ () C:\Users\Pietro\Downloads

\WhiteHD680-V1.5.zip
2014-10-03 20:07 - 2014-10-03 20:07 - 102379829 _____ () C:\Users\Pietro\Downloads

\WhiteHD680-20120612.zip
2014-10-03 09:47 - 2014-10-03 09:47 - 00000947 _____ () C:\Users\Pietro\Desktop\OpenGen.exe

- Shortcut.lnk
2014-10-03 09:39 - 2014-10-03 09:40 - 00108216 _____ (Symantec Corporation) C:\Windows

\system32\Drivers\SMR430.SYS
2014-10-03 09:39 - 2014-10-03 09:40 - 00000020 _____ () C:\Windows\system32\Drivers

\SMR430.dat
2014-10-03 09:20 - 2014-10-03 09:44 - 00000000 ____D () C:\OpGen
2014-10-03 09:17 - 2014-10-03 09:19 - 434977620 _____ () C:\Users\Pietro\Downloads

\InstallOpenGeneral (1).exe
2014-10-03 09:16 - 2014-10-03 09:16 - 08683439 _____ () C:\Users\Pietro\Downloads

\OpenGenCore.zip
2014-10-02 18:37 - 2014-10-02 18:37 - 00688992 ____R (Swearware) C:\Users\Pietro\Downloads

\dds.scr
2014-10-02 18:37 - 2014-10-02 18:37 - 00031236 _____ () C:\Users\Pietro\Desktop\dds.txt
2014-10-02 18:37 - 2014-10-02 18:37 - 00013140 _____ () C:\Users\Pietro\Desktop\attach.txt
2014-10-02 18:23 - 2014-10-02 18:23 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pietro

\Downloads\tdsskiller.exe
2014-10-02 17:53 - 2014-10-02 17:53 - 00000000 ____D () C:\NPE
2014-10-02 17:49 - 2014-10-02 17:49 - 03060320 ____N (Symantec Corporation) C:\Users

\Pietro\Downloads\NPE (1).exe
2014-10-02 17:40 - 2014-10-02 17:44 - 00000740 _____ () C:\Users\Pietro\Downloads

\SystemLook.txt
2014-10-02 17:39 - 2014-10-02 17:39 - 00165376 _____ () C:\Users\Pietro\Downloads

\SystemLook_x64.exe
2014-10-02 17:09 - 2014-10-02 17:09 - 06808688 _____ (ParetoLogic, Inc.) C:\Users\Pietro

\Downloads\RegCureProSetup.exe
2014-10-01 17:01 - 2014-10-03 09:39 - 00003344 _____ () C:\Windows\System32\Tasks

\RealPlayerRealUpgradeScheduledTaskS-1-5-21-781834376-2653657104-3512697799-1001
2014-10-01 17:01 - 2014-10-03 09:39 - 00003212 _____ () C:\Windows\System32\Tasks

\RealPlayerRealUpgradeLogonTaskS-1-5-21-781834376-2653657104-3512697799-1001
2014-09-30 20:12 - 2014-09-30 20:14 - 00000000 ____D () C:\Users\Pietro\Downloads\backups
2014-09-30 20:07 - 2014-10-02 18:34 - 00021289 _____ () C:\Users\Pietro\Downloads

\hijackthis.log
2014-09-30 20:07 - 2014-09-30 20:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pietro

\Downloads\HijackThis.exe
2014-09-30 18:04 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows

\system32\qdvd.dll
2014-09-30 18:04 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\qdvd.dll
2014-09-28 10:02 - 2014-09-28 10:02 - 01233548 _____ ( ) C:\Users\Pietro\Downloads

\CCESetupvista.exe
2014-09-28 10:02 - 2014-09-28 10:02 - 00001064 _____ () C:\Users\Public\Desktop\WBF CCE.lnk
2014-09-28 10:02 - 2014-09-28 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\WBF CCE
2014-09-28 10:02 - 2014-09-28 10:02 - 00000000 ____D () C:\Program Files (x86)\ASE

Computing
2014-09-25 20:30 - 2014-09-25 20:30 - 00000000 ____D () C:\Windows\System32\Tasks\Norton

Internet Security
2014-09-25 20:28 - 2014-09-25 20:28 - 00177752 _____ (Symantec Corporation) C:\Windows

\system32\Drivers\SYMEVENT64x86.SYS
2014-09-25 20:28 - 2014-09-25 20:28 - 00008222 _____ () C:\Windows\system32\Drivers

\SYMEVENT64x86.CAT
2014-09-25 20:28 - 2014-09-25 20:28 - 00003234 _____ () C:\Windows\System32\Tasks\Norton

WSC Integration
2014-09-25 20:28 - 2014-09-25 20:28 - 00002573 _____ () C:\Users\Public\Desktop\Norton

Internet Security.lnk
2014-09-25 20:28 - 2014-09-25 20:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\Norton Internet Security
2014-09-25 20:28 - 2014-09-25 20:28 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-09-25 20:28 - 2014-09-25 20:28 - 00000000 ____D () C:\Program Files\Common Files

\Symantec Shared
2014-09-25 20:28 - 2014-09-25 20:28 - 00000000 ____D () C:\Program Files (x86)\Norton

Internet Security
2014-09-25 20:24 - 2014-09-25 20:24 - 01021936 _____ (Symantec Corporation) C:\Users

\Pietro\Downloads\NortonNISDownloader.exe
2014-09-25 19:30 - 2014-10-03 15:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 19:30 - 2014-09-25 19:30 - 00001102 _____ () C:\Users\Public\Desktop

\Malwarebytes Anti-Malware.lnk
2014-09-25 19:30 - 2014-09-25 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 19:30 - 2014-09-25 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-25 19:30 - 2014-09-25 19:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes

Anti-Malware
2014-09-25 19:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\mbamchameleon.sys
2014-09-25 19:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\mwac.sys
2014-09-25 19:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows

\system32\Drivers\mbam.sys
2014-09-24 02:08 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows

\system32\tzres.dll
2014-09-24 02:08 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\tzres.dll
2014-09-21 22:27 - 2014-10-01 17:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla

Firefox
2014-09-21 00:05 - 2014-09-21 17:15 - 00091359 _____ () C:\Users\Pietro\Downloads\M6

Builds.xlsx
2014-09-18 14:18 - 2014-10-05 18:33 - 00000000 ____D () C:\Users\Pietro\Documents\Outlook

Files
2014-09-18 13:55 - 2014-09-18 13:55 - 00000000 ____D () C:\Users\Pietro\AppData\Local

\Citrix
2014-09-16 20:37 - 2014-09-16 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\Skype
2014-09-13 11:00 - 2014-09-13 11:00 - 00869456 _____ () C:\Users\Pietro\Downloads

\Norton_Removal_Tool.exe
2014-09-11 18:13 - 2014-09-11 18:13 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\SubtitleCreator
2014-09-11 18:08 - 2014-09-11 18:08 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop
2014-09-11 08:12 - 2014-09-11 18:04 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\Notepad++
2014-09-11 08:12 - 2014-09-11 08:12 - 00001055 _____ () C:\Users\UpdatusUser\Desktop

\Notepad++.lnk
2014-09-11 08:12 - 2014-09-11 08:12 - 00001055 _____ () C:\Users\Pietro\Desktop\Notepad+

+.lnk
2014-09-11 08:12 - 2014-09-11 08:12 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-09-11 08:12 - 2014-09-11 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\Notepad++
2014-09-11 08:12 - 2014-09-11 08:12 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-09-11 07:58 - 2014-09-11 07:58 - 07945210 _____ () C:\Users\Pietro\Downloads

\npp.6.6.9.Installer.exe
2014-09-11 07:13 - 2014-09-11 07:13 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\VobSub
2014-09-11 07:13 - 2014-09-11 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\VobSub
2014-09-11 07:13 - 2014-09-11 07:13 - 00000000 ____D () C:\Program Files (x86)\Gabest
2014-09-11 03:09 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows

\system32\iedkcs32.dll
2014-09-11 03:09 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\iedkcs32.dll
2014-09-11 03:09 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows

\system32\mshtml.dll
2014-09-11 03:09 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows

\system32\mshtml.tlb
2014-09-11 03:09 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwcollectorres.dll
2014-09-11 03:09 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\mshtml.dll
2014-09-11 03:09 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows

\system32\iertutil.dll
2014-09-11 03:09 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows

\system32\jscript9.dll
2014-09-11 03:09 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows

\system32\vbscript.dll
2014-09-11 03:09 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows

\system32\iesetup.dll
2014-09-11 03:09 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows

\system32\MshtmlDac.dll
2014-09-11 03:09 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwproxystub.dll
2014-09-11 03:09 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\jscript9.dll
2014-09-11 03:09 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows

\system32\jsproxy.dll
2014-09-11 03:09 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows

\system32\iernonce.dll
2014-09-11 03:09 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows

\system32\ieui.dll
2014-09-11 03:09 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows

\system32\jscript9diag.dll
2014-09-11 03:09 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows

\system32\ieUnatt.exe
2014-09-11 03:09 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows

\system32\ieetwcollector.exe
2014-09-11 03:09 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\mshtml.tlb
2014-09-11 03:09 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows

\system32\MsSpellCheckingFacility.exe
2014-09-11 03:09 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows

\system32\dxtmsft.dll
2014-09-11 03:09 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\vbscript.dll
2014-09-11 03:09 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows

\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:09 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\iesetup.dll
2014-09-11 03:09 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\MshtmlDac.dll
2014-09-11 03:09 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\ieetwproxystub.dll
2014-09-11 03:09 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\iertutil.dll
2014-09-11 03:09 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows

\system32\msrating.dll
2014-09-11 03:09 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows

\system32\mshtmled.dll
2014-09-11 03:09 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\jsproxy.dll
2014-09-11 03:09 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\iernonce.dll
2014-09-11 03:09 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows

\system32\dxtrans.dll
2014-09-11 03:09 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\ieui.dll
2014-09-11 03:09 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\ieUnatt.exe
2014-09-11 03:09 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\jscript9diag.dll
2014-09-11 03:09 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\dxtmsft.dll
2014-09-11 03:09 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows

\system32\msfeeds.dll
2014-09-11 03:09 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows

\system32\ie4uinit.exe
2014-09-11 03:09 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows

\system32\inetcpl.cpl
2014-09-11 03:09 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows

\system32\mshtmlmedia.dll
2014-09-11 03:09 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:09 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\msrating.dll
2014-09-11 03:09 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\dxtrans.dll
2014-09-11 03:09 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\mshtmled.dll
2014-09-11 03:09 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows

\system32\ieframe.dll
2014-09-11 03:09 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\ieframe.dll
2014-09-11 03:09 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows

\system32\wininet.dll
2014-09-11 03:09 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\msfeeds.dll
2014-09-11 03:09 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\inetcpl.cpl
2014-09-11 03:09 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\mshtmlmedia.dll
2014-09-11 03:09 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows

\system32\urlmon.dll
2014-09-11 03:09 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\wininet.dll
2014-09-11 03:09 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\urlmon.dll
2014-09-11 03:09 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows

\system32\ieapfltr.dll
2014-09-11 03:09 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\ieapfltr.dll
2014-09-11 03:01 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows

\system32\msmpeg2vdec.dll
2014-09-11 03:01 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\msmpeg2vdec.dll
2014-09-10 20:36 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows

\system32\TSWorkspace.dll
2014-09-10 20:36 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\TSWorkspace.dll
2014-09-10 20:36 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows

\system32\lsasrv.dll
2014-09-10 20:36 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows

\system32\kerberos.dll
2014-09-10 20:36 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\kerberos.dll
2014-09-10 20:36 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\secur32.dll
2014-09-10 20:36 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\sspicli.dll
2014-09-10 20:36 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows

\system32\d3d10warp.dll
2014-09-10 20:36 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\d3d10warp.dll
2014-09-09 06:30 - 2014-09-09 06:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\iTunes
2014-09-09 06:29 - 2014-09-09 06:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-

A191-52C6199EBF69
2014-09-09 06:29 - 2014-09-09 06:30 - 00000000 ____D () C:\Program Files\iTunes
2014-09-09 06:29 - 2014-09-09 06:29 - 00000000 ____D () C:\Program Files\iPod
2014-09-08 21:21 - 2014-09-08 21:21 - 00059787 _____ () C:\Users\Pietro\Downloads

\socialdiary11_14_06.php
2014-09-08 21:21 - 2014-09-08 21:21 - 00059787 _____ () C:\Users\Pietro\Downloads

\socialdiary11_14_06 (1).php

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 18:35 - 2013-11-20 08:50 - 00000000 ____D () C:\Users\Pietro\AppData\Local

\Battle.net
2014-10-05 18:26 - 2011-10-13 22:23 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\Skype
2014-10-05 18:25 - 2012-09-15 10:02 - 00000390 _____ () C:\Windows\Tasks\update-S-1-5-21-

781834376-2653657104-3512697799-1001.job
2014-10-05 18:02 - 2012-07-11 08:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player

Updater.job
2014-10-05 17:56 - 2012-01-12 19:35 - 00000898 _____ () C:\Windows\Tasks

\GoogleUpdateTaskMachineUA.job
2014-10-05 17:45 - 2011-10-13 16:07 - 00000912 _____ () C:\Windows\Tasks

\GoogleUpdateTaskUserS-1-5-21-781834376-2653657104-3512697799-1001UA.job
2014-10-05 15:28 - 2012-09-15 10:02 - 00000390 _____ () C:\Windows\Tasks\update-sys.job
2014-10-05 14:52 - 2013-06-29 12:07 - 00002381 _____ () C:\Users\Pietro\Desktop\Google

Chrome Canary.lnk
2014-10-05 14:46 - 2012-11-29 12:51 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-10-05 12:44 - 2011-10-06 14:38 - 01965502 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 09:27 - 2014-07-04 11:01 - 00005052 _____ () C:\Windows\setupact.log
2014-10-05 06:56 - 2012-01-12 19:35 - 00000894 _____ () C:\Windows\Tasks

\GoogleUpdateTaskMachineCore.job
2014-10-05 02:00 - 2011-10-13 17:07 - 00000000 ____D () C:\Users\Pietro\AppData\Local\Adobe
2014-10-04 20:56 - 2011-10-13 23:05 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming\vlc
2014-10-04 18:45 - 2011-10-13 16:07 - 00000860 _____ () C:\Windows\Tasks

\GoogleUpdateTaskUserS-1-5-21-781834376-2653657104-3512697799-1001Core.job
2014-10-03 20:12 - 2009-07-14 01:13 - 00786578 _____ () C:\Windows

\system32\PerfStringBackup.INI
2014-10-03 09:48 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-

497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 09:48 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-

497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 09:46 - 2013-02-22 10:24 - 00000000 ____D () C:\OpenGeneral
2014-10-03 09:40 - 2012-08-05 18:05 - 00000000 ____D () C:\Users\Pietro\AppData\Local\NPE
2014-10-03 09:39 - 2013-01-30 09:22 - 00000000 ___RD () C:\Users\Pietro\Dropbox
2014-10-03 09:39 - 2013-01-30 09:20 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\Dropbox
2014-10-03 09:38 - 2011-10-06 10:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-03 09:38 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 09:37 - 2011-10-13 21:17 - 00000000 ____D () C:\civ2
2014-10-03 09:36 - 2012-12-02 14:26 - 536870912 ____H () C:\BFRD_000.dat
2014-10-03 09:27 - 2011-11-13 17:36 - 00000000 ____D () C:\Users\Pietro\AppData\Local

\CrashDumps
2014-10-02 17:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-02 17:26 - 2014-07-10 03:22 - 02139650 _____ () C:\Windows\PFRO.log
2014-10-02 16:55 - 2013-04-03 18:22 - 00000000 ____D () C:\Program Files\Common Files

\WiTopia
2014-10-01 17:15 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\Games
2014-10-01 17:12 - 2014-07-11 10:38 - 00000000 ____D () C:\Program Files\Pale Moon
2014-10-01 17:12 - 2011-12-19 00:01 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-10-01 17:11 - 2011-12-19 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows

\Start Menu\Programs\Comodo
2014-10-01 17:00 - 2009-07-14 00:45 - 05058872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-29 16:23 - 2011-11-20 20:08 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\PrimoPDF
2014-09-28 17:38 - 2012-10-24 00:12 - 00098304 _____ () C:\Users\Pietro\AppData\Local

\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-28 13:21 - 2011-10-13 18:33 - 00000000 ____D () C:\Bridge Base Online
2014-09-28 10:07 - 2011-10-13 15:36 - 00120456 _____ () C:\Users\Pietro\AppData\Local

\GDIPFONTCACHEV1.DAT
2014-09-27 09:27 - 2012-10-20 12:35 - 00000000 ____D () C:\DMPRO
2014-09-26 21:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 19:34 - 2013-01-30 09:22 - 00000982 _____ () C:\Users\Pietro\Desktop\Dropbox.lnk
2014-09-26 19:34 - 2013-01-30 09:20 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-25 20:31 - 2011-10-21 20:25 - 00000000 ____D () C:\Users\Pietro\Documents\Symantec
2014-09-25 20:30 - 2012-10-19 08:56 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-25 20:30 - 2011-10-21 20:24 - 00000000 ____D () C:\ProgramData\Norton
2014-09-25 20:25 - 2012-10-19 08:56 - 00001251 _____ () C:\Users\Pietro\Desktop\Norton

Installation Files.lnk
2014-09-25 20:25 - 2012-10-19 08:56 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-09-25 20:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2014-09-24 23:49 - 2010-05-14 22:42 - 00002331 _____ () C:\Users\Pietro\Desktop\Google

Chrome.lnk
2014-09-24 14:02 - 2012-07-11 08:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe

Flash Player Updater
2014-09-24 14:02 - 2012-05-16 17:12 - 00701104 _____ (Adobe Systems Incorporated) C:

\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 14:02 - 2011-10-06 10:57 - 00071344 _____ (Adobe Systems Incorporated) C:

\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 23:36 - 2013-10-16 22:30 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-23 22:37 - 2011-10-13 18:32 - 00000000 ____D () C:\BRIDGE
2014-09-16 23:41 - 2013-01-22 08:58 - 00000000 ____D () C:\Fumetti
2014-09-16 20:37 - 2011-10-13 22:23 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 20:37 - 2011-10-13 22:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-16 20:37 - 2011-10-13 22:23 - 00000000 ____D () C:\ProgramData\Skype
2014-09-16 06:39 - 2012-09-15 10:02 - 00003266 _____ () C:\Windows\System32\Tasks\update-

S-1-5-21-781834376-2653657104-3512697799-1001
2014-09-16 06:39 - 2012-09-15 10:02 - 00000671 _____ () C:\Users\Pietro\AppData\Local

\UserProducts.xml
2014-09-16 06:39 - 2012-09-15 10:02 - 00000000 ____D () C:\Users\Pietro\AppData\Roaming

\Microsoft\Windows\Start Menu\Programs\LightShot
2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows

\system32\MpSigStub.exe
2014-09-11 08:30 - 2011-10-13 22:38 - 00000000 ____D () C:\Users\Pietro\AppData\Local

\Windows Live
2014-09-11 03:09 - 2011-10-13 16:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 03:08 - 2012-04-25 06:36 - 00778700 _____ () C:\Windows

\SysWOW64\PerfStringBackup.INI
2014-09-11 03:07 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:02 - 2011-10-17 20:34 - 101694776 _____ (Microsoft Corporation) C:\Windows

\system32\MRT.exe
2014-09-09 06:30 - 2012-09-27 20:59 - 00001494 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-09 06:29 - 2011-10-13 19:02 - 00000000 ____D () C:\iTunes

Some content of TEMP:
====================
C:\Users\Pietro\AppData\Local\Temp\ChangeIcon.exe
C:\Users\Pietro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-

3e3e7ecf0d81}.tmp5stscd.dll
C:\Users\Pietro\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Pietro\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 00:27

==================== End Of Log ============================
bluey2
Active Member
 
Posts: 5
Joined: October 2nd, 2014, 9:05 pm

Re: DNS Hijack?

Unread postby nunped » October 7th, 2014, 11:21 am

Hi bluey2,

No worries :)

In the next logs, please unselect "WordWrap" from the Format menu in Notepad.

And one further scan, please:

CKScanner
Please download CKScanner ... Save it to your desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  1. Right-click on the CKScanner.exe icon and select "Run as Administrator", then click the Search For Files button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: DNS Hijack?

Unread postby bluey2 » October 7th, 2014, 11:42 am

Here it is:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\av vcs 7.0 diamond\av voice changer software diamond edition 6.0.10\keygen.exe
c:\fumbkup\il comandante mark la storia del comandante mark - comicrack.pdf
c:\fumbkup\raccolta fumetti walt disney - topolino,paperino,zio paperone,mega,paperinik,grandi classici _ albero genealogico della famiglia dei paperi - comicrack.pdf
c:\fumetti\disney\fumetti walt disney - topolino 0326 - il crack di paperon de' paperoni - jpeg version by sixi.rar
c:\pietro's documents\crackedpot.pps
scanner sequence 3.DF.11.TFLBX0
----- EOF -----
bluey2
Active Member
 
Posts: 5
Joined: October 2nd, 2014, 9:05 pm

Re: DNS Hijack?

Unread postby NonSuch » October 7th, 2014, 9:11 pm

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 143 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware