# Black box popping up,slow/stuck PC,document folder won't load, windows wont connect.



## Compash (Jan 9, 2006)

Hi everyone,

I have encountered the problem with my Dell PC.

When I am casually browsing online, sometime a black empty command box will pop up for 1 second and then disappear. And sometime it will pop up again 1 second later, and disappear immediately.

And then when I go to document folder, and nothing will be in the folder, the pathway box at top will be loading the green bar, it will takes forever, eventually it will get stuck, without showing any documents in the folder while in reality, it has several files saved. It was impossible to use outlook email app as well. And it will take a while for the mouse pointer to stop being refreshed. Dell PC will get stuck, and I won't be able to shut it down by clicking on shut down option using mouse pointer, only way I can shut down the PC is to press the physical button of shut down.

And then I will turn on the PC, which may take several attempt, and when it finally work, I will get notification at right bottom corner of my desktop which will say "Failed to connect to a Windows service. Windows couldn't connect to the Group Policy Client service. This problem prevents standard users from signing in. As an administrative user, you can review the system event log for details about why the service didn't respond."

Sometime it will work, and document folder will open instantly, showing all the files without any problem.

I did run diagnostic on this PC via boot menu with F12 key. No problem was found.
I also checked BIOS version, which was BIOS A05, and I did update it to BIOS A07. 
But the problem still occurs.

I am using McAvee security, which says my computer is protected.

But I did use Malwarebytes Anti-Malware, and it will show up PUP.Optional.Astromenda.A, and I would quarantine it, and then Malwarebytes will congratulate me by saying it is fixed. But if I scan it again, it will show up again, seems like I can't remove it.

I also checked for corrupted files, using System File Checker, and there are some bad files which cannot be repaired such as:

2015-05-07 22:24:57, Info CSI 0000058c [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-05-07 22:25:05, Info CSI 0000058e [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-05-07 22:25:05, Info CSI 0000058f [SR] This component was referenced by [l:166{83}]"Package_2709_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-6825_neutral_GDR"
2015-05-07 22:31:39, Info CSI 000008d5 [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-05-07 22:31:39, Info CSI 000008d7 [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-05-07 22:31:39, Info CSI 000008d8 [SR] This component was referenced by [l:166{83}]"Package_2709_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-6825_neutral_GDR"

I don't know which one is causing the problem.

I am worried about how Dell is going…. and it is new PC, just about 9 months old.

Many thanks in advance for your valuable time and help.

Regards,

Compash

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i5-4440S CPU @ 2.80GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 4
RAM: 8117 Mb
Graphics Card: Intel(R) HD Graphics 4600, -2016 Mb
Hard Drives: C: Total - 941483 MB, Free - 858625 MB;
Motherboard: Dell Inc., 05R2TK
Antivirus: Windows Defender, Disabled


----------



## Compash (Jan 9, 2006)

*bump*


----------



## kevinf80 (Mar 21, 2006)

Hello Compash and welcome to TSG,

Continue as follows please:

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:








*Google Chrome* - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.








Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.








*Mozilla Firefox* - Click the "Open Menu" button in the upper right-corner of the browser.







Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.








*Internet Explorer* - Click the Tools menu in the upper right-corner of the browser.







Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.


 On the *Settings* tab > *Detection and Protection* sub tab, *Detection Options*, tick the box *"Scan for rootkits"*.
 Under *Non-Malware Protection* sub tab Change *PUP* and *PUM* entries to *Treat detections as Malware*
 Click on the *Scan* tab, then click on *Scan Now >>* . If an update is available, click the *Update Now* button.
 A Threat Scan will begin.
 With some infections, you may see this message box.

*'Could not load DDA driver'*

 Click 'Yes' to this message, to allow the driver to load after a restart.
 Allow the computer to restart. Continue with the rest of these instructions.
 When the scan is complete, click *Apply Actions*.
 *Wait for the prompt to restart the computer to appear*, then click on *Yes*.
 After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:


 Click on the *History* tab > *Application* Logs.
 Double click on the scan log which shows the Date and time of the scan just performed.
 Click *Export * > From export you have three options:

*Copy to Clipboard* - if seleted right click to your reply and select "Paste" log will be pasted to your reply
*Text file (*.txt)* - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
*XML file (*.xml)* - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

 Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply 

If Malwarebytes is not installed follow these instructions first:

Download *Malwarebytes Anti-Malware* to your desktop.

Double-click *mbam-setup * and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
 *Launch Malwarebytes Anti-Malware*
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click *Finish*. Follow the instructions above....

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.

Let me see those logs in your reply....

Thank you,

Kevin...


----------



## Compash (Jan 9, 2006)

Hi Kevin,

Many thanks for replying to my thread. I appreciate it.

But I did use Malwarebytes Anti-Malware before (few days back), and it did detect multiple malwares, and all were removed apart from Astromenda one, which keep showing up. But since I scanned it again today, there was multiple malwares again (I don't know where they came from all of sudden again?) which I did remove all of it again today. And then scan it again, seems like everything is removed apart from PUP.Optional.Astromenda.A. But others one (aside Astromenda) may come back again.

Looking forward hearing from you again, hopefully this problem will be resolved soon.

Compash

Please see my two Malwarebytes Anti-Malware logs and Farbar Recovery Scan Tool log:-

*Malwarebytes Anti-Malware 1st log*

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/05/2015
Scan Time: 11:28:38
Logfile: 
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.15.02
Rootkit Database: v2015.05.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sabira

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 485214
Time Elapsed: 8 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A697B6D4-D947-45E9-BB93-932EC383144A}, Quarantined, [7d71ff94e3a7a69015303a332adb13ed], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B0B0666C-D46E-43ED-B54D-292BA62BCD6A}, Quarantined, [06e86132c1c9b383f450c1ac4db8c53b], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E7CEE9F8-F46D-4719-8335-9F797AC29D4A}, Quarantined, [18d6a4efc8c2ef4789bc78f538cd867a],

Registry Values: 6
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000, Quarantined, [7678167dc6c43501b11b0accf40f21df]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A697B6D4-D947-45E9-BB93-932EC383144A}|AppName, cb91448f-4adb-4089-8201-e3e4cf11763a-2.exe-codedownloader.exe, Quarantined, [7d71ff94e3a7a69015303a332adb13ed]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B0B0666C-D46E-43ED-B54D-292BA62BCD6A}|AppName, 3dc9ad44-cf8d-4b0d-ab93-a60e282461b8-2.exe-buttonutil.exe, Quarantined, [06e86132c1c9b383f450c1ac4db8c53b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E7CEE9F8-F46D-4719-8335-9F797AC29D4A}|AppName, cb91448f-4adb-4089-8201-e3e4cf11763a-2.exe-codedownloader.exe, Quarantined, [18d6a4efc8c2ef4789bc78f538cd867a]
PUP.Optional.Iminent.A, HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|Url, http://start.iminent.com/?appId=FD3D980A-D07B-4A30-8512-84AD0EBE82D5&ref=toolbox&q={searchTerms}, Quarantined, [1fcff79caedc9a9c60984c8b62a1ab55]
PUP.Optional.Iminent.A, HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Program Files (x86)\Iminent\inst\SearchTheWeb.ico, Quarantined, [8c62167d107af2446b8d15c28281e020]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Internet Speed Checker, Quarantined, [40aecec5addde650f54128ac12f10ff1],

Files: 3
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Internet Speed Checker\bgNova.html, Quarantined, [40aecec5addde650f54128ac12f10ff1], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Internet Speed Checker\1293297481.mxaddon, Quarantined, [40aecec5addde650f54128ac12f10ff1], 
PUP.Optional.Astromenda.A, C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage": "http://astromenda.com/?f=1&a=ast_cmi_14_36_ch&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0A0C0EyEtAyCzz0CzyyCtN0D0Tzu0SzyzztCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByEtByEzz0ByDtGtCyC0FtBtG0AtCyE0EtGyB0DyEyEtGyByCzz0BzytD0AtA0Dzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0DyEtByE0E0BtG0A0DyByCtGyEyB0BtCtG0Bzy0FtDtG0E0DzzyC0ByB0CyE0B0AyBtA2Q&cr=231831904&ir=",), Replaced,[e20cace795f5a690e9f8005cf70f857b]

Physical Sectors: 0
(No malicious items detected)

(end)

*Malwarebytes Anti-Malware 2nd log:-*

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/05/2015
Scan Time: 11:39:55
Logfile: 
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.15.02
Rootkit Database: v2015.05.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sabira

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 484016
Time Elapsed: 8 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Astromenda.A, C:\Users\Sabira
45trg
ye3]#2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage": "http://astromenda.com/?f=1&a=ast_cmi_14_36_ch&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0A0C0EyEtAyCzz0CzyyCtN0D0Tzu0SzyzztCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByEtByEzz0ByDtGtCyC0FtBtG0AtCyE0EtGyB0DyEyEtGyByCzz0BzytD0AtA0Dzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0DyEtByE0E0BtG0A0DyByCtGyEyB0BtCtG0Bzy0FtDtG0E0DzzyC0ByB0CyE0B0AyBtA2Q&cr=231831904&ir=",), Replaced,[08e69af99eecb6804c95223aab5bf40c]

Physical Sectors: 0
(No malicious items detected)

(end)

* Farbar Recovery Scan Tool log*

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02
Ran by Sabira at 2015-05-15 13:33:52
Running from C:\Users\Sabira\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2771644027-2860193389-1954980343-500 - Administrator - Disabled)
fatem_000 (S-1-5-21-2771644027-2860193389-1954980343-1004 - Limited - Enabled) => C:\Users\fatem_000
Guest (S-1-5-21-2771644027-2860193389-1954980343-501 - Limited - Disabled)
Sabira (S-1-5-21-2771644027-2860193389-1954980343-1001 - Administrator - Enabled) => C:\Users\Sabira
shami_000 (S-1-5-21-2771644027-2860193389-1954980343-1005 - Limited - Enabled) => C:\Users\shami_000
yamee_000 (S-1-5-21-2771644027-2860193389-1954980343-1006 - Limited - Enabled) => C:\Users\yamee_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.0 - Adobe Systems Incorporated.)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.50 - ArcSoft)
BitTorrent (HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\BitTorrent) (Version: 7.9.2.35144 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.24.4196 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{CF297F45-BB2C-4454-AEDA-EFAB01AFDCE3}) (Version: 0.9.24.4196 - BlueStack Systems, Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG7100 series User Registration (HKLM-x32\...\Canon MG7100 series User Registration) (Version: - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Update (HKLM-x32\...\{3F862535-33F3-4F3F-864E-6D4F6FD3258D}) (Version: 1.5.2000.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{594E7534-5ECB-4FAC-B26F-583B0CFCBCEC}) (Version: 1.00.0006 - DELL)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Kodi (HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Kodi) (Version: - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1599 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.210 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PDFMate Free PDF Merger 1.0.8 (HKLM-x32\...\PDFMate Free PDF Merger_is1) (Version: - pdfmate.com)
PerfV700_V750 User's Guide (HKLM-x32\...\PerfV700_V750 User's Guide) (Version: - )
PrtScr 1.7 (HKLM-x32\...\PrtScr_is1) (Version: - FireStarter)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.300 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{F7C7EFEC-D7AB-4BDE-B5FA-D76231DA4E80}) (Version: 1.0.31.1053 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SilverFast Epson-SE 6.6.1r2b (HKLM-x32\...\SilverFast Epson-SE) (Version: - LaserSoft Imaging AG)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

08-05-2015 14:56:42 Scheduled Checkpoint
13-05-2015 01:08:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14641721-6E16-40CD-A4EE-B86BA1AB0B8E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {1DBCBE56-38DB-45E8-A600-A8A493E46D0C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {208E31E3-3FCD-48B1-BF9E-242FF5584D4A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {2AC3BFA0-32C9-4A07-AF53-3BBB43765CF7} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {3FD92324-06BF-4DFF-B702-1C7B4581CFFB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {400BB0A6-89F9-43DC-BF42-3056EB62A018} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {4997C862-57A0-417B-AA0E-D35A190DE21C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4C65E53E-0AEF-4A49-9842-A3B3C51560B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {62444CCF-63A8-4A58-AB39-B4526DF29FA4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-20] (Microsoft Corporation)
Task: {633BC3C6-1F19-4998-859B-DFCBEC3D2E92} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {6E4FBD85-F084-4E4B-A720-98259CDC32EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {7452D166-04C2-4DB1-A5FE-A607D2730CAD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {83C9C36D-1B68-48A3-BB87-76C55E1A6CE6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {864D3E13-5C03-4906-B33A-C7B8EA3DFB22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {9EDAD025-F1D6-4509-8D9D-137EA2EB4DF5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {BC923CAD-AE82-4886-B6A6-4575DC1B98E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CEE2EF38-FCF8-49E9-8655-E065CDC856BB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {E69149DF-81FC-41D7-B301-6791C1EF3CCF} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2771644027-2860193389-1954980343-1001
Task: {EF547238-D25B-46D1-9239-DC89003AD957} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {F23931A0-D44B-407D-83D1-0282969F8DC5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {F8723268-7917-44DE-9E3D-2670C5B0D421} - \ASP No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-30 05:21 - 2013-08-02 09:40 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-30 06:14 - 2013-08-01 14:22 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-30 06:30 - 2013-05-18 02:12 - 00131072 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2014-06-26 19:37 - 2013-05-14 10:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-13 04:06 - 2013-08-13 04:06 - 00198120 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-13 04:06 - 2013-08-13 04:06 - 00054760 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-13 04:06 - 2013-08-13 04:06 - 00034792 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-01-30 06:30 - 2013-01-26 07:29 - 00544768 _____ () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
2015-05-09 14:04 - 2015-05-09 14:05 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-08-15 12:48 - 2013-08-15 12:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-08-15 12:45 - 2013-08-15 12:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-08-15 12:52 - 2013-08-15 12:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-09-08 15:25 - 2013-07-14 17:19 - 02766336 _____ () C:\Program Files (x86)\PrtScr\PrtScr.exe
2013-08-15 21:03 - 2013-08-15 21:03 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-04-24 19:19 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-24 19:19 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-24 19:19 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-24 19:19 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-24 19:19 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-08 15:25 - 2013-06-06 14:44 - 18730496 _____ () C:\Program Files (x86)\PrtScr\dsp_ipp.dll
2014-09-08 15:25 - 2013-04-11 02:18 - 00509440 _____ () C:\Program Files (x86)\PrtScr\QuickFontCache.dll
2014-09-08 15:25 - 2013-04-06 09:26 - 00487424 _____ () C:\Program Files (x86)\PrtScr\freetype.dll
2014-06-22 16:58 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-06-22 16:58 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2015-05-15 11:04 - 2015-05-05 05:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-15 11:04 - 2015-05-05 05:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2014-01-30 06:39 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 20:41 - 2013-03-05 20:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-01-30 06:30 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-26 17:07 - 2015-02-09 16:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-01-30 06:46 - 2012-11-26 07:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 17:07 - 2014-02-18 19:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\fatem_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Sabira\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\shami_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\yamee_000\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\skype.com -> hxxps://apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Pirelli_FINAL.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CE95F662-1AAE-4774-85BF-558C8BAE6900}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F7EF53B6-0F41-4780-B98E-F4ED80D28EA1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{8D3CC3A6-1D74-4101-91FD-C486E0BA19CE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0C47A2DC-DA98-4215-8027-28D4C0FA16A3}] => (Allow) LPort=2869
FirewallRules: [{D425AF95-2FA5-4532-BBB8-1B197AB83F22}] => (Allow) LPort=1900
FirewallRules: [{5EBD23DE-5F2F-4265-B6BA-871446A6A3A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{057A051A-47AE-4841-B7CA-7EB24294C3A3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{41560567-4A1A-408B-BC99-A4C2CAA3FC57}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F0E8ADF6-7B14-4DAE-AC1E-B99D7DD22C89}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B121C86A-0F76-45AF-AADE-8C15EC013896}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3E059A50-FA45-425A-88FF-11650DF99834}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F1D29C0B-1483-477B-9E8C-288DEB0372C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2015 02:55:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a54

Start Time: 01d08eb04397cd32

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8027c0f5-faa5-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 02:41:56 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (05/15/2015 02:34:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f8

Start Time: 01d08daab87c7c64

Termination Time: 25

Application Path: C:\Windows\Explorer.EXE

Report Id: 776242fb-faa2-11e4-82be-543530a68c7a

Faulting package full name:

Faulting package-relative application ID:

Error: (05/15/2015 01:27:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a90

Start Time: 01d08ea2ee0c960a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 1ec2d6fe-fa99-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 01:00:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f58

Start Time: 01d08ea10b602e20

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 55b43e6b-fa95-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 00:42:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2370

Start Time: 01d08e9b34625df8

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e7e7e0da-fa92-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/14/2015 11:48:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2be8

Start Time: 01d08e97037f7ee0

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 5062ffef-fa8b-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/14/2015 11:06:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 282c

Start Time: 01d08e8ea1cdfa05

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6effa947-fa85-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/14/2015 10:09:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2260

Start Time: 01d08e893fe32a2a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8cc6d246-fa7d-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/14/2015 09:48:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2ea8

Start Time: 01d08e863ff8f8cb

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8cdfc1c6-fa7a-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (05/15/2015 11:02:42 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Error: (05/15/2015 11:02:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 11:02:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 11:02:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 11:02:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 11:02:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 11:02:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 11:02:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 11:02:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 11:02:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440S CPU @ 2.80GHz
Percentage of memory in use: 61%
Total physical RAM: 8117.98 MB
Available physical RAM: 3124.06 MB
Total Pagefile: 9461.98 MB
Available Pagefile: 3315.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.42 GB) (Free:833.6 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:9.44 GB) (Free:0.68 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E02AF0F9)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## kevinf80 (Mar 21, 2006)

FRST will produce two logs "FRST.txt" and "Addition.txt", you have posted the secondary log "Addition.txt" I also need to see the primary log "FRST.txt".

Logs are saved to this folder: *C:\FRST\Logs*


----------



## Compash (Jan 9, 2006)

Hi Kevin,

So sorry for not including the log.

Here is it:

*"FRST.txt"*

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Sabira (administrator) on HOMEOFFICE on 15-05-2015 13:33:23
Running from C:\Users\Sabira\Desktop
Loaded Profiles: Sabira (Available profiles: Sabira & fatem_000 & shami_000 & yamee_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Dell Inc.) C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.374.0\McCSPServiceHost.exe
() C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\PrtScr\PrtScr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [884440 2015-05-02] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-08-15] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [PrtScr by FireStarter] => C:\Program Files (x86)\PrtScr\PrtScr.exe [2766336 2013-07-14] ()
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [GoogleChromeAutoLaunch_3C1B2192D11FF988E69B64C631FA80BC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [387536 2013-08-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [326224 2013-08-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-30]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-01-30]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{99D8B059-63AA-415B-A8F3-48A4F6E3D867}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55779;https=127.0.0.1:55779
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> DefaultScope {C2955A86-4974-4F3B-A59F-E7134FF2A874} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB977D20150203&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> {822BB52E-9C4D-4C06-B7CB-6BB3CE1D6F13} URL = 
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> {C2955A86-4974-4F3B-A59F-E7134FF2A874} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB977D20150203&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-08-15] (Qualcomm®Atheros®)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-30]

Chrome: 
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_cmi_14_36_ch&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0A0C0EyEtAyCzz0CzyyCtN0D0Tzu0SzyzztCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByEtByEzz0ByDtGtCyC0FtBtG0AtCyE0EtGyB0DyEyEtGyByCzz0BzytD0AtA0Dzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0DyEtByE0E0BtG0A0DyByCtGyEyB0BtCtG0Bzy0FtDtG0E0DzzyC0ByB0CyE0B0AyBtA2Q&cr=231831904&ir=
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-16]
CHR Extension: (Pushbullet) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-28]
CHR Extension: (SiteAdvisor) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-17]
CHR Extension: (AdBlock) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-08]
CHR Extension: (Bookmark Manager) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Hangouts) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-15] (Windows (R) Win 7 DDK provider) [File not signed]
R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-05-02] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-02] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [806616 2015-05-02] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [131072 2013-05-18] () [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [210808 2015-02-10] (Dell Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-04-17] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-15] (Qualcomm Atheros) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3862736 2013-07-27] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-14] (Qualcomm Atheros, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145112 2015-05-02] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-08-15] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-09] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-09] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-08] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-05-08] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 13:33 - 2015-05-15 13:33 - 00031232 _____ () C:\Users\Sabira\Desktop\FRST.txt
2015-05-15 13:33 - 2015-05-15 13:33 - 00000000 ____D () C:\FRST
2015-05-15 13:32 - 2015-05-15 13:32 - 02106368 _____ (Farbar) C:\Users\Sabira\Desktop\FRST64.exe
2015-05-15 13:31 - 2015-05-15 13:31 - 01145856 _____ (Farbar) C:\Users\Sabira\Desktop\FRST.exe
2015-05-15 11:43 - 2015-05-15 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-15 11:40 - 2015-05-15 11:40 - 00000000 ___RD () C:\Users\Sabira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-13 19:37 - 2015-05-13 19:37 - 00001838 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-05-13 19:37 - 2015-05-13 19:37 - 00001821 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-05-13 19:33 - 2015-05-13 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-05-13 00:38 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 00:38 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 02:53 - 2015-05-12 02:54 - 00000022 _____ () C:\Users\Sabira\Downloads\outlander-season-1-episode-14-english-6780.zip
2015-05-10 23:13 - 2015-05-12 02:54 - 00055224 _____ () C:\Users\Sabira\Downloads\Outlander.S01E14.HDTV.x264-BATV.srt
2015-05-09 14:03 - 2015-05-11 16:16 - 00000000 ____D () C:\Users\Sabira\Documents\Bluetooth Folder
2015-05-08 23:01 - 2015-05-08 23:01 - 00509440 _____ (Tech Support Guy System) C:\Users\Sabira\Downloads\SysInfo.exe
2015-05-08 18:04 - 2015-05-08 18:04 - 13232896 _____ (DELL INC.) C:\Users\Sabira\Downloads\XPS_2720_A07.EXE
2015-05-08 18:04 - 2015-05-08 18:04 - 00031152 _____ () C:\Windows\system32\Drivers\pmxdrv.sys
2015-05-07 22:38 - 2015-05-07 22:38 - 00069611 _____ () C:\Users\Sabira\Desktop\sfcdetails.text
2015-05-06 23:22 - 2015-05-14 03:08 - 00000000 ____D () C:\Users\Sabira\Desktop\Cattery Bussiness and Buildings
2015-04-24 19:19 - 2015-04-24 19:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-24 19:19 - 2015-04-24 19:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-24 19:19 - 2015-04-24 19:19 - 00001409 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-24 19:19 - 2015-04-24 19:19 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-24 19:19 - 2015-04-24 19:19 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-24 19:19 - 2015-04-24 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-24 19:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-04-24 19:18 - 2015-04-24 19:18 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Sabira\Downloads\spybot-2.4.exe
2015-04-22 12:00 - 2015-05-15 11:38 - 00002248 _____ () C:\Windows\PFRO.log
2015-04-21 17:53 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-21 17:53 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-20 17:30 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-20 17:30 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-20 17:30 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-20 17:30 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-20 17:30 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-20 17:30 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-20 17:30 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-20 17:30 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-20 17:30 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-20 17:30 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-20 17:30 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-20 17:30 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-20 17:30 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-20 17:30 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-20 17:30 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-20 17:30 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-20 17:30 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-20 17:30 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-20 17:29 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-20 17:29 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-20 17:29 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-20 17:29 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-20 17:29 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-20 17:29 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-20 17:29 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-20 17:29 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-20 17:29 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-20 17:29 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-20 17:29 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-20 17:29 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-20 17:29 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-20 17:29 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-20 17:29 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-20 17:29 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-20 17:29 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-20 17:29 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-20 17:29 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-20 17:29 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-20 17:29 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-20 17:29 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-20 17:28 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-20 17:28 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-20 17:28 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-20 17:28 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 01:51 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 01:51 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 01:51 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 01:51 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 01:51 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 01:51 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 01:51 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 01:51 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 01:51 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 01:51 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 01:51 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 01:51 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 01:51 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 01:51 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 01:51 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 01:51 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 01:51 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 01:51 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 13:25 - 2015-02-15 22:21 - 01263772 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 13:04 - 2014-06-19 21:44 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-15 12:08 - 2014-06-19 20:49 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1001
2015-05-15 11:46 - 2014-01-30 06:45 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-15 11:43 - 2014-01-30 06:25 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 11:39 - 2014-09-08 04:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-15 11:39 - 2014-06-19 21:44 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-15 11:39 - 2014-06-19 20:45 - 00000000 ___DO () C:\Users\Sabira\SkyDrive
2015-05-15 11:38 - 2015-04-10 21:19 - 00006448 _____ () C:\Windows\setupact.log
2015-05-15 11:38 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-15 11:38 - 2013-08-22 14:25 - 01048576 ___SH () C:\Windows\system32\config\BBI
2015-05-15 11:28 - 2014-09-08 04:09 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-15 11:28 - 2014-09-08 04:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-15 11:28 - 2014-09-08 04:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-15 11:09 - 2014-06-19 20:51 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2721A28C-B303-4BB3-8F48-1A3927178477}
2015-05-15 11:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-14 10:31 - 2014-06-20 02:31 - 00000000 ____D () C:\Users\Sabira\AppData\Roaming\Skype
2015-05-13 19:39 - 2014-11-23 14:28 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-13 19:37 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-13 19:33 - 2014-11-23 14:29 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-05-13 19:33 - 2014-11-23 14:29 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-05-13 19:27 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-13 12:56 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-08 19:12 - 2015-03-18 17:11 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-05-07 21:58 - 2014-06-19 20:42 - 00000000 ____D () C:\Users\Sabira
2015-05-06 23:17 - 2014-01-30 06:44 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-06 22:58 - 2014-06-21 03:57 - 00000000 ____D () C:\Users\Sabira\AppData\Local\CrashDumps
2015-05-01 19:23 - 2014-06-26 19:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-29 19:38 - 2014-01-30 06:18 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-04-29 19:38 - 2014-01-30 06:18 - 00000000 ____D () C:\Windows\system32\NV
2015-04-29 16:50 - 2014-01-30 06:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-24 21:05 - 2014-09-30 11:36 - 00000000 ____D () C:\Users\shami_000
2015-04-24 21:05 - 2014-08-07 02:15 - 00000000 ____D () C:\Users\yamee_000
2015-04-24 21:05 - 2014-07-24 13:12 - 00000000 ____D () C:\Users\fatem_000
2015-04-23 17:13 - 2014-06-24 23:11 - 00000000 ____D () C:\Users\Sabira\AppData\Local\Microsoft Help
2015-04-22 16:12 - 2015-03-18 17:12 - 00003916 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-04-22 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-04-21 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-20 23:30 - 2014-12-11 03:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-20 23:30 - 2014-07-10 01:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-20 19:42 - 2014-06-19 22:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-20 19:38 - 2014-06-24 23:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-20 19:38 - 2014-06-19 22:11 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-09-08 02:45 - 2014-09-08 02:45 - 0000318 _____ () C:\Users\Sabira\AppData\Roaming\aps.uninstall.scan.results
2014-09-08 02:44 - 2014-09-08 02:44 - 0616240 _____ (ClickMeIn Limited) C:\Users\Sabira\AppData\Local\nss5B63.tmp
2014-01-30 06:15 - 2014-01-30 06:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-30 06:41 - 2014-01-30 06:42 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-01-30 06:39 - 2014-01-30 06:39 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-01-30 06:39 - 2014-01-30 06:40 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-01-30 06:40 - 2014-01-30 06:41 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-01-30 06:39 - 2014-01-30 06:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\fatem_000\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-15 13:23

==================== End Of Log ============================


----------



## kevinf80 (Mar 21, 2006)

Download attached *fixlist.txt* file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.


 On the *Settings* tab > *Detection and Protection* sub tab, *Detection Options*, tick the box *"Scan for rootkits"*.
 Under *Non-Malware Protection* sub tab Change *PUP* and *PUM* entries to *Treat detections as Malware*
 Click on the *Scan* tab, then click on *Scan Now >>* . If an update is available, click the *Update Now* button.
 A Threat Scan will begin.
 With some infections, you may see this message box.

*'Could not load DDA driver'*

 Click 'Yes' to this message, to allow the driver to load after a restart.
 Allow the computer to restart. Continue with the rest of these instructions.
 When the scan is complete, click *Apply Actions*.
 *Wait for the prompt to restart the computer to appear*, then click on *Yes*.
 After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:


 Click on the *History* tab > *Application* Logs.
 Double click on the scan log which shows the Date and time of the scan just performed.
 Click *Export * > From export you have three options:

*Copy to Clipboard* - if seleted right click to your reply and select "Paste" log will be pasted to your reply
*Text file (*.txt)* - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
*XML file (*.xml)* - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

 Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply 

If Malwarebytes is not installed follow these instructions first:

Download *Malwarebytes Anti-Malware* to your desktop.

Double-click *mbam-setup * and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
 *Launch Malwarebytes Anti-Malware*
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click *Finish*. Follow the instructions above....

Next,

Download *AdwCleaner* by Xplode onto your Desktop.

 Double click on Adwcleaner.exe to run the tool.
 Click on Scan
 Once the scan is done, click on the *Clean button*. <<<--- Ensure this option is completed
 You will get a prompt asking to close all programs. Click OK.
 Click OK again to reboot your computer.
 A text file will open after the restart. Please post the content of that logfile in your reply.
 You can also find the logfile at C:\AdwCleaner[Sn].txt. Where *n* in the scan reference number

Next,








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save *direct* to the *desktop*
Ensure to get the correct version for your system.... 
32 Bit version:
https://www.microsoft.com/downloads...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
64 Bit version:
https://www.microsoft.com/downloads...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select *Quick* Scan
Perform a scan and Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

*notepad c:\windows\debug\mrt.log*

Let me see those logs, also let le know if there are any remaining issues or concerns...

Thanks,

Kevin.....


----------



## Compash (Jan 9, 2006)

Hi Kevin,

Thanks for the reply. I did as you have instructed.

Let me know what is your reply. *fingers crossed*

Compash

*Fixlog.txt*

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 02
Ran by Sabira at 2015-05-15 17:18:42 Run:1
Running from C:\Users\Sabira\Desktop
Loaded Profiles: Sabira (Available profiles: Sabira & fatem_000 & shami_000 & yamee_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55779;https=127.0.0.1:55779
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_cmi_14_36_ch&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0A0C0EyEtAyCzz0CzyyC tN0D0Tzu0SzyzztCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2 Y1L1Qzu2SyB0ByEtByEzz0ByDtGtCyC0FtBtG0AtCyE0EtGyB0DyEyEtGyByCzz0BzytD0AtA0D zz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0DyEtByE0E0BtG0A0DyByCtGyEyB0BtCtG0Bzy0 FtDtG0E0DzzyC0ByB0CyE0B0AyBtA2Q&cr=231831904&ir=
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
Task: {F8723268-7917-44DE-9E3D-2670C5B0D421} - \ASP No Task File <==== ATTENTION
Emptytemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Chrome HomePage deleted successfully.
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8723268-7917-44DE-9E3D-2670C5B0D421}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8723268-7917-44DE-9E3D-2670C5B0D421}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => Key deleted successfully.
EmptyTemp: => Removed 1.2 GB temporary data.

The system needed a reboot.

==== End of Fixlog 17:19:24 ====

*Anti-Malware application log*

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/05/2015
Scan Time: 17:28:06
Logfile: 
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.15.03
Rootkit Database: v2015.05.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sabira

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 483005
Time Elapsed: 8 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Astromenda.A, C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage": "http://astromenda.com/?f=1&a=ast_cmi_14_36_ch&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0A0C0EyEtAyCzz0CzyyCtN0D0Tzu0SzyzztCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByEtByEzz0ByDtGtCyC0FtBtG0AtCyE0EtGyB0DyEyEtGyByCzz0BzytD0AtA0Dzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0DyEtByE0E0BtG0A0DyByCtGyEyB0BtCtG0Bzy0FtDtG0E0DzzyC0ByB0CyE0B0AyBtA2Q&cr=231831904&ir=",), Replaced,[529dfa99b6d40e282c5a75e864a24cb4]

Physical Sectors: 0
(No malicious items detected)

(end)

* AdwCleaner Logfile *

# AdwCleaner v4.204 - Logfile created 15/05/2015 at 18:11:51
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Sabira - HOMEOFFICE
# Running from : C:\Users\Sabira\Desktop\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Common Files\IMGUpdater
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Users\Sabira\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Sabira\AppData\Roaming\ap_logs
Folder Deleted : C:\Users\Sabira\AppData\Roaming\DesktopIconForAmazon
Folder Deleted : C:\Users\Sabira\AppData\Roaming\Systweak
File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Sabira\AppData\Roaming\aps.uninstall.scan.results

***** [ Scheduled tasks ] *****

Task Deleted : LaunchSignup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\TermTutor
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:55779;hxxps=127.0.0.1:55779
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v42.0.2311.152

[C:\Users\fatem_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nbljechdpodpbchbmjcoamidppmpnmlc
[C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae
[C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://astromenda.com/?f=1&a=ast_cmi_14_36_ch&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0A0C0EyEtAyCzz0CzyyCtN0D0Tzu0SzyzztCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByEtByEzz0ByDtGtCyC0FtBtG0AtCyE0EtGyB0DyEyEtGyByCzz0BzytD0AtA0Dzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0DyEtByE0E0BtG0A0DyByCtGyEyB0BtCtG0Bzy0FtDtG0E0DzzyC0ByB0CyE0B0AyBtA2Q&cr=231831904&ir=
[C:\Users\shami_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\yamee_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6900 bytes] - [15/05/2015 18:04:32]
AdwCleaner[S0].txt - [6437 bytes] - [15/05/2015 18:11:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6496 bytes] ##########

* Junkware Removal Tool *

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.1 (05.14.2015:1)
OS: Windows 8.1 x64
Ran by Sabira on 15/05/2015 at 18:20:37.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1001
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1003
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1004
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1005
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1006
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Sabira\AppData\Roaming\pcdr

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/05/2015 at 18:22:26.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Compash (Jan 9, 2006)

* 
Microsoft Windows Malicious Software Removal Tool log
*

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Fri Apr 10 15:05:06 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Fri Apr 10 15:10:49 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 10 15:11:16 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Fri Apr 10 15:15:21 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 10 15:15:31 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Fri Apr 10 17:37:58 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 10 17:38:12 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Fri Apr 10 20:45:53 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 10 20:46:06 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 13:22:42 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 13:24:02 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 13:59:03 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 13:59:10 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 14:44:22 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 14:44:28 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 15:44:21 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 15:46:41 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 15:48:48 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 15:48:49 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 16:30:20 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 16:30:24 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 16:34:55 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 16:34:56 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 17:18:06 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 17:18:24 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 17:21:11 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 17:21:13 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 17:23:09 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 17:23:10 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 19:31:22 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 19:31:26 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 19:35:44 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 19:35:46 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 22:37:54 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 22:38:04 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sat Apr 11 22:51:33 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 11 22:52:20 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sun Apr 12 02:38:22 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sun Apr 12 13:58:45 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 12 14:00:13 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sun Apr 12 16:47:30 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sun Apr 12 16:55:41 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 12 16:55:54 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sun Apr 12 17:00:45 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 12 17:00:46 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sun Apr 12 17:29:54 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 12 17:30:02 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sun Apr 12 17:46:00 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 12 17:46:01 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sun Apr 12 18:23:05 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 12 18:23:06 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Sun Apr 12 20:30:55 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 12 20:31:03 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 01:02:52 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 01:02:53 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 02:49:34 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 02:49:35 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 02:54:37 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 02:54:38 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 16:51:59 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 16:53:36 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 18:33:28 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 18:33:38 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 18:38:30 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 18:38:31 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 18:43:15 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 18:43:16 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 19:03:44 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 19:03:47 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 19:11:56 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 19:11:57 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 19:19:26 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 19:19:27 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 19:31:09 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 19:31:10 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 20:26:29 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 20:26:40 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 13 20:31:32 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 13 20:31:33 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Tue Apr 14 14:48:30 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14 14:49:58 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Tue Apr 14 16:09:08 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14 16:09:22 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Tue Apr 14 16:14:06 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14 16:14:07 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Tue Apr 14 16:37:45 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14 16:37:53 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Tue Apr 14 18:00:28 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14 18:00:41 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Tue Apr 14 18:33:49 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14 18:34:10 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Tue Apr 14 20:26:34 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14 20:26:44 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Tue Apr 14 21:01:29 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 14 21:01:32 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Wed Apr 15 05:03:42 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 15 05:05:27 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Wed Apr 15 18:36:59 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 15 18:37:48 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Wed Apr 15 19:17:34 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 15 19:17:35 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 04:03:57 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 04:03:58 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 04:30:22 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 04:35:15 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 04:35:29 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 05:47:44 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 15:31:15 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 15:32:50 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 16:01:11 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 16:01:30 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 16:06:14 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 16:06:15 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 18:21:15 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 18:21:26 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 18:27:20 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 18:27:22 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 19:48:23 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 19:50:07 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 21:01:04 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 21:09:04 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 21:09:05 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 21:19:36 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 21:20:22 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 21:28:35 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 21:28:52 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 21:42:28 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Thu Apr 16 21:47:32 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 16 21:47:38 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Fri Apr 17 00:31:25 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 17 00:32:09 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.22, March 2015 (build 5.22.11202.0)
Started On Mon Apr 20 19:34:18 2015

Engine: 1.1.11400.0
Signatures: 1.193.1181.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 20 19:36:51 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 20 19:38:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 20 19:42:15 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 20 19:45:06 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 20 19:45:12 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 20 19:52:02 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 20 19:52:09 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 20 21:04:53 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 20 21:04:56 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue Apr 21 18:29:14 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 21 18:29:25 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue Apr 21 23:33:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 21 23:33:32 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 12:38:43 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 14:32:51 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 22 14:32:58 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 15:27:09 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 15:31:56 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 22 15:32:13 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 15:42:12 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 22 15:42:26 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 15:46:39 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 22 15:46:48 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 15:51:39 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 22 15:51:49 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 15:56:36 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 22 15:56:37 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 16:01:11 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 22 16:01:12 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 16:06:07 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 22 16:06:09 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 22 17:00:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 22 17:00:32 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 12:46:33 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 13:53:49 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 13:53:59 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 16:48:05 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 16:48:29 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 17:03:34 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 17:03:36 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 17:42:32 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 17:42:34 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 18:10:56 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 18:11:03 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 18:55:32 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 18:55:33 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 20:04:22 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 20:04:24 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 20:09:26 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 20:09:27 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 20:32:24 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 20:32:26 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 20:34:48 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 20:34:49 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 20:39:44 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 20:39:46 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 22:53:40 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 22:53:41 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 23 22:59:07 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 23 22:59:09 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri Apr 24 03:20:53 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 24 03:20:58 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri Apr 24 11:43:11 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 24 11:44:05 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri Apr 24 12:15:04 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 24 12:16:57 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri Apr 24 12:23:40 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 24 12:24:01 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri Apr 24 14:19:56 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Apr 24 14:20:14 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 13:45:18 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 13:50:22 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 25 13:50:30 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 14:55:41 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 14:59:53 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 15:04:57 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 25 15:05:13 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 16:43:29 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 17:26:37 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 25 17:26:39 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 17:35:49 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 25 17:35:50 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 18:24:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 25 18:24:33 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 19:14:51 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 25 19:15:01 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 19:47:57 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 25 19:48:06 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat Apr 25 20:22:30 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Apr 25 20:22:40 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 04:01:43 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 04:01:45 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 04:54:21 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 04:54:40 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 04:58:47 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 04:58:48 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 05:23:05 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 05:23:13 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 05:27:45 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 05:27:47 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 05:32:43 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 05:32:45 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 05:38:37 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 05:38:39 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 05:43:34 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 05:43:35 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 06:18:30 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 06:18:32 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 06:22:46 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 06:22:47 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 06:26:54 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 06:26:57 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 06:31:51 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 06:31:52 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 07:01:06 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 07:01:17 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 07:18:28 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 07:18:47 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 10:11:40 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 10:11:55 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 10:15:30 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 10:15:32 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 10:59:22 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 10:59:24 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 11:37:08 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 11:37:10 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 11:59:27 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 11:59:28 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 12:23:16 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 12:23:20 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 18:24:07 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 18:25:29 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun Apr 26 20:57:16 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Apr 26 20:57:33 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 27 02:06:00 2015

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 27 02:10:54 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 27 02:10:55 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 27 03:16:41 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 27 03:16:49 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 27 20:21:54 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 27 20:22:05 2015


----------



## Compash (Jan 9, 2006)

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 27 20:33:36 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 27 20:33:37 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 27 20:37:58 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 27 20:37:59 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 27 20:42:55 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 27 20:42:56 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon Apr 27 22:54:57 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Apr 27 22:54:58 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue Apr 28 04:43:07 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue Apr 28 07:28:33 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 28 07:36:18 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue Apr 28 20:28:23 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 28 20:28:46 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 29 20:43:23 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 29 20:47:43 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 29 20:47:52 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 29 22:35:21 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 29 22:39:55 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 29 22:39:57 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed Apr 29 23:52:52 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 29 23:53:03 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 30 00:57:56 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 30 00:58:12 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 30 03:35:49 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 30 03:35:57 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 30 11:11:44 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 30 12:00:49 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 30 12:01:11 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu Apr 30 16:03:18 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 30 16:03:27 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 01 03:54:26 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 01 03:55:20 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 01 03:57:56 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 01 03:58:07 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 01 04:03:06 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 01 04:04:24 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 01 04:08:23 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 01 04:08:41 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 01 04:44:33 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 01 04:44:36 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 01 10:11:33 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 01 10:11:40 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 01 13:19:27 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 01 13:19:36 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 02 11:33:35 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 02 11:34:18 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 02 11:40:53 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 02 11:46:30 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 02 11:46:42 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 02 11:50:55 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 02 11:51:08 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 02 11:55:49 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 02 11:55:51 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 02 12:01:21 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 02 12:01:23 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 02 12:06:21 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 02 12:06:23 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 02 12:11:18 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 02 12:11:20 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 02 12:35:40 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 02 12:35:59 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 02 13:01:39 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 02 13:01:49 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 03 01:00:56 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 03 01:00:57 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon May 04 14:06:37 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon May 04 14:08:42 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon May 04 16:21:40 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon May 04 16:21:43 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 05 15:35:36 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 05 15:50:14 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 05 15:57:41 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 05 15:57:49 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 05 16:13:04 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 05 16:13:05 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 05 16:22:07 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 05 17:24:26 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 05 17:24:43 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 05 18:00:57 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 05 18:01:05 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 01:42:22 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 01:42:23 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 01:47:25 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 01:47:26 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 01:51:44 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 01:51:45 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 02:18:00 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 02:18:01 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 14:34:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 14:34:22 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 14:38:40 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 14:38:42 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 14:54:02 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 14:54:03 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 14:58:30 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 14:58:32 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 17:35:25 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 17:36:04 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 17:59:03 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 17:59:05 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 06 19:49:49 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 06 19:50:01 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 08 14:47:03 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 08 14:48:10 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 08 15:05:37 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 08 15:05:45 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 14:22:05 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 14:27:06 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 14:27:17 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 15:30:06 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 15:45:26 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 15:46:00 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 16:13:23 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 16:13:34 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 16:18:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 16:18:21 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 17:28:09 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 17:28:20 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 17:30:36 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 17:30:37 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 18:47:11 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 18:47:46 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 18:52:13 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 18:52:14 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 19:28:37 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 19:28:38 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 19:33:39 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 19:33:40 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sat May 09 21:27:33 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat May 09 21:27:38 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 01:14:50 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 01:15:03 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 01:27:48 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 01:27:49 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 13:46:49 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 13:51:48 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 13:52:02 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 14:25:29 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 14:25:40 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 14:55:16 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 14:55:35 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 16:58:36 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 16:58:56 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 17:59:57 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 18:00:10 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 18:23:57 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 18:24:09 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 19:03:26 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 19:03:27 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 19:10:23 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 19:10:25 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Sun May 10 19:15:20 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun May 10 19:15:22 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon May 11 00:01:53 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon May 11 14:00:26 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon May 11 14:05:16 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon May 11 14:10:30 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Mon May 11 15:17:25 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon May 11 15:17:33 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 12 03:22:38 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 12 03:22:56 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 12 04:45:15 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 12 14:30:25 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 12 14:35:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 12 14:35:36 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Tue May 12 15:06:45 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue May 12 15:06:55 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 13 01:03:31 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 01:03:33 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 13 01:08:34 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 01:08:35 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 13 02:42:30 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 02:42:31 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 13 13:12:33 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 13:14:35 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 13 14:03:17 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 14:03:53 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 13 14:26:00 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 14:26:17 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 13 14:55:52 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 14:56:01 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 13 15:00:14 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 15:00:15 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Wed May 13 15:13:25 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 13 15:13:38 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 03:36:27 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 03:36:35 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 03:45:11 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 03:45:12 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 04:37:48 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 04:37:51 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 04:40:14 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 04:40:15 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 04:44:15 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 04:44:46 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 04:49:43 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 04:51:08 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 04:54:25 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 04:55:53 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 05:09:14 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 05:09:22 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 05:39:18 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 05:39:26 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 05:43:25 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 05:43:27 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 05:54:00 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 05:54:01 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 06:01:32 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 06:01:33 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 06:07:00 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 06:07:01 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 06:08:10 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 06:08:11 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 06:13:06 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 06:13:08 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 09:26:22 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 09:26:24 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 09:31:36 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 09:31:38 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 09:36:33 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 09:36:34 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 10:21:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 10:21:20 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 10:41:27 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 10:41:29 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 10:44:25 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 10:44:27 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 10:48:26 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 10:48:27 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 10:49:38 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 10:49:39 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 10:54:34 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 10:54:36 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 12:27:28 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 12:27:37 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 12:45:31 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 12:45:33 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 12:53:48 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 12:53:49 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 12:55:45 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 12:55:46 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 13:31:00 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 13:31:18 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 14:29:29 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 14:38:27 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 14:38:30 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 16:20:33 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 16:20:41 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 17:49:01 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 17:49:02 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 17:53:29 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 17:53:30 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 20:02:48 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 20:02:56 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 20:06:40 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 20:06:41 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 21:19:22 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 21:19:33 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 21:23:53 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 21:23:55 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 22:02:13 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 22:02:22 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 22:18:47 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 22:18:49 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 22:26:17 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 22:26:18 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 22:45:46 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 22:45:55 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Thu May 14 22:54:53 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 14 22:54:55 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 15 00:36:02 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 00:36:13 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 15 00:40:35 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 00:40:36 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 15 12:09:12 2015


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 15 12:19:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 12:19:33 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 15 14:21:48 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 14:23:56 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 15 14:58:24 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 14:59:45 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 15 15:03:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 15:04:22 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 15 17:42:19 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 17:42:47 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 15 17:47:30 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 17:47:36 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.23, April 2015 (build 5.23.11300.0)
Started On Fri May 15 17:51:54 2015

Engine: 1.1.11502.0
Signatures: 1.195.1215.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 17:51:56 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.24, May 2015 (build 5.24.11401.0)
Started On Fri May 15 18:27:51 2015

Engine: 1.1.11602.0
Signatures: 1.197.1100.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 15 18:31:08 2015


Return code: 0 (0x0)


----------



## kevinf80 (Mar 21, 2006)

Thanks for those logs, run FRST again see if we`ve missed anything:

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....Also give an update on any remaining issues or concerns.

Thanks,

Kevin....


----------



## Compash (Jan 9, 2006)

Hi Kevin,

Thank you for the reply. When I scan Malwarebytes Anti-Malware, I still have PUP.Optional.Astromenda.A even though I tried to fix it many times with Malwarebytes Anti-Malware, and it will say it is fixed, but it keep coming back every single time.

Many thanks in advance for your time.

Compash

*Malwarebytes Anti-Malware*

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/05/2015
Scan Time: 20:57:10
Logfile: 
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.15.05
Rootkit Database: v2015.05.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sabira

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 475701
Time Elapsed: 6 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Astromenda.A, C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage": "http://astromenda.com/?f=1&a=ast_cmi_14_36_ch&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0A0C0EyEtAyCzz0CzyyCtN0D0Tzu0SzyzztCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByEtByEzz0ByDtGtCyC0FtBtG0AtCyE0EtGyB0DyEyEtGyByCzz0BzytD0AtA0Dzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0DyEtByE0E0BtG0A0DyByCtGyEyB0BtCtG0Bzy0FtDtG0E0DzzyC0ByB0CyE0B0AyBtA2Q&cr=231831904&ir=",), Replaced,[18d96f245a307abcad35f36ab551966a]

Physical Sectors: 0
(No malicious items detected)

(end)

*FRST.txt*

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Sabira (administrator) on HOMEOFFICE on 15-05-2015 20:50:27
Running from C:\Users\Sabira\Desktop
Loaded Profiles: Sabira (Available profiles: Sabira & fatem_000 & shami_000 & yamee_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.374.0\McCSPServiceHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [884440 2015-05-02] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-08-15] (Qualcomm®Atheros®)
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [PrtScr by FireStarter] => C:\Program Files (x86)\PrtScr\PrtScr.exe [2766336 2013-07-14] ()
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [GoogleChromeAutoLaunch_3C1B2192D11FF988E69B64C631FA80BC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [387536 2013-08-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [326224 2013-08-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-30]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-01-30]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{99D8B059-63AA-415B-A8F3-48A4F6E3D867}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55779;https=127.0.0.1:55779
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> {822BB52E-9C4D-4C06-B7CB-6BB3CE1D6F13} URL = 
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> {C2955A86-4974-4F3B-A59F-E7134FF2A874} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB977D20150203&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-08-15] (Qualcomm®Atheros®)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-30]

Chrome: 
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_cmi_14_36_ch&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyC0A0C0EyEtAyCzz0CzyyCtN0D0Tzu0SzyzztCtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0ByEtByEzz0ByDtGtCyC0FtBtG0AtCyE0EtGyB0DyEyEtGyByCzz0BzytD0AtA0Dzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0E0DyEtByE0E0BtG0A0DyByCtGyEyB0BtCtG0Bzy0FtDtG0E0DzzyC0ByB0CyE0B0AyBtA2Q&cr=231831904&ir=
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-16]
CHR Extension: (Pushbullet) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-03-28]
CHR Extension: (SiteAdvisor) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-17]
CHR Extension: (AdBlock) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-08]
CHR Extension: (Bookmark Manager) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Hangouts) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-09-11]
CHR Extension: (Google Wallet) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-15] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-02] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [806616 2015-05-02] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [131072 2013-05-18] () [File not signed]
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [210808 2015-02-10] (Dell Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-13] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-04-17] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-15] (Qualcomm Atheros) [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3862736 2013-07-27] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-14] (Qualcomm Atheros, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145112 2015-05-02] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-08-15] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-09] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-09] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-08] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-05-08] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 20:02 - 2015-05-15 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-15 18:27 - 2015-05-15 18:27 - 51789024 _____ (Microsoft Corporation) C:\Users\Sabira\Desktop\Windows-KB890830-x64-V5.24.exe
2015-05-15 18:22 - 2015-05-15 20:07 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1001
2015-05-15 18:22 - 2015-05-15 18:22 - 00001553 _____ () C:\Users\Sabira\Desktop\JRT.txt
2015-05-15 18:20 - 2015-05-15 18:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOMEOFFICE-Windows-8.1-(64-bit).dat
2015-05-15 18:20 - 2015-05-15 18:20 - 00000000 ____D () C:\RegBackup
2015-05-15 18:17 - 2015-05-15 18:17 - 02721175 _____ (Thisisu) C:\Users\Sabira\Desktop\JRT.exe
2015-05-15 18:13 - 2015-05-15 18:13 - 00000000 ___RD () C:\Users\Sabira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-15 16:44 - 2015-05-15 18:11 - 00000000 ____D () C:\AdwCleaner
2015-05-15 16:43 - 2015-05-15 16:43 - 02209792 _____ () C:\Users\Sabira\Desktop\adwcleaner_4.204.exe
2015-05-15 13:33 - 2015-05-15 20:50 - 00026840 _____ () C:\Users\Sabira\Desktop\FRST.txt
2015-05-15 13:33 - 2015-05-15 20:50 - 00000000 ____D () C:\FRST
2015-05-15 13:33 - 2015-05-15 13:34 - 00034869 _____ () C:\Users\Sabira\Desktop\Addition.txt
2015-05-15 13:32 - 2015-05-15 13:32 - 02106368 _____ (Farbar) C:\Users\Sabira\Desktop\FRST64.exe
2015-05-13 19:37 - 2015-05-13 19:37 - 00001838 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-05-13 19:37 - 2015-05-13 19:37 - 00001821 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-05-13 19:33 - 2015-05-13 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-05-13 00:38 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 00:38 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-09 14:03 - 2015-05-11 16:16 - 00000000 ____D () C:\Users\Sabira\Documents\Bluetooth Folder
2015-05-08 23:01 - 2015-05-08 23:01 - 00509440 _____ (Tech Support Guy System) C:\Users\Sabira\Downloads\SysInfo.exe
2015-05-08 18:04 - 2015-05-08 18:04 - 13232896 _____ (DELL INC.) C:\Users\Sabira\Downloads\XPS_2720_A07.EXE
2015-05-08 18:04 - 2015-05-08 18:04 - 00031152 _____ () C:\Windows\system32\Drivers\pmxdrv.sys
2015-05-07 22:38 - 2015-05-07 22:38 - 00069611 _____ () C:\Users\Sabira\Desktop\sfcdetails.text
2015-05-06 23:22 - 2015-05-14 03:08 - 00000000 ____D () C:\Users\Sabira\Desktop\Cattery Bussiness and Buildings
2015-04-24 19:19 - 2015-04-24 19:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-24 19:19 - 2015-04-24 19:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-24 19:19 - 2015-04-24 19:19 - 00001409 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-24 19:19 - 2015-04-24 19:19 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-24 19:19 - 2015-04-24 19:19 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-24 19:19 - 2015-04-24 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-24 19:19 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-04-24 19:18 - 2015-04-24 19:18 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Sabira\Downloads\spybot-2.4.exe
2015-04-22 12:00 - 2015-05-15 17:20 - 00002600 _____ () C:\Windows\PFRO.log
2015-04-21 17:53 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-21 17:53 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-20 17:30 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-20 17:30 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-20 17:30 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-20 17:30 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-20 17:30 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-20 17:30 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-20 17:30 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-20 17:30 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-20 17:30 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-20 17:30 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-20 17:30 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-20 17:30 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-20 17:30 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-20 17:30 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-20 17:30 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-20 17:30 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-20 17:30 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-20 17:30 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-20 17:29 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-20 17:29 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-20 17:29 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-20 17:29 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-20 17:29 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-20 17:29 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-20 17:29 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-20 17:29 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-20 17:29 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-20 17:29 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-20 17:29 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-20 17:29 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-20 17:29 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-20 17:29 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-20 17:29 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-20 17:29 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-20 17:29 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-20 17:29 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-20 17:29 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-20 17:29 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-20 17:29 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-20 17:29 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-20 17:28 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-20 17:28 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-20 17:28 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-20 17:28 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 01:51 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 01:51 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 01:51 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 01:51 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 01:51 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 01:51 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 01:51 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 01:51 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 01:51 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 01:51 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 01:51 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 01:51 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 01:51 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 01:51 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 01:51 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 01:51 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 01:51 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 01:51 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-15 20:04 - 2015-02-15 22:21 - 01428972 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 20:04 - 2014-06-19 21:44 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-15 18:42 - 2014-06-19 20:45 - 00000000 __RDO () C:\Users\Sabira\SkyDrive
2015-05-15 18:39 - 2014-09-08 04:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-15 18:20 - 2014-01-30 06:45 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-15 18:17 - 2014-01-30 06:25 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 18:13 - 2014-06-19 21:44 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-15 18:12 - 2015-04-10 21:19 - 00006962 _____ () C:\Windows\setupact.log
2015-05-15 18:12 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-15 18:12 - 2013-08-22 14:25 - 01048576 ___SH () C:\Windows\system32\config\BBI
2015-05-15 17:41 - 2014-06-19 20:51 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2721A28C-B303-4BB3-8F48-1A3927178477}
2015-05-15 17:20 - 2014-09-08 02:40 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-15 17:20 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-15 17:18 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-15 17:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-15 11:28 - 2014-09-08 04:09 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-15 11:28 - 2014-09-08 04:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-15 11:28 - 2014-09-08 04:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-15 11:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-14 10:31 - 2014-06-20 02:31 - 00000000 ____D () C:\Users\Sabira\AppData\Roaming\Skype
2015-05-13 19:39 - 2014-11-23 14:28 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-13 19:37 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-13 19:33 - 2014-11-23 14:29 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-05-13 19:33 - 2014-11-23 14:29 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-05-13 12:56 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-08 19:12 - 2015-03-18 17:11 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-05-07 21:58 - 2014-06-19 20:42 - 00000000 ____D () C:\Users\Sabira
2015-05-06 23:17 - 2014-01-30 06:44 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-06 22:58 - 2014-06-21 03:57 - 00000000 ____D () C:\Users\Sabira\AppData\Local\CrashDumps
2015-05-01 19:23 - 2014-06-26 19:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-30 10:07 - 2014-06-19 22:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-29 19:38 - 2014-01-30 06:18 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-04-29 19:38 - 2014-01-30 06:18 - 00000000 ____D () C:\Windows\system32\NV
2015-04-29 16:50 - 2014-01-30 06:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-24 21:05 - 2014-09-30 11:36 - 00000000 ____D () C:\Users\shami_000
2015-04-24 21:05 - 2014-08-07 02:15 - 00000000 ____D () C:\Users\yamee_000
2015-04-24 21:05 - 2014-07-24 13:12 - 00000000 ____D () C:\Users\fatem_000
2015-04-23 17:13 - 2014-06-24 23:11 - 00000000 ____D () C:\Users\Sabira\AppData\Local\Microsoft Help
2015-04-22 16:12 - 2015-03-18 17:12 - 00003916 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-04-22 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-04-21 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-20 23:30 - 2014-12-11 03:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-20 23:30 - 2014-07-10 01:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-20 19:42 - 2014-06-19 22:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-20 19:38 - 2014-06-24 23:11 - 00000000 ____D () C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2014-09-08 02:44 - 2014-09-08 02:44 - 0616240 _____ (ClickMeIn Limited) C:\Users\Sabira\AppData\Local\nss5B63.tmp
2014-01-30 06:15 - 2014-01-30 06:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-30 06:41 - 2014-01-30 06:42 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-01-30 06:39 - 2014-01-30 06:39 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-01-30 06:39 - 2014-01-30 06:40 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-01-30 06:40 - 2014-01-30 06:41 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-01-30 06:39 - 2014-01-30 06:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Sabira\AppData\Local\Temp\Quarantine.exe
C:\Users\Sabira\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-15 15:02

==================== End Of Log ============================

*Addition.txt*

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02
Ran by Sabira at 2015-05-15 20:51:04
Running from C:\Users\Sabira\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2771644027-2860193389-1954980343-500 - Administrator - Disabled)
fatem_000 (S-1-5-21-2771644027-2860193389-1954980343-1004 - Limited - Enabled) => C:\Users\fatem_000
Guest (S-1-5-21-2771644027-2860193389-1954980343-501 - Limited - Disabled)
Sabira (S-1-5-21-2771644027-2860193389-1954980343-1001 - Administrator - Enabled) => C:\Users\Sabira
shami_000 (S-1-5-21-2771644027-2860193389-1954980343-1005 - Limited - Enabled) => C:\Users\shami_000
yamee_000 (S-1-5-21-2771644027-2860193389-1954980343-1006 - Limited - Enabled) => C:\Users\yamee_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.0 - Adobe Systems Incorporated.)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.50 - ArcSoft)
BitTorrent (HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\BitTorrent) (Version: 7.9.2.35144 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.24.4196 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{CF297F45-BB2C-4454-AEDA-EFAB01AFDCE3}) (Version: 0.9.24.4196 - BlueStack Systems, Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG7100 series User Registration (HKLM-x32\...\Canon MG7100 series User Registration) (Version: - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Update (HKLM-x32\...\{3F862535-33F3-4F3F-864E-6D4F6FD3258D}) (Version: 1.5.2000.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{594E7534-5ECB-4FAC-B26F-583B0CFCBCEC}) (Version: 1.00.0006 - DELL)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Kodi (HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Kodi) (Version: - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe  Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1599 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.210 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PDFMate Free PDF Merger 1.0.8 (HKLM-x32\...\PDFMate Free PDF Merger_is1) (Version: - pdfmate.com)
PerfV700_V750 User's Guide (HKLM-x32\...\PerfV700_V750 User's Guide) (Version: - )
PrtScr 1.7 (HKLM-x32\...\PrtScr_is1) (Version: - FireStarter)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.300 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{F7C7EFEC-D7AB-4BDE-B5FA-D76231DA4E80}) (Version: 1.0.31.1053 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SilverFast Epson-SE 6.6.1r2b (HKLM-x32\...\SilverFast Epson-SE) (Version: - LaserSoft Imaging AG)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

08-05-2015 14:56:42 Scheduled Checkpoint
13-05-2015 01:08:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14641721-6E16-40CD-A4EE-B86BA1AB0B8E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {1DBCBE56-38DB-45E8-A600-A8A493E46D0C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1E5C1056-AACB-42DD-851C-531272FC633F} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1006 No Task File <==== ATTENTION
Task: {208E31E3-3FCD-48B1-BF9E-242FF5584D4A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {2D372F3D-06A7-4F5B-BD74-5254CC71E8DB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-30] (Microsoft Corporation)
Task: {3FD92324-06BF-4DFF-B702-1C7B4581CFFB} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {400BB0A6-89F9-43DC-BF42-3056EB62A018} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {4997C862-57A0-417B-AA0E-D35A190DE21C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4C65E53E-0AEF-4A49-9842-A3B3C51560B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
Task: {633BC3C6-1F19-4998-859B-DFCBEC3D2E92} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {6E4FBD85-F084-4E4B-A720-98259CDC32EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {7452D166-04C2-4DB1-A5FE-A607D2730CAD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {83C9C36D-1B68-48A3-BB87-76C55E1A6CE6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {864D3E13-5C03-4906-B33A-C7B8EA3DFB22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {93710550-E8E4-4846-9858-D1E824535216} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1005 No Task File <==== ATTENTION
Task: {9EDAD025-F1D6-4509-8D9D-137EA2EB4DF5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {B6FEB39C-BEB1-406D-986B-D9FAE6D3ECD4} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1003 No Task File <==== ATTENTION
Task: {BC923CAD-AE82-4886-B6A6-4575DC1B98E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C4EBB37B-BF54-4F58-A310-0C2E69F57048} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1004 No Task File <==== ATTENTION
Task: {CEE2EF38-FCF8-49E9-8655-E065CDC856BB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {E69149DF-81FC-41D7-B301-6791C1EF3CCF} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2771644027-2860193389-1954980343-1001
Task: {EF547238-D25B-46D1-9239-DC89003AD957} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: {F23931A0-D44B-407D-83D1-0282969F8DC5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-30 05:21 - 2013-08-02 09:40 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-26 19:37 - 2013-05-14 10:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-13 04:06 - 2013-08-13 04:06 - 00198120 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-13 04:06 - 2013-08-13 04:06 - 00054760 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-13 04:06 - 2013-08-13 04:06 - 00034792 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2015-05-09 14:04 - 2015-05-09 14:05 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-04-24 19:19 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-24 19:19 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-24 19:19 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-24 19:19 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-24 19:19 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-30 06:30 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-05-15 11:04 - 2015-05-05 05:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-15 11:04 - 2015-05-05 05:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-05-15 11:04 - 2015-05-05 05:06 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\fatem_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Sabira\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\shami_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\yamee_000\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\skype.com -> hxxps://apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Pirelli_FINAL.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CE95F662-1AAE-4774-85BF-558C8BAE6900}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F7EF53B6-0F41-4780-B98E-F4ED80D28EA1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{8D3CC3A6-1D74-4101-91FD-C486E0BA19CE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0C47A2DC-DA98-4215-8027-28D4C0FA16A3}] => (Allow) LPort=2869
FirewallRules: [{D425AF95-2FA5-4532-BBB8-1B197AB83F22}] => (Allow) LPort=1900
FirewallRules: [{5EBD23DE-5F2F-4265-B6BA-871446A6A3A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{057A051A-47AE-4841-B7CA-7EB24294C3A3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{41560567-4A1A-408B-BC99-A4C2CAA3FC57}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F0E8ADF6-7B14-4DAE-AC1E-B99D7DD22C89}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B121C86A-0F76-45AF-AADE-8C15EC013896}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3E059A50-FA45-425A-88FF-11650DF99834}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F1D29C0B-1483-477B-9E8C-288DEB0372C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2015 06:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000000d
Fault offset: 0x0000000000101e60
Faulting process id: 0x50c
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5

Error: (05/15/2015 02:55:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a54

Start Time: 01d08eb04397cd32

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8027c0f5-faa5-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 02:41:56 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (05/15/2015 02:34:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f8

Start Time: 01d08daab87c7c64

Termination Time: 25

Application Path: C:\Windows\Explorer.EXE

Report Id: 776242fb-faa2-11e4-82be-543530a68c7a

Faulting package full name:

Faulting package-relative application ID:

Error: (05/15/2015 01:27:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a90

Start Time: 01d08ea2ee0c960a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 1ec2d6fe-fa99-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 01:00:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f58

Start Time: 01d08ea10b602e20

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 55b43e6b-fa95-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 00:42:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2370

Start Time: 01d08e9b34625df8

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e7e7e0da-fa92-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/14/2015 11:48:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2be8

Start Time: 01d08e97037f7ee0

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 5062ffef-fa8b-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/14/2015 11:06:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 282c

Start Time: 01d08e8ea1cdfa05

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 6effa947-fa85-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/14/2015 10:09:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2260

Start Time: 01d08e893fe32a2a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8cc6d246-fa7d-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (05/15/2015 08:50:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 08:50:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 08:50:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 08:50:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 08:50:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 08:50:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 08:50:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 08:50:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 08:50:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Error: (05/15/2015 08:50:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Browser service failed to start due to the following error: 
%%1053

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440S CPU @ 2.80GHz
Percentage of memory in use: 33%
Total physical RAM: 8117.98 MB
Available physical RAM: 5395.75 MB
Total Pagefile: 9461.98 MB
Available Pagefile: 5486.31 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.42 GB) (Free:833.9 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:9.44 GB) (Free:0.68 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E02AF0F9)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## kevinf80 (Mar 21, 2006)

Thanks for those logs, still work to do....

Uninstall Spybot S&D, re-boot when complete....

Next,

*Backup the Registry:*

_Modifying the *Registry* can create unforeseen problems, so it's always wise to create a backup before doing so._


Please download *ERUNT* from one of the following links: Link1 | Link2 | Link3
_*ERUNT* (*E*mergency *R*ecovery *U*tility *NT*) is a free program that allows you to keep a complete backup of your registry and restore it when needed._
Double click on *erunt-setup.exe* to Install *ERUNT* by following the prompts.
*NOTE: *Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start *ERUNT* either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.

_*Note:* the default location is *C:\Windows\ERDNT* which is acceptable._

Make sure that at least the first two check boxes are selected.










Click on *OK*
Then click on *YES* to create the folder.
_*Note:* if it is necessary to restore the registry, open the backup folder and start *ERDNT.exe*_

Next,

Select start, Type or copy/paste *notepad.exe* into the search box and press Enter.

Notepad will open. Copy the following script and paste it to Notepad.


```
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
```
Go to File menu and select *Save as*.
Make sure that the Save as type option is set to *All Files (*.*)* and the place to save will be your desktop.

Name the file *fix.reg* and select Save.

The file *fix.reg* file should now be located onto your desktop.

Import the file into the registry as follows:

Locate the *fix.reg* file on your desktop.
Right-click on the *fix.reg* file and select Merge.
You'll be prompted about adding the information to the registry. Accept any prompts...

When complete re-boot your system.....

Next,

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Next,

To go for a clean install of Chrome do the following:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Enable Flash Block to Chrome: http://www.howtogeek.com/58058/how-to-enable-flashblock-in-chrome-and-make-it-5000-more-secure/

Import your Bookmarks back.....

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

Thanks,

Kevin...


----------



## Compash (Jan 9, 2006)

I am on the step, where I am trying to un-install the chrome, but it won't allow me, asking me to close chrome, including windows 8 app. Which I did. But it still keep asking me to do that (which I obviously did). I closed everything. Still it won't work.


----------



## kevinf80 (Mar 21, 2006)

Boot to Safemode then uninstall Chrome.


----------



## Compash (Jan 9, 2006)

Will that allow me to have the option to delete all of the browsing datas/caches?


----------



## kevinf80 (Mar 21, 2006)

Not really sure, never actually done it myself. Give it a run and see what happens..


----------



## Compash (Jan 9, 2006)

On chrome://flags, I cant find "Click to Play" <---- to enable flashblock in chrome

So I cant follow the instruction on:http://www.howtogeek.com/58058/how-to-enable-flashblock-in-chrome-and-make-it-5000-more-secure/


----------



## kevinf80 (Mar 21, 2006)

Miss that step and continue...

***Edit***

Just noticed you`ve used the wrong syntax, you list *chrome://flags* it should be *chrome:flags*


----------



## Compash (Jan 9, 2006)

I did type: about:flags but it will turn into chrome://flags once I press enter key. Strange. And Click to play is nowhere to be seen.


----------



## kevinf80 (Mar 21, 2006)

Ok just miss that step and continue. I do not have Chrome installed so cannot check it out myself.


----------



## Compash (Jan 9, 2006)

*FRT.txt*

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Sabira (administrator) on HOMEOFFICE on 16-05-2015 00:27:38
Running from C:\Users\Sabira\Desktop
Loaded Profiles: Sabira (Available profiles: Sabira & fatem_000 & shami_000 & yamee_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Dell Inc.) C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.374.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\PrtScr\PrtScr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [884440 2015-05-02] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-08-15] (Qualcomm®Atheros®)
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [PrtScr by FireStarter] => C:\Program Files (x86)\PrtScr\PrtScr.exe [2766336 2013-07-14] ()
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [387536 2013-08-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [326224 2013-08-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-30]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-01-30]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{99D8B059-63AA-415B-A8F3-48A4F6E3D867}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55779;https=127.0.0.1:55779
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> DefaultScope {C2955A86-4974-4F3B-A59F-E7134FF2A874} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB977D20150203&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> {822BB52E-9C4D-4C06-B7CB-6BB3CE1D6F13} URL = 
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> {C2955A86-4974-4F3B-A59F-E7134FF2A874} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB977D20150203&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-08-15] (Qualcomm®Atheros®)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-30]

Chrome: 
=======
CHR Profile: C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-16]
CHR Extension: (YouTube) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-16]
CHR Extension: (Adblock Plus) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-16]
CHR Extension: (Google Search) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-16]
CHR Extension: (Google Sheets) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (SiteAdvisor) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-16]
CHR Extension: (Skype Click to Call) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Gmail) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-15] (Windows (R) Win 7 DDK provider) [File not signed]
R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-05-02] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-02] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [806616 2015-05-02] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [131072 2013-05-18] () [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [210808 2015-02-10] (Dell Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-04-17] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-15] (Qualcomm Atheros) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3862736 2013-07-27] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-14] (Qualcomm Atheros, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145112 2015-05-02] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-08-15] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-09] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-09] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-08] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-05-08] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 00:09 - 2015-05-16 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-16 00:06 - 2015-05-16 00:11 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 00:06 - 2015-05-16 00:11 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-16 00:06 - 2015-05-16 00:06 - 00002281 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-16 00:06 - 2015-05-16 00:06 - 00000000 ___RD () C:\Users\Sabira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-16 00:06 - 2015-05-16 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-15 23:57 - 2015-05-15 23:57 - 00000000 ____D () C:\Windows\pss
2015-05-15 23:10 - 2015-05-15 23:10 - 00204607 _____ () C:\Users\Sabira\Desktop\bookmarks_15_05_2015.html
2015-05-15 23:03 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 23:03 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 22:54 - 2015-05-15 22:54 - 00000377 _____ () C:\Users\Sabira\Desktop\fix.reg
2015-05-15 22:51 - 2015-05-15 22:51 - 00000000 ____D () C:\Windows\ERDNT
2015-05-15 22:49 - 2015-05-15 22:49 - 00000942 _____ () C:\Users\yamee_000\Desktop\NTREGOPT.lnk
2015-05-15 22:49 - 2015-05-15 22:49 - 00000942 _____ () C:\Users\shami_000\Desktop\NTREGOPT.lnk
2015-05-15 22:49 - 2015-05-15 22:49 - 00000942 _____ () C:\Users\Sabira\Desktop\NTREGOPT.lnk
2015-05-15 22:49 - 2015-05-15 22:49 - 00000942 _____ () C:\Users\fatem_000\Desktop\NTREGOPT.lnk
2015-05-15 22:49 - 2015-05-15 22:49 - 00000923 _____ () C:\Users\yamee_000\Desktop\ERUNT.lnk
2015-05-15 22:49 - 2015-05-15 22:49 - 00000923 _____ () C:\Users\shami_000\Desktop\ERUNT.lnk
2015-05-15 22:49 - 2015-05-15 22:49 - 00000923 _____ () C:\Users\Sabira\Desktop\ERUNT.lnk
2015-05-15 22:49 - 2015-05-15 22:49 - 00000923 _____ () C:\Users\fatem_000\Desktop\ERUNT.lnk
2015-05-15 22:49 - 2015-05-15 22:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-05-15 22:49 - 2015-05-15 22:49 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-05-15 22:47 - 2015-05-15 22:48 - 00791393 _____ (Lars Hederer ) C:\Users\Sabira\Desktop\erunt-setup.exe
2015-05-15 22:46 - 2015-05-15 22:46 - 00000085 _____ () C:\Windows\wininit.ini
2015-05-15 22:46 - 2015-05-15 22:46 - 00000000 ____D () C:\ProgramData\PCDr
2015-05-15 18:27 - 2015-05-15 18:27 - 51789024 _____ (Microsoft Corporation) C:\Users\Sabira\Desktop\Windows-KB890830-x64-V5.24.exe
2015-05-15 18:22 - 2015-05-16 00:10 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1001
2015-05-15 18:22 - 2015-05-15 18:22 - 00001553 _____ () C:\Users\Sabira\Desktop\JRT.txt
2015-05-15 18:20 - 2015-05-15 18:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOMEOFFICE-Windows-8.1-(64-bit).dat
2015-05-15 18:20 - 2015-05-15 18:20 - 00000000 ____D () C:\RegBackup
2015-05-15 18:17 - 2015-05-15 18:17 - 02721175 _____ (Thisisu) C:\Users\Sabira\Desktop\JRT.exe
2015-05-15 16:44 - 2015-05-15 18:11 - 00000000 ____D () C:\AdwCleaner
2015-05-15 16:43 - 2015-05-15 16:43 - 02209792 _____ () C:\Users\Sabira\Desktop\adwcleaner_4.204.exe
2015-05-15 13:33 - 2015-05-16 00:28 - 00029264 _____ () C:\Users\Sabira\Desktop\FRST.txt
2015-05-15 13:33 - 2015-05-16 00:27 - 00000000 ____D () C:\FRST
2015-05-15 13:33 - 2015-05-15 20:51 - 00032959 _____ () C:\Users\Sabira\Desktop\Addition.txt
2015-05-15 13:32 - 2015-05-15 13:32 - 02106368 _____ (Farbar) C:\Users\Sabira\Desktop\FRST64.exe
2015-05-13 19:37 - 2015-05-13 19:37 - 00001838 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-05-13 19:37 - 2015-05-13 19:37 - 00001821 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-05-13 19:33 - 2015-05-13 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-05-13 12:57 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-13 12:57 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-13 12:57 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-13 12:57 - 2015-03-17 18:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-13 12:57 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-13 12:57 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-13 12:57 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-13 12:57 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-13 12:57 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 12:57 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 12:57 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-13 12:57 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-13 12:57 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-13 12:57 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 12:57 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-13 12:57 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-13 12:56 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 12:56 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 12:56 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 12:56 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 12:56 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 12:56 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 12:56 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 12:56 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 12:56 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 12:56 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 12:56 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 12:56 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 12:56 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 12:56 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 12:56 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 12:56 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 12:56 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 12:56 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 12:56 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 12:56 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 12:56 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 12:56 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 12:56 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 12:56 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 12:56 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 12:56 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 12:56 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 12:56 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 12:56 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 12:56 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 12:56 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 12:56 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 12:56 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 12:56 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 12:56 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 12:56 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 12:56 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 12:56 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 12:56 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 12:56 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 12:56 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 12:56 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 12:56 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 12:56 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 12:56 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 12:56 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:56 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-13 12:56 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 12:56 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-13 12:56 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-13 12:56 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-13 12:56 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-13 12:56 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 12:56 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 12:56 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 12:56 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 12:56 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-13 12:56 - 2015-03-13 01:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-13 12:56 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 12:56 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 12:56 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-13 00:38 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 00:38 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-09 14:03 - 2015-05-11 16:16 - 00000000 ____D () C:\Users\Sabira\Documents\Bluetooth Folder
2015-05-08 23:01 - 2015-05-08 23:01 - 00509440 _____ (Tech Support Guy System) C:\Users\Sabira\Downloads\SysInfo.exe
2015-05-08 18:04 - 2015-05-08 18:04 - 13232896 _____ (DELL INC.) C:\Users\Sabira\Downloads\XPS_2720_A07.EXE
2015-05-08 18:04 - 2015-05-08 18:04 - 00031152 _____ () C:\Windows\system32\Drivers\pmxdrv.sys
2015-05-07 22:38 - 2015-05-07 22:38 - 00069611 _____ () C:\Users\Sabira\Desktop\sfcdetails.text
2015-05-06 23:22 - 2015-05-14 03:08 - 00000000 ____D () C:\Users\Sabira\Desktop\Cattery Bussiness and Buildings
2015-04-24 19:19 - 2015-05-15 22:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-24 19:19 - 2015-05-15 22:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-24 19:19 - 2015-04-24 19:19 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-24 19:18 - 2015-04-24 19:18 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Sabira\Downloads\spybot-2.4.exe
2015-04-22 12:00 - 2015-05-15 22:46 - 00005166 _____ () C:\Windows\PFRO.log
2015-04-21 17:53 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-21 17:53 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-20 17:30 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-20 17:30 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-20 17:30 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-20 17:30 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-20 17:30 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-20 17:30 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-20 17:30 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-20 17:30 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-20 17:30 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-20 17:30 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-20 17:30 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-20 17:30 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-20 17:30 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-20 17:30 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-20 17:30 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-20 17:29 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-20 17:28 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-20 17:28 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-20 17:28 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-20 17:28 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 00:17 - 2015-02-15 22:21 - 01790419 _____ () C:\Windows\WindowsUpdate.log
2015-05-16 00:15 - 2014-06-19 20:51 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2721A28C-B303-4BB3-8F48-1A3927178477}
2015-05-16 00:12 - 2014-01-30 06:45 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-16 00:09 - 2014-01-30 06:25 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-16 00:06 - 2014-06-19 21:44 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 00:06 - 2014-06-19 21:44 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 00:06 - 2014-06-19 21:44 - 00000000 ____D () C:\Users\Sabira\AppData\Local\Google
2015-05-16 00:06 - 2014-06-19 21:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-16 00:06 - 2014-06-19 21:43 - 00000000 ____D () C:\Users\Sabira\AppData\Local\Deployment
2015-05-16 00:05 - 2015-04-10 21:19 - 00007990 _____ () C:\Windows\setupact.log
2015-05-16 00:05 - 2014-06-19 20:45 - 00000000 ___DO () C:\Users\Sabira\SkyDrive
2015-05-16 00:05 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-16 00:04 - 2013-08-22 14:25 - 01048576 ___SH () C:\Windows\system32\config\BBI
2015-05-15 23:54 - 2014-06-20 02:31 - 00000000 ____D () C:\Users\Sabira\AppData\Roaming\Skype
2015-05-15 23:07 - 2014-09-01 21:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 23:07 - 2014-09-01 21:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 23:07 - 2013-08-22 15:44 - 00498120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 23:06 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-15 23:06 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-15 23:06 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 23:04 - 2014-06-24 23:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-15 22:59 - 2014-09-01 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 22:56 - 2013-08-22 20:12 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 20:57 - 2014-09-08 04:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-15 17:20 - 2014-09-08 02:40 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-15 17:20 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-15 17:18 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-15 17:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-15 11:28 - 2014-09-08 04:09 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-15 11:28 - 2014-09-08 04:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-15 11:28 - 2014-09-08 04:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-15 11:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-13 19:39 - 2014-11-23 14:28 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-13 19:37 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-13 19:33 - 2014-11-23 14:29 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-05-13 19:33 - 2014-11-23 14:29 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-05-08 19:12 - 2015-03-18 17:11 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-05-07 21:58 - 2014-06-19 20:42 - 00000000 ____D () C:\Users\Sabira
2015-05-06 23:17 - 2014-01-30 06:44 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-06 22:58 - 2014-06-21 03:57 - 00000000 ____D () C:\Users\Sabira\AppData\Local\CrashDumps
2015-05-05 18:59 - 2013-08-22 16:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 18:59 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 19:23 - 2014-06-26 19:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-30 10:07 - 2014-06-19 22:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-29 19:38 - 2014-01-30 06:18 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-04-29 19:38 - 2014-01-30 06:18 - 00000000 ____D () C:\Windows\system32\NV
2015-04-29 16:50 - 2014-01-30 06:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-24 21:05 - 2014-09-30 11:36 - 00000000 ____D () C:\Users\shami_000
2015-04-24 21:05 - 2014-08-07 02:15 - 00000000 ____D () C:\Users\yamee_000
2015-04-24 21:05 - 2014-07-24 13:12 - 00000000 ____D () C:\Users\fatem_000
2015-04-23 17:13 - 2014-06-24 23:11 - 00000000 ____D () C:\Users\Sabira\AppData\Local\Microsoft Help
2015-04-22 16:12 - 2015-03-18 17:12 - 00003916 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-04-22 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-04-21 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-20 23:30 - 2014-12-11 03:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-20 23:30 - 2014-07-10 01:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-20 19:42 - 2014-06-19 22:11 - 00000000 ____D () C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-09-08 02:44 - 2014-09-08 02:44 - 0616240 _____ (ClickMeIn Limited) C:\Users\Sabira\AppData\Local\nss5B63.tmp
2014-01-30 06:15 - 2014-01-30 06:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-30 06:41 - 2014-01-30 06:42 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-01-30 06:39 - 2014-01-30 06:39 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-01-30 06:39 - 2014-01-30 06:40 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-01-30 06:40 - 2014-01-30 06:41 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-01-30 06:39 - 2014-01-30 06:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Sabira\AppData\Local\Temp\Quarantine.exe
C:\Users\Sabira\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-15 15:02

==================== End Of Log ============================

*Addition.txt*
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02
Ran by Sabira at 2015-05-16 00:28:13
Running from C:\Users\Sabira\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2771644027-2860193389-1954980343-500 - Administrator - Disabled)
fatem_000 (S-1-5-21-2771644027-2860193389-1954980343-1004 - Limited - Enabled) => C:\Users\fatem_000
Guest (S-1-5-21-2771644027-2860193389-1954980343-501 - Limited - Disabled)
Sabira (S-1-5-21-2771644027-2860193389-1954980343-1001 - Administrator - Enabled) => C:\Users\Sabira
shami_000 (S-1-5-21-2771644027-2860193389-1954980343-1005 - Limited - Enabled) => C:\Users\shami_000
yamee_000 (S-1-5-21-2771644027-2860193389-1954980343-1006 - Limited - Enabled) => C:\Users\yamee_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.0 - Adobe Systems Incorporated.)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.50 - ArcSoft)
BitTorrent (HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\BitTorrent) (Version: 7.9.2.35144 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.24.4196 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{CF297F45-BB2C-4454-AEDA-EFAB01AFDCE3}) (Version: 0.9.24.4196 - BlueStack Systems, Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG7100 series User Registration (HKLM-x32\...\Canon MG7100 series User Registration) (Version: - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Update (HKLM-x32\...\{3F862535-33F3-4F3F-864E-6D4F6FD3258D}) (Version: 1.5.2000.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{594E7534-5ECB-4FAC-B26F-583B0CFCBCEC}) (Version: 1.00.0006 - DELL)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Kodi (HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Kodi) (Version: - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe  Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1599 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.210 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PDFMate Free PDF Merger 1.0.8 (HKLM-x32\...\PDFMate Free PDF Merger_is1) (Version: - pdfmate.com)
PerfV700_V750 User's Guide (HKLM-x32\...\PerfV700_V750 User's Guide) (Version: - )
PrtScr 1.7 (HKLM-x32\...\PrtScr_is1) (Version: - FireStarter)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.300 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{F7C7EFEC-D7AB-4BDE-B5FA-D76231DA4E80}) (Version: 1.0.31.1053 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SilverFast Epson-SE 6.6.1r2b (HKLM-x32\...\SilverFast Epson-SE) (Version: - LaserSoft Imaging AG)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

13-05-2015 01:08:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1DBCBE56-38DB-45E8-A600-A8A493E46D0C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1E5C1056-AACB-42DD-851C-531272FC633F} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1006 No Task File <==== ATTENTION
Task: {208E31E3-3FCD-48B1-BF9E-242FF5584D4A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {3FD92324-06BF-4DFF-B702-1C7B4581CFFB} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {400BB0A6-89F9-43DC-BF42-3056EB62A018} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {4C65E53E-0AEF-4A49-9842-A3B3C51560B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {633BC3C6-1F19-4998-859B-DFCBEC3D2E92} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {6E4FBD85-F084-4E4B-A720-98259CDC32EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {7452D166-04C2-4DB1-A5FE-A607D2730CAD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {83C9C36D-1B68-48A3-BB87-76C55E1A6CE6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {864D3E13-5C03-4906-B33A-C7B8EA3DFB22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {93710550-E8E4-4846-9858-D1E824535216} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1005 No Task File <==== ATTENTION
Task: {9EDAD025-F1D6-4509-8D9D-137EA2EB4DF5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {B6FEB39C-BEB1-406D-986B-D9FAE6D3ECD4} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1003 No Task File <==== ATTENTION
Task: {BC923CAD-AE82-4886-B6A6-4575DC1B98E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C4EBB37B-BF54-4F58-A310-0C2E69F57048} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1004 No Task File <==== ATTENTION
Task: {CEE2EF38-FCF8-49E9-8655-E065CDC856BB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {D44437E4-240E-4FD7-8B76-BC688A966CE3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-30] (Microsoft Corporation)
Task: {E69149DF-81FC-41D7-B301-6791C1EF3CCF} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2771644027-2860193389-1954980343-1001
Task: {EF547238-D25B-46D1-9239-DC89003AD957} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-30 05:21 - 2013-08-02 09:40 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-30 06:14 - 2013-08-01 14:22 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-30 06:30 - 2013-05-18 02:12 - 00131072 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2014-06-26 19:37 - 2013-05-14 10:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-13 04:06 - 2013-08-13 04:06 - 00198120 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-13 04:06 - 2013-08-13 04:06 - 00054760 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-13 04:06 - 2013-08-13 04:06 - 00034792 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-01-30 06:30 - 2013-01-26 07:29 - 00544768 _____ () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
2013-08-15 12:48 - 2013-08-15 12:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-08-15 12:45 - 2013-08-15 12:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-08-15 12:52 - 2013-08-15 12:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-09-08 15:25 - 2013-07-14 17:19 - 02766336 _____ () C:\Program Files (x86)\PrtScr\PrtScr.exe
2013-08-15 21:03 - 2013-08-15 21:03 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-09-08 15:25 - 2013-06-06 14:44 - 18730496 _____ () C:\Program Files (x86)\PrtScr\dsp_ipp.dll
2014-09-08 15:25 - 2013-04-11 02:18 - 00509440 _____ () C:\Program Files (x86)\PrtScr\QuickFontCache.dll
2014-09-08 15:25 - 2013-04-06 09:26 - 00487424 _____ () C:\Program Files (x86)\PrtScr\freetype.dll
2014-06-22 16:58 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-06-22 16:58 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-01-30 06:39 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 20:41 - 2013-03-05 20:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-01-30 06:30 - 2013-08-09 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-16 00:06 - 2015-05-05 05:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-16 00:06 - 2015-05-05 05:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-02-26 17:07 - 2015-02-09 16:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-01-30 06:46 - 2012-11-26 07:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 17:07 - 2014-02-18 19:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\fatem_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Sabira\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\shami_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\yamee_000\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\skype.com -> hxxps://apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Pirelli_FINAL.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CE95F662-1AAE-4774-85BF-558C8BAE6900}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F7EF53B6-0F41-4780-B98E-F4ED80D28EA1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{8D3CC3A6-1D74-4101-91FD-C486E0BA19CE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0C47A2DC-DA98-4215-8027-28D4C0FA16A3}] => (Allow) LPort=2869
FirewallRules: [{D425AF95-2FA5-4532-BBB8-1B197AB83F22}] => (Allow) LPort=1900
FirewallRules: [{5EBD23DE-5F2F-4265-B6BA-871446A6A3A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{057A051A-47AE-4841-B7CA-7EB24294C3A3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{41560567-4A1A-408B-BC99-A4C2CAA3FC57}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F0E8ADF6-7B14-4DAE-AC1E-B99D7DD22C89}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B121C86A-0F76-45AF-AADE-8C15EC013896}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3E059A50-FA45-425A-88FF-11650DF99834}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5DF7AAA4-BF0D-44B2-851C-1DEF08E1A65A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2015 11:53:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000000d
Fault offset: 0x0000000000101e60
Faulting process id: 0x7e4
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5

Error: (05/15/2015 11:06:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000000d
Fault offset: 0x0000000000101e60
Faulting process id: 0x490
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5

Error: (05/15/2015 06:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000000d
Fault offset: 0x0000000000101e60
Faulting process id: 0x50c
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5

Error: (05/15/2015 02:55:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a54

Start Time: 01d08eb04397cd32

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8027c0f5-faa5-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 02:41:56 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (05/15/2015 02:34:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f8

Start Time: 01d08daab87c7c64

Termination Time: 25

Application Path: C:\Windows\Explorer.EXE

Report Id: 776242fb-faa2-11e4-82be-543530a68c7a

Faulting package full name:

Faulting package-relative application ID:

Error: (05/15/2015 01:27:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a90

Start Time: 01d08ea2ee0c960a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 1ec2d6fe-fa99-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 01:00:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f58

Start Time: 01d08ea10b602e20

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 55b43e6b-fa95-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 00:42:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2370

Start Time: 01d08e9b34625df8

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e7e7e0da-fa92-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/14/2015 11:48:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2be8

Start Time: 01d08e97037f7ee0

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 5062ffef-fa8b-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (05/16/2015 00:04:57 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/16/2015 00:04:46 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/16/2015 00:04:11 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/16/2015 00:03:33 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084mccspsvcUnavailable{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}

Error: (05/16/2015 00:03:33 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084mccspsvcUnavailable{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}

Error: (05/16/2015 00:03:06 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/16/2015 00:02:13 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/16/2015 00:02:12 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/16/2015 00:02:12 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/16/2015 00:02:11 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440S CPU @ 2.80GHz
Percentage of memory in use: 62%
Total physical RAM: 8117.98 MB
Available physical RAM: 3028.9 MB
Total Pagefile: 9461.98 MB
Available Pagefile: 4073.01 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.42 GB) (Free:837.71 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:9.44 GB) (Free:0.68 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E02AF0F9)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## kevinf80 (Mar 21, 2006)

Astromenda seems to have gone, unfortunately the proxy server nuisance is still there, do the following...

Run ERUNT and make a registry back up...

Next,

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:


```
Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings"=-
"DefaultConnectionSettings"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=-
"ProxyServer"=-
```
Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

Next navigate to your desktop, and enter the file name *fixme.reg*, and click Save.

You should now find a new file on your desktop named *fixme.reg*. Double click on *fixme.reg*. You will get a warning,
agree to the merge, and then a message the file has been merged will immediately pop up.

Then reboot.

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....


----------



## Compash (Jan 9, 2006)

*FRST.txt*

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Sabira (administrator) on HOMEOFFICE on 16-05-2015 00:52:10
Running from C:\Users\Sabira\Desktop
Loaded Profiles: Sabira (Available profiles: Sabira & fatem_000 & shami_000 & yamee_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Dell Inc.) C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.374.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
() C:\Program Files (x86)\PrtScr\PrtScr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\koala.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotifications.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\pcdrcui.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [884440 2015-05-02] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-08-15] (Qualcomm®Atheros®)
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [PrtScr by FireStarter] => C:\Program Files (x86)\PrtScr\PrtScr.exe [2766336 2013-07-14] ()
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [387536 2013-08-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [326224 2013-08-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-01-30]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-01-30]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{99D8B059-63AA-415B-A8F3-48A4F6E3D867}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> DefaultScope {C2955A86-4974-4F3B-A59F-E7134FF2A874} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB977D20150203&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> {822BB52E-9C4D-4C06-B7CB-6BB3CE1D6F13} URL = 
SearchScopes: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> {C2955A86-4974-4F3B-A59F-E7134FF2A874} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB977D20150203&p={searchTerms}
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-08-15] (Qualcomm®Atheros®)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-30]

Chrome: 
=======
CHR Profile: C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-16]
CHR Extension: (YouTube) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-16]
CHR Extension: (Adblock Plus) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-16]
CHR Extension: (Google Search) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-16]
CHR Extension: (Google Sheets) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (SiteAdvisor) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-16]
CHR Extension: (Skype Click to Call) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Gmail) - C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-15] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-02] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [806616 2015-05-02] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [131072 2013-05-18] () [File not signed]
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [210808 2015-02-10] (Dell Inc.)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-13] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-04-17] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-15] (Qualcomm Atheros) [File not signed]
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 akwbx; C:\Windows\system32\DRIVERS\akwbx64.sys [3862736 2013-07-27] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-14] (Qualcomm Atheros, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145112 2015-05-02] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-08-15] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-09] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-09] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-08] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-05-08] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 00:52 - 2015-05-16 00:52 - 00000000 ___RD () C:\Users\Sabira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-16 00:09 - 2015-05-16 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-16 00:06 - 2015-05-16 00:51 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-16 00:06 - 2015-05-16 00:11 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 00:06 - 2015-05-16 00:06 - 00002281 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-16 00:06 - 2015-05-16 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-15 23:57 - 2015-05-15 23:57 - 00000000 ____D () C:\Windows\pss
2015-05-15 23:10 - 2015-05-15 23:10 - 00204607 _____ () C:\Users\Sabira\Desktop\bookmarks_15_05_2015.html
2015-05-15 23:03 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 23:03 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 22:54 - 2015-05-16 00:49 - 00000308 _____ () C:\Users\Sabira\Desktop\fix.reg
2015-05-15 22:51 - 2015-05-15 22:51 - 00000000 ____D () C:\Windows\ERDNT
2015-05-15 22:49 - 2015-05-16 00:44 - 00000942 _____ () C:\Users\yamee_000\Desktop\NTREGOPT.lnk
2015-05-15 22:49 - 2015-05-16 00:44 - 00000942 _____ () C:\Users\shami_000\Desktop\NTREGOPT.lnk
2015-05-15 22:49 - 2015-05-16 00:44 - 00000942 _____ () C:\Users\Sabira\Desktop\NTREGOPT.lnk
2015-05-15 22:49 - 2015-05-16 00:44 - 00000942 _____ () C:\Users\fatem_000\Desktop\NTREGOPT.lnk
2015-05-15 22:49 - 2015-05-16 00:44 - 00000923 _____ () C:\Users\yamee_000\Desktop\ERUNT.lnk
2015-05-15 22:49 - 2015-05-16 00:44 - 00000923 _____ () C:\Users\shami_000\Desktop\ERUNT.lnk
2015-05-15 22:49 - 2015-05-16 00:44 - 00000923 _____ () C:\Users\Sabira\Desktop\ERUNT.lnk
2015-05-15 22:49 - 2015-05-16 00:44 - 00000923 _____ () C:\Users\fatem_000\Desktop\ERUNT.lnk
2015-05-15 22:49 - 2015-05-16 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-05-15 22:49 - 2015-05-16 00:44 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-05-15 22:47 - 2015-05-15 22:48 - 00791393 _____ (Lars Hederer ) C:\Users\Sabira\Desktop\erunt-setup.exe
2015-05-15 22:46 - 2015-05-15 22:46 - 00000085 _____ () C:\Windows\wininit.ini
2015-05-15 22:46 - 2015-05-15 22:46 - 00000000 ____D () C:\ProgramData\PCDr
2015-05-15 18:27 - 2015-05-15 18:27 - 51789024 _____ (Microsoft Corporation) C:\Users\Sabira\Desktop\Windows-KB890830-x64-V5.24.exe
2015-05-15 18:22 - 2015-05-16 00:49 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1001
2015-05-15 18:22 - 2015-05-15 18:22 - 00001553 _____ () C:\Users\Sabira\Desktop\JRT.txt
2015-05-15 18:20 - 2015-05-15 18:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HOMEOFFICE-Windows-8.1-(64-bit).dat
2015-05-15 18:20 - 2015-05-15 18:20 - 00000000 ____D () C:\RegBackup
2015-05-15 18:17 - 2015-05-15 18:17 - 02721175 _____ (Thisisu) C:\Users\Sabira\Desktop\JRT.exe
2015-05-15 16:44 - 2015-05-15 18:11 - 00000000 ____D () C:\AdwCleaner
2015-05-15 16:43 - 2015-05-15 16:43 - 02209792 _____ () C:\Users\Sabira\Desktop\adwcleaner_4.204.exe
2015-05-15 13:33 - 2015-05-16 00:52 - 00026935 _____ () C:\Users\Sabira\Desktop\FRST.txt
2015-05-15 13:33 - 2015-05-16 00:52 - 00000000 ____D () C:\FRST
2015-05-15 13:33 - 2015-05-16 00:28 - 00032289 _____ () C:\Users\Sabira\Desktop\Addition.txt
2015-05-15 13:32 - 2015-05-15 13:32 - 02106368 _____ (Farbar) C:\Users\Sabira\Desktop\FRST64.exe
2015-05-13 19:37 - 2015-05-13 19:37 - 00001838 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-05-13 19:37 - 2015-05-13 19:37 - 00001821 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-05-13 19:33 - 2015-05-13 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-05-13 12:57 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-13 12:57 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-13 12:57 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-13 12:57 - 2015-03-17 18:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-13 12:57 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-13 12:57 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-13 12:57 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-13 12:57 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-13 12:57 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 12:57 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 12:57 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-13 12:57 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-13 12:57 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-13 12:57 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 12:57 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-13 12:57 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-13 12:56 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 12:56 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 12:56 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 12:56 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 12:56 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 12:56 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 12:56 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 12:56 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 12:56 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 12:56 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 12:56 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 12:56 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 12:56 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 12:56 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 12:56 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 12:56 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 12:56 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 12:56 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 12:56 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 12:56 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 12:56 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 12:56 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 12:56 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 12:56 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 12:56 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 12:56 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 12:56 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 12:56 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 12:56 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 12:56 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 12:56 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 12:56 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 12:56 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 12:56 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 12:56 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 12:56 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 12:56 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 12:56 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 12:56 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 12:56 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 12:56 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 12:56 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 12:56 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 12:56 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 12:56 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 12:56 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:56 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-13 12:56 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 12:56 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-13 12:56 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-13 12:56 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-13 12:56 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-13 12:56 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 12:56 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 12:56 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 12:56 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 12:56 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-13 12:56 - 2015-03-13 01:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-13 12:56 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 12:56 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 12:56 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-13 00:38 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 00:38 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-09 14:03 - 2015-05-11 16:16 - 00000000 ____D () C:\Users\Sabira\Documents\Bluetooth Folder
2015-05-08 23:01 - 2015-05-08 23:01 - 00509440 _____ (Tech Support Guy System) C:\Users\Sabira\Downloads\SysInfo.exe
2015-05-08 18:04 - 2015-05-08 18:04 - 13232896 _____ (DELL INC.) C:\Users\Sabira\Downloads\XPS_2720_A07.EXE
2015-05-08 18:04 - 2015-05-08 18:04 - 00031152 _____ () C:\Windows\system32\Drivers\pmxdrv.sys
2015-05-07 22:38 - 2015-05-07 22:38 - 00069611 _____ () C:\Users\Sabira\Desktop\sfcdetails.text
2015-05-06 23:22 - 2015-05-14 03:08 - 00000000 ____D () C:\Users\Sabira\Desktop\Cattery Bussiness and Buildings
2015-04-24 19:19 - 2015-05-15 22:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-24 19:19 - 2015-05-15 22:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-24 19:19 - 2015-04-24 19:19 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-24 19:18 - 2015-04-24 19:18 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Sabira\Downloads\spybot-2.4.exe
2015-04-22 12:00 - 2015-05-16 00:51 - 00005482 _____ () C:\Windows\PFRO.log
2015-04-21 17:53 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-21 17:53 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-20 17:30 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-20 17:30 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-20 17:30 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-20 17:30 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-20 17:30 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-20 17:30 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-20 17:30 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-20 17:30 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-20 17:30 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-20 17:30 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-20 17:30 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-20 17:30 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-20 17:30 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-20 17:30 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-20 17:30 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-20 17:29 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-20 17:28 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-20 17:28 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-20 17:28 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-20 17:28 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-20 17:28 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 00:51 - 2015-04-10 21:19 - 00008247 _____ () C:\Windows\setupact.log
2015-05-16 00:51 - 2014-06-19 20:45 - 00000000 __RDO () C:\Users\Sabira\SkyDrive
2015-05-16 00:51 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-16 00:51 - 2013-08-22 14:25 - 01048576 ___SH () C:\Windows\system32\config\BBI
2015-05-16 00:32 - 2014-09-08 04:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-16 00:17 - 2015-02-15 22:21 - 01790419 _____ () C:\Windows\WindowsUpdate.log
2015-05-16 00:15 - 2014-06-19 20:51 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2721A28C-B303-4BB3-8F48-1A3927178477}
2015-05-16 00:12 - 2014-01-30 06:45 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-05-16 00:09 - 2014-01-30 06:25 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-16 00:06 - 2014-06-19 21:44 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 00:06 - 2014-06-19 21:44 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 00:06 - 2014-06-19 21:44 - 00000000 ____D () C:\Users\Sabira\AppData\Local\Google
2015-05-16 00:06 - 2014-06-19 21:44 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-16 00:06 - 2014-06-19 21:43 - 00000000 ____D () C:\Users\Sabira\AppData\Local\Deployment
2015-05-15 23:54 - 2014-06-20 02:31 - 00000000 ____D () C:\Users\Sabira\AppData\Roaming\Skype
2015-05-15 23:07 - 2014-09-01 21:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 23:07 - 2014-09-01 21:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 23:07 - 2013-08-22 15:44 - 00498120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 23:06 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-15 23:06 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-15 23:06 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 23:04 - 2014-06-24 23:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 23:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-15 22:59 - 2014-09-01 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 22:56 - 2013-08-22 20:12 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 17:20 - 2014-09-08 02:40 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-15 17:20 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-15 17:18 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-15 17:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-15 11:28 - 2014-09-08 04:09 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-15 11:28 - 2014-09-08 04:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-15 11:28 - 2014-09-08 04:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-15 11:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-13 19:39 - 2014-11-23 14:28 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-13 19:37 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-13 19:33 - 2014-11-23 14:29 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-05-13 19:33 - 2014-11-23 14:29 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-05-08 19:12 - 2015-03-18 17:11 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-05-07 21:58 - 2014-06-19 20:42 - 00000000 ____D () C:\Users\Sabira
2015-05-06 23:17 - 2014-01-30 06:44 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-06 22:58 - 2014-06-21 03:57 - 00000000 ____D () C:\Users\Sabira\AppData\Local\CrashDumps
2015-05-05 18:59 - 2013-08-22 16:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 18:59 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-01 19:23 - 2014-06-26 19:13 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-04-30 10:07 - 2014-06-19 22:11 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-29 19:38 - 2014-01-30 06:18 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-04-29 19:38 - 2014-01-30 06:18 - 00000000 ____D () C:\Windows\system32\NV
2015-04-29 16:50 - 2014-01-30 06:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-24 21:05 - 2014-09-30 11:36 - 00000000 ____D () C:\Users\shami_000
2015-04-24 21:05 - 2014-08-07 02:15 - 00000000 ____D () C:\Users\yamee_000
2015-04-24 21:05 - 2014-07-24 13:12 - 00000000 ____D () C:\Users\fatem_000
2015-04-23 17:13 - 2014-06-24 23:11 - 00000000 ____D () C:\Users\Sabira\AppData\Local\Microsoft Help
2015-04-22 16:12 - 2015-03-18 17:12 - 00003916 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-04-22 14:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-04-21 18:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-20 23:30 - 2014-12-11 03:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-20 23:30 - 2014-07-10 01:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-20 19:42 - 2014-06-19 22:11 - 00000000 ____D () C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-09-08 02:44 - 2014-09-08 02:44 - 0616240 _____ (ClickMeIn Limited) C:\Users\Sabira\AppData\Local\nss5B63.tmp
2014-01-30 06:15 - 2014-01-30 06:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-30 06:41 - 2014-01-30 06:42 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-01-30 06:39 - 2014-01-30 06:39 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-01-30 06:39 - 2014-01-30 06:40 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-01-30 06:40 - 2014-01-30 06:41 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-01-30 06:39 - 2014-01-30 06:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Sabira\AppData\Local\Temp\Quarantine.exe
C:\Users\Sabira\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-15 15:02

==================== End Of Log ============================

*Addition.txt*

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02
Ran by Sabira at 2015-05-16 00:52:37
Running from C:\Users\Sabira\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2771644027-2860193389-1954980343-500 - Administrator - Disabled)
fatem_000 (S-1-5-21-2771644027-2860193389-1954980343-1004 - Limited - Enabled) => C:\Users\fatem_000
Guest (S-1-5-21-2771644027-2860193389-1954980343-501 - Limited - Disabled)
Sabira (S-1-5-21-2771644027-2860193389-1954980343-1001 - Administrator - Enabled) => C:\Users\Sabira
shami_000 (S-1-5-21-2771644027-2860193389-1954980343-1005 - Limited - Enabled) => C:\Users\shami_000
yamee_000 (S-1-5-21-2771644027-2860193389-1954980343-1006 - Limited - Enabled) => C:\Users\yamee_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.0 - Adobe Systems Incorporated.)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.50 - ArcSoft)
BitTorrent (HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\BitTorrent) (Version: 7.9.2.35144 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.24.4196 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{CF297F45-BB2C-4454-AEDA-EFAB01AFDCE3}) (Version: 0.9.24.4196 - BlueStack Systems, Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG7100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7100_series) (Version: 1.00 - Canon Inc.)
Canon MG7100 series On-screen Manual (HKLM-x32\...\Canon MG7100 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG7100 series User Registration (HKLM-x32\...\Canon MG7100 series User Registration) (Version: - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Update (HKLM-x32\...\{3F862535-33F3-4F3F-864E-6D4F6FD3258D}) (Version: 1.5.2000.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{594E7534-5ECB-4FAC-B26F-583B0CFCBCEC}) (Version: 1.00.0006 - DELL)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Kodi (HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\Kodi) (Version: - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee LiveSafe  Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1599 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.210 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PDFMate Free PDF Merger 1.0.8 (HKLM-x32\...\PDFMate Free PDF Merger_is1) (Version: - pdfmate.com)
PerfV700_V750 User's Guide (HKLM-x32\...\PerfV700_V750 User's Guide) (Version: - )
PrtScr 1.7 (HKLM-x32\...\PrtScr_is1) (Version: - FireStarter)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.1.300 - Qualcomm Atheros Communications) Hidden
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.31.1053 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{F7C7EFEC-D7AB-4BDE-B5FA-D76231DA4E80}) (Version: 1.0.31.1053 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SilverFast Epson-SE 6.6.1r2b (HKLM-x32\...\SilverFast Epson-SE) (Version: - LaserSoft Imaging AG)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

13-05-2015 01:08:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1DBCBE56-38DB-45E8-A600-A8A493E46D0C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1E5C1056-AACB-42DD-851C-531272FC633F} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1006 No Task File <==== ATTENTION
Task: {208E31E3-3FCD-48B1-BF9E-242FF5584D4A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {3FD92324-06BF-4DFF-B702-1C7B4581CFFB} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {400BB0A6-89F9-43DC-BF42-3056EB62A018} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {4C65E53E-0AEF-4A49-9842-A3B3C51560B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {633BC3C6-1F19-4998-859B-DFCBEC3D2E92} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {6E4FBD85-F084-4E4B-A720-98259CDC32EB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {7452D166-04C2-4DB1-A5FE-A607D2730CAD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {83C9C36D-1B68-48A3-BB87-76C55E1A6CE6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {864D3E13-5C03-4906-B33A-C7B8EA3DFB22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {93710550-E8E4-4846-9858-D1E824535216} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1005 No Task File <==== ATTENTION
Task: {9EDAD025-F1D6-4509-8D9D-137EA2EB4DF5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {B6FEB39C-BEB1-406D-986B-D9FAE6D3ECD4} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1003 No Task File <==== ATTENTION
Task: {BC923CAD-AE82-4886-B6A6-4575DC1B98E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C4EBB37B-BF54-4F58-A310-0C2E69F57048} - \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1004 No Task File <==== ATTENTION
Task: {CEE2EF38-FCF8-49E9-8655-E065CDC856BB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {D44437E4-240E-4FD7-8B76-BC688A966CE3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-30] (Microsoft Corporation)
Task: {E69149DF-81FC-41D7-B301-6791C1EF3CCF} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2771644027-2860193389-1954980343-1001
Task: {EF547238-D25B-46D1-9239-DC89003AD957} - \PCDEventLauncherTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-30 05:21 - 2013-08-02 09:40 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-30 06:14 - 2013-08-01 14:22 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-30 06:30 - 2013-05-18 02:12 - 00131072 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2014-06-26 19:37 - 2013-05-14 10:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-13 04:06 - 2013-08-13 04:06 - 00198120 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-13 04:06 - 2013-08-13 04:06 - 00054760 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-13 04:06 - 2013-08-13 04:06 - 00034792 _____ () c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-01-30 06:30 - 2013-01-26 07:29 - 00544768 _____ () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
2015-05-09 14:04 - 2015-05-09 14:05 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-08-15 12:48 - 2013-08-15 12:48 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-08-15 12:45 - 2013-08-15 12:45 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-08-15 12:52 - 2013-08-15 12:52 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-09-08 15:25 - 2013-07-14 17:19 - 02766336 _____ () C:\Program Files (x86)\PrtScr\PrtScr.exe
2013-08-15 21:03 - 2013-08-15 21:03 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-04-01 11:15 - 2015-02-25 23:22 - 00545528 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll
2015-04-01 11:15 - 2015-02-25 23:22 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll
2015-04-01 11:15 - 2015-02-25 23:22 - 00086776 _____ () C:\Program Files\Dell\SupportAssist\libDataStoreCSharp.dll
2014-09-08 15:25 - 2013-06-06 14:44 - 18730496 _____ () C:\Program Files (x86)\PrtScr\dsp_ipp.dll
2014-09-08 15:25 - 2013-04-11 02:18 - 00509440 _____ () C:\Program Files (x86)\PrtScr\QuickFontCache.dll
2014-09-08 15:25 - 2013-04-06 09:26 - 00487424 _____ () C:\Program Files (x86)\PrtScr\freetype.dll
2014-06-22 16:58 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-06-22 16:58 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\fatem_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Sabira\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\shami_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\yamee_000\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\...\skype.com -> hxxps://apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2771644027-2860193389-1954980343-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Wallpaper_Pirelli_FINAL.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CE95F662-1AAE-4774-85BF-558C8BAE6900}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F7EF53B6-0F41-4780-B98E-F4ED80D28EA1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{8D3CC3A6-1D74-4101-91FD-C486E0BA19CE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0C47A2DC-DA98-4215-8027-28D4C0FA16A3}] => (Allow) LPort=2869
FirewallRules: [{D425AF95-2FA5-4532-BBB8-1B197AB83F22}] => (Allow) LPort=1900
FirewallRules: [{5EBD23DE-5F2F-4265-B6BA-871446A6A3A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{057A051A-47AE-4841-B7CA-7EB24294C3A3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{41560567-4A1A-408B-BC99-A4C2CAA3FC57}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F0E8ADF6-7B14-4DAE-AC1E-B99D7DD22C89}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{B121C86A-0F76-45AF-AADE-8C15EC013896}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3E059A50-FA45-425A-88FF-11650DF99834}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5DF7AAA4-BF0D-44B2-851C-1DEF08E1A65A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2015 00:50:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000000d
Fault offset: 0x0000000000101e60
Faulting process id: 0x4dc
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5

Error: (05/15/2015 11:53:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000000d
Fault offset: 0x0000000000101e60
Faulting process id: 0x7e4
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5

Error: (05/15/2015 11:06:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000000d
Fault offset: 0x0000000000101e60
Faulting process id: 0x490
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5

Error: (05/15/2015 06:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000000d
Fault offset: 0x0000000000101e60
Faulting process id: 0x50c
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3
Faulting package full name: svchost.exe_DiagTrack4
Faulting package-relative application ID: svchost.exe_DiagTrack5

Error: (05/15/2015 02:55:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a54

Start Time: 01d08eb04397cd32

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 8027c0f5-faa5-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 02:41:56 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (05/15/2015 02:34:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f8

Start Time: 01d08daab87c7c64

Termination Time: 25

Application Path: C:\Windows\Explorer.EXE

Report Id: 776242fb-faa2-11e4-82be-543530a68c7a

Faulting package full name:

Faulting package-relative application ID:

Error: (05/15/2015 01:27:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a90

Start Time: 01d08ea2ee0c960a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 1ec2d6fe-fa99-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 01:00:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f58

Start Time: 01d08ea10b602e20

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 55b43e6b-fa95-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/15/2015 00:42:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2370

Start Time: 01d08e9b34625df8

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e7e7e0da-fa92-11e4-82be-543530a68c7a

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (05/16/2015 00:51:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Diagnostics Tracking Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/16/2015 00:04:57 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/16/2015 00:04:46 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/16/2015 00:04:11 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/16/2015 00:03:33 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084mccspsvcUnavailable{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}

Error: (05/16/2015 00:03:33 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084mccspsvcUnavailable{8F2BC96B-68C5-40E8-9CE1-368E3ACAC09B}

Error: (05/16/2015 00:03:06 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/16/2015 00:02:13 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/16/2015 00:02:12 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/16/2015 00:02:12 AM) (Source: DCOM) (EventID: 10005) (User: HOMEOFFICE)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440S CPU @ 2.80GHz
Percentage of memory in use: 25%
Total physical RAM: 8117.98 MB
Available physical RAM: 6039.73 MB
Total Pagefile: 9461.98 MB
Available Pagefile: 7333.2 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.42 GB) (Free:837.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E02AF0F9)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## kevinf80 (Mar 21, 2006)

Those logs look good, what is the current status of your system, any remaining issues or concerns?


----------



## Compash (Jan 9, 2006)

Kevin,

Many thanks for your help. I won't know for sure. Shall I check the file-checker? Or it was the same thing? As I said in my 1st post in this thread, that file-checker shows up some corrupted files? Was that resolved?

I would need to use Dell PC as normal tomorrow, to see if the problem pop up or not. Because it occurs randomly. So I don't know yet as of now, so need time.

How I can prevent from this horrid problem from happening again? I use McAfee. And Adblock.

Compash


----------



## kevinf80 (Mar 21, 2006)

I guess is best to use your PC normally for maybe 12 to 24 hours, see how it responds. Post back after that time and give an update. 
The latest logs look good, but we can only progress after your feedback.

Regarding security, personally I use Kaspersky full suite and Malwarebytes Premium. I also have MCShield and UnChecky, for my browser I use Firefox, couple of addons for extra security.....

let me know the status of your sytem after 12 to 24 hours normal usage, we can then decide how to progress....

Cheers,

Kevin.....


----------



## Compash (Jan 9, 2006)

Kevin,

Thank you for the suggestions. I will look into some of those security measures.

I will let you know how my PC behave in 12-24 hours. I hope I will come back with a good news.

Many thanks again for the help. Much appreciated.

Compash


----------



## Compash (Jan 9, 2006)

Oh, I did run file-checker using sfc /scannow at Adminstrator Command Prompt .... it says it have some corrupted files? What does that mean?


----------



## kevinf80 (Mar 21, 2006)

Is a pleasure to work with you Compash, just give me an update when you`re ready. I`m in the UK so not too sure if maybe our times do not sync good. 
Catch up later, take care and surf safe.....

Kevin...


----------



## Compash (Jan 9, 2006)

I live in UK, I am just a night-owl.  

Catch you later, with a good news hopefully.

Compash


----------



## kevinf80 (Mar 21, 2006)

Do not worry too much about the sfc /scannow log, that is not unusual. Lets see how your system responds and take it from there...


----------



## Compash (Jan 9, 2006)

Thanks for the reassurance  I will stop worrying about it.


----------



## kevinf80 (Mar 21, 2006)

As you`re a night owl go here: http://www.thewindowsclub.com/windows-resource-protection-found-corrupt-files some good reading for you. Specifically the following syntax from an elevated command prompt: *Dism /Online /Cleanup-Image /RestoreHealth*

have fun.....


----------



## Compash (Jan 9, 2006)

OK,  I will check it out.


----------



## kevinf80 (Mar 21, 2006)

Give an update on your system, how it responds etc......


----------



## Compash (Jan 9, 2006)

Hello Kevin,
I was using excel spreadsheet, and it was torturous slow, despite with very few data. I am wondering why it is like that, before it wasn't like that.


----------



## Compash (Jan 9, 2006)

Hi again, started to use spreadsheet again, it is working as normal now. Strange. I guess it was one off.


Good news, PC is running smoothly, and no problem so far! Phew.

Shall I go on hiding the file's extension type, and hidden files? Unchecking what you have asked me to check previously?

Compash


----------



## kevinf80 (Mar 21, 2006)

We can reset system settings with the clean up tool Delfix.... If no issues we can clean up:

Uninstall ERUNT from your computer by using the Add/Remove Program feature in the Window's Control Panel.

How to remove ERUNT (Unless you want to keep it):

Uninstall ERUNT from your computer by using the Add/Remove Program feature in the Window's Control Panel.

1. On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do one of the following:

a) Windows Vista/7/8: Click Uninstall a Program.
b) Windows XP: Click Add or Remove Programs.

2. When you find the program ERUNT 1.1j, click it, and then do one of the following:

a) Windows Vista/7/8: Click Uninstall.
b) Windows XP: Click the Remove or Change/Remove tab (to the right of the program).

3. Follow the prompts. A progress bar shows you how long it will take to remove ERUNT.

Next,

Download *"Delfix by Xplode"* and save it to your desktop.

Or use the following if first link is down:

*"Delfix link mirror"*

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


 Remove disinfection tools
 Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
 Reset system settings

Now click on "*Run*" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

If no remaining issues or concerns hit the "Mark Solved" tab at the top of the thread....

Thank you,

Kevin.....


----------



## Compash (Jan 9, 2006)

Hi Kevin,

I have done all those steps, and thank you for the useful links. I cant thank you enough for all the help you have given.

Here is to good health to PC. 

Have a nice weekend.

Regards,

Compash


----------



## kevinf80 (Mar 21, 2006)

Hello again Compash,

Thanks for the update, it was a pleasure to work with you....

Take care and surf safe,

Kevin...


----------



## Compash (Jan 9, 2006)

Hi Kevin!!!! 

Again I am facing exact same problem as before, but no malware detected on Malwarebytes Anti-Malware.

When I am casually browsing online, sometime a black empty command box will pop up for 1 second and then disappear. And sometime it will pop up again 1 second later, and disappear immediately.

And then when I go to document folder, and nothing will be in the folder, the pathway box at top will be loading the green bar, it will takes forever, eventually it will get stuck, without showing any documents in the folder while in reality, it has several files saved. It was impossible to use outlook email app as well. And it will take a while for the mouse pointer to stop being refreshed. Dell PC will get stuck, and I won't be able to shut it down by clicking on shut down option using mouse pointer, only way I can shut down the PC is to press the physical button of shut down.

And then I will turn on the PC, which may take several attempt, and when it finally work, I will get notification at right bottom corner of my desktop which will say "Failed to connect to a Windows service. Windows couldn't connect to the Group Policy Client service. This problem prevents standard users from signing in. As an administrative user, you can review the system event log for details about why the service didn't respond."



Compash

*Malwarebytes Anti-Malware*

www.malwarebytes.org

Scan Date: 18/05/2015
Scan Time: 22:21:18
Logfile: 
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.18.06
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sabira

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 476834
Time Elapsed: 12 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, running the following scans please...








* Scan with ESET Online Scanner*

This step can only be done using *Internet Explorer*, *Google Chrome* or *Mozilla Firefox*.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit *ESET Online Scanner* website.

Click there *Run ESET Online Scanner*.

If using *Internet Explorer*:


Accept the Terms of Use and click *Start*.
Allow the running of add-on.
If using *Mozilla Firefox* or *Google Chrome*:

Download *esetsmartinstaller_enu.exe* that you'll be given link to.
Double click *esetsmartinstaller_enu.exe*.
Allow the Terms of Use and click *Start*.
To perform the scan:

Make sure that *Remove found threats* is *unchecked*.
*Scan archives* is *checked*.
In Advanced Settings: *Scan for potentially unwanted applications*, *Scan for potentially unsafe applications* and *Enable Anti-Stealth technology* are *checked*.
Under Enable Stealth Technology select Change select any extra drives in that window.
Click *Start*
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. *This may take several hours.* Please, be patient.
*Do not do anything on your machine as it may interrupt the scan*.
When the scan is done, click *Finish*.
A logfile will be created at *C:\Program Files (x86)\ESET\ESET Online Scanner*. Open it using *Notepad*.
Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Next,

Please download *RogueKiller* and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select *Run as Administrator* to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click *Scan* to scan the system.
When the scan completes select "Report", log will open. Close the program > *Don't Fix anything!*
Post back the report which should also be located here:

Let me see those logs...

Thanks,

Kevin...


----------



## Compash (Jan 9, 2006)

Hi Kevin,

Thanks for the reply. Sorry for my late reply, it was because I did the scan, and it took ages for it to be completed.

Please see the logs below.

*ESET log:*

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=212b945cf86a324fb3dc7cf3c64c68ed
# engine=23900
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-18 11:18:02
# local_time=2015-05-19 12:18:02 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus * Anti-Spyware'
# compatibility_mode=5130 16777214 100 97 3377547 58915340 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5431938 56872375 0 0
# scanned=307053
# found=5
# cleaned=0
# scan_time=2774
sh=25B9F4013FB34153FFA27E460D4B8594C79FE337 ft=1 fh=15384691e6094ee0 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe"
sh=5EF7173E18406A01541703C64860FC4408CAEA37 ft=1 fh=ef56464ad28f9db3 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\Users\Sabira\AppData\Local\nss5B63.tmp"
sh=F69F5B71A6FA94B71504EF184913BCF428D43899 ft=1 fh=6c8257ade2556f83 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Sabira\Downloads\ccsetup418.exe"
sh=23E4A5547DB9874081137F8653D3E3784BCE10AF ft=1 fh=619f103471cb48ba vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Sabira\Downloads\setup_free_pdf_merger.exe"
sh=23E4A5547DB9874081137F8653D3E3784BCE10AF ft=1 fh=619f103471cb48ba vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Sabira\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App\setup_free_pdf_merger.exe"

*RogueKiller log:*

RogueKiller V10.6.4.0 [May 18 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Sabira [Administrator]
Started from : C:\Users\Sabira\Downloads\RogueKiller (1).exe
Mode : Scan -- Date : 05/19/2015 00:48:59

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64cpu : Wow64cpu.dll -> Found
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64win : Wow64win.dll -> Found
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64 : Wow64.dll -> Found
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64cpu : Wow64cpu.dll -> Found
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64win : Wow64win.dll -> Found
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64 : Wow64.dll -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 34 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH +++++
--- User ---
[MBR] f55752982697bb57ca0c716a636c5e77
[BSP] fba0a70f51ebfbf55e06b83d7ba195e4 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 2048 MB
4 - Basic data partition | Offset (sectors): 5564416 | Size: 941484 MB
5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1933723648 | Size: 9665 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!


----------



## kevinf80 (Mar 21, 2006)

Do not see a great deal wrong with those logs, continue please:

Only one entry in the ESET log requires attention, do the following:

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is *not* checked. Copy the text from the code box below to Notepad.


```
@echo off
del /f /s /q "C:\Users\Sabira\AppData\Local\nss5B63.tmp"
del %0
```
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this:







<--XP







<--vista or windows 7/8
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Next,

Double-click RogueKiller.exe to run again. (Vista/7/8 right-click and select Run as Administrator)

When "initializing/pre-scan" completes press the Scan button, this may take a few minutes to complete.

When the scan completes open the Registry tab and locate the following detections:

*[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} -> Found*

Make sure those entries are Checkmarked (ticked) also ensure that *all other entries are not Checkmarked*.

Hit the *Delete* button, when complete select "Report" post that log...

Next,








*Scan with ZOEK*

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the **.exe* one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions *here*.


 Right-click on







icon and select







Run as Administrator to start the tool.
 Wait patiently until the main console will appear, it may take a minute or two.
 In the main box please paste in the following script:


```
services_list;
standardsearch;
autoclean;
emptyclsid;
emptyfolderscheck;delete
iedefaults;
firefoxlook;
chromelook;
FFdefaults;
CHRdefaults;
```

 Make sure that *Scan All Users* option is checked.
 Push *Run Script* and wait patiently. The scan may take a couple of minutes.
 When the scan completes, a *zoek-results* logfile should open in notepad.
 If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply. Don't forget to re-enable security software!

Post those logs to next reply, also let me know if there are any remaining issues or concerns...

Thanks,

Kevin


----------



## Compash (Jan 9, 2006)

*RogueKiller log*

RogueKiller V10.6.4.0 [May 18 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Sabira [Administrator]
Started from : C:\Users\Sabira\Downloads\RogueKiller.exe
Mode : Delete -- Date : 05/19/2015 11:54:07

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Deleted
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Deleted
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64cpu : Wow64cpu.dll -> Not selected
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64win : Wow64win.dll -> Not selected
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64 : Wow64.dll -> Not selected
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64cpu : Wow64cpu.dll -> Not selected
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64win : Wow64win.dll -> Not selected
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64 : Wow64.dll -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 34 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH +++++
--- User ---
[MBR] f55752982697bb57ca0c716a636c5e77
[BSP] fba0a70f51ebfbf55e06b83d7ba195e4 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 2048 MB
4 - Basic data partition | Offset (sectors): 5564416 | Size: 941484 MB
5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1933723648 | Size: 9665 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive1: WD Elements 1078 USB Device +++++
--- User ---
[MBR] 2feb3f7261382291d45ae27b85b131d9
[BSP] 9247de4ca229f273574ab083d0234984 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_05192015_004859.log - RKreport_SCN_05192015_113753.log

*Zoek Log
*

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Sabira on 19/05/2015 at 11:59:51.94.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sabira\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19/05/2015 12:00:57 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\Users\fatem_000\AppData\Local\VirtualStore deleted successfully
C:\Users\Sabira\AppData\Local\CrashDumps deleted successfully
C:\Users\Sabira\AppData\Local\PackageStaging deleted successfully
C:\Users\Sabira\AppData\Local\softthinks deleted successfully
C:\Users\shami_000\AppData\Local\VirtualStore deleted successfully
C:\Users\yamee_000\AppData\Local\PackageStaging deleted successfully
C:\Users\yamee_000\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2955A86-4974-4F3B-A59F-E7134FF2A874} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10AA315E-6F81-4A16-85BD-2550643A9D1F} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3156014D-7294-4C48-945-E43C5027C71B} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36388F26-9EA7-42D8-A77-18CFC2868F59} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FF5798F-25DC-4D5F-9E76-F8B1AEE6C78} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E6764A-13C3-406B-A32C-5C54BF25FCD} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C94C75E-46F-4F9C-A43C-C825C437B9} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{829C9C0F-719F-4B1B-85CD-DF54BA28B31A} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B882A89-EAE3-4660-B4B6-5F783343666} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FC97F60-E3D-438A-90D-B98B7E8E5434} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B853DA89-57DF-4A5A-9C94-D99D6CF4114B} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB37B25D-75E-473E-BCE2-8B2229837BC0} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8882890-E2C8-419F-9780-E833D04C33A4} deleted successfully
HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB677BA6-77D-4A8F-BA4C-4E4F67F5E20} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Dell Update\DellUpService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
C:\Program Files (x86)\Unchecky\bin\Unchecky_bg.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\PrtScr\PrtScr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\MCShield\MCShieldRTM.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Sabira\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\Sabira\.android deleted
C:\found.000 deleted
C:\found.001 deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\User deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8118 MB
CPU Info: Intel(R) Core(TM) i5-4440S CPU @ 2.80GHz
CPU Speed: 2868.9 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | Intel(R) HD Graphics 4600 | NVIDIA GeForce GT 750M
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 2560 X 1440 - 32 bit
Network: Network Present
Network Adapters: Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Killer Wireless-N 1202 Network Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: PLDS DVD+-RW DL-8A4SH
Ports: COM1 LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 919.4GB | E: 1863.0GB | F: 496.0MB | X: 9.4GB | Y: 2.0GB
Hard Disks - Free: C: 851.8GB | E: 1862.6GB | F: 470.3MB | X: 693.3MB | Y: 1.6GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | | DELL - 1072009
Time Zone: GMT Standard Time
Motherboard *: Dell Inc. 05R2TK
Country: United Kingdom 
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: McAfee Anti-Virus and Anti-Spyware On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: McAfee Anti-Virus and Anti-Spyware disabled (Outdated)
Firewall: McAfee Firewall disabled
Default Browser: Google Chrome	42.0.2311.152
Internet Explorer Version: 11.0.9600.17801 
Google Chrome version: 42.0.2311.152

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-05-15 17:20:43	CA2A8AF1DBAD0F31F9B33A2827DFBC16	207	----a-w-	C:\Windows\tweaking.com-regbackup-HOMEOFFICE-Windows-8.1-(64-bit).dat
====== C:\Users\Sabira\AppData\Local\Temp ====
2015-05-18 23:41:55	374FD87A72F8FEFF75B8AD7BBBF7A7D0	1498872	----a-w-	C:\Users\Sabira\AppData\Local\Temp\dllnt_dump.dll
2015-05-15 17:19:36	FDD26A402322F212DCA153FF8B1FFB6E	78816	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\pcwintech_tasksch.dll
2015-05-15 17:19:36	E0DC8C6BBC787B972A9A468648DBFD85	1008128	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\libiconv2.dll
2015-05-15 17:19:36	DC7A3BC0FC185CD68848DC6F7D7B026B	40960	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\SSubTmr6.dll
2015-05-15 17:19:36	D202BAA425176287017FFE1FB5D1B77C	103424	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\libintl3.dll
2015-05-15 17:19:36	A107DE2D120C0571B544EEC53D1971AB	1406208	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe
2015-05-15 17:19:36	57CAC848FA14AE38F14F9441F8933282	140288	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\pcre3.dll
2015-05-15 17:19:36	547C43567AB8C08EB30F6C6BACB479A3	79360	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\regex2.dll
2015-05-15 17:19:36	1B128828BF5E4353811B6DA58156B7F4	6656	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\files\dosdev.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-05-15 22:03:13	A8B72561E67739D416C4BB3A62EC7331	102608	----a-w-	C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:57:13	3250046189DF6429ECD93D9B483C62C7	1943040	----a-w-	C:\Windows\SysWOW64\dwmcore.dll
2015-05-13 11:57:01	0FDCB0931B57280D59942556A6706372	21504	----a-w-	C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 11:57:00	CB07788DF1639ED547F645403BECD759	141824	----a-w-	C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 11:57:00	69304975B8DF00BDC9567AAAF97791F2	1812992	----a-w-	C:\Windows\SysWOW64\SRH.dll
2015-05-13 11:56:58	697177C5242095DBDB3A3B52DD27C400	1207296	----a-w-	C:\Windows\SysWOW64\dbghelp.dll
2015-05-13 11:56:58	3C2B9089839D283DD6F91CF5F0748D1D	2985984	----a-w-	C:\Windows\SysWOW64\dbgeng.dll
2015-05-13 11:56:57	95AB9B30166221ED22E43290D47198CD	364544	----a-w-	C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 11:56:56	F601DD8702FB90928A4069AAF3329D2D	1560576	----a-w-	C:\Windows\SysWOW64\DWrite.dll
2015-05-13 11:56:56	7C29FBB11679B9B4F08D5AA771DABD90	358912	----a-w-	C:\Windows\SysWOW64\schannel.dll
2015-05-13 11:56:50	D74445161E58644309F858342F5E265C	19691008	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2015-05-13 11:56:49	0E22CD36FC3292CB812CC46CBCFD8444	12828672	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2015-05-13 11:56:48	CB5F450D21B9D76B7F01D006E4AEDB40	1882112	----a-w-	C:\Windows\SysWOW64\wininet.dll
2015-05-13 11:56:48	C525258A00ECFB4CE089F54C163268C3	2278400	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2015-05-13 11:56:48	AA2F2D55DEF98007839D0189D721D70B	1310208	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2015-05-13 11:56:48	6E2B4875B968324E5844F35A37A79260	4305920	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2015-05-13 11:56:47	F7F090E8B59FEFC50BE6F2A1ABB1ED5D	230400	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2015-05-13 11:56:47	F2DB87F164BC13AB8EF90FBF5D866B65	664576	----a-w-	C:\Windows\SysWOW64\jscript.dll
2015-05-13 11:56:47	D8CAF4753CD2456C761E6761F2C713EE	128000	----a-w-	C:\Windows\SysWOW64\iepeers.dll
2015-05-13 11:56:47	CFCB89C0FE8EF502A7934C0D20E5DBD6	76288	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 11:56:47	C2EB0AA5570CF8BC881B36EE55A59337	688640	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 11:56:47	C1A32612710492D0C3339E46EC15E333	504320	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2015-05-13 11:56:47	8004E2E3D4DFEE81D6E102C537568AEC	327168	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 11:56:47	7B4FA4B41FBDBB12C5038FCB6E6652AA	285696	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 11:56:47	63A2E3E9C771B1D4D7D84942D6FCB661	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 11:56:47	48143005C6FCE6D252162EE371532063	880128	----a-w-	C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 11:56:47	136687227F11CE928CB05F4FD90319AC	2052608	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 11:56:47	07E82A31808C8BC053D1DE547082C58F	341504	----a-w-	C:\Windows\SysWOW64\html.iec
2015-05-13 11:56:40	96111DD5552A2A1DC02FC090EF80AF2D	324096	----a-w-	C:\Windows\SysWOW64\certcli.dll
2015-05-13 11:56:39	032D9982B72E4F9A9B62A43B4CEDB072	1969664	----a-w-	C:\Windows\SysWOW64\wpdshext.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-05-15 22:03:13	5461373AB510F4C22CE61EB7965BE8F2	124112	----a-w-	C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:57:13	3DB29814EA5A2091425200B58E25BA15	2256896	----a-w-	C:\Windows\Sysnative\dwmcore.dll
2015-05-13 11:57:02	A709D50BD3125B53283220BA44B78690	116736	----a-w-	C:\Windows\Sysnative\SystemSettingsDatabase.dll
2015-05-13 11:57:02	4658D596725A71521971054D3AF1DCD0	2819584	----a-w-	C:\Windows\Sysnative\SettingsHandlers.dll
2015-05-13 11:57:01	952D277678FC177CA8549B92A01C4C2C	24576	----a-w-	C:\Windows\Sysnative\sdbinst.exe
2015-05-13 11:57:00	8442CC9A31FC381255B98D615E49EF82	2162176	----a-w-	C:\Windows\Sysnative\SRH.dll
2015-05-13 11:57:00	7E36F0698777668A09DD316E59807E0E	172544	----a-w-	C:\Windows\Sysnative\Windows.UI.Input.Inking.dll
2015-05-13 11:57:00	0F5DF8F08C138D9E1DE88984FEAA1B96	1696256	----a-w-	C:\Windows\Sysnative\wevtsvc.dll
2015-05-13 11:56:59	48CC2698381AA1F6FBE0D78507281B40	4417536	----a-w-	C:\Windows\Sysnative\dbgeng.dll
2015-05-13 11:56:58	E0C7813A97CA7947FF5C18A8F3B61A45	410128	----a-w-	C:\Windows\Sysnative\services.exe
2015-05-13 11:56:58	161156327265FB02A820506B98DA7A07	1491456	----a-w-	C:\Windows\Sysnative\dbghelp.dll
2015-05-13 11:56:57	B023C38663271E79FC2A9B63F6FE6417	445440	----a-w-	C:\Windows\Sysnative\PhotoMetadataHandler.dll
2015-05-13 11:56:57	4829F2EFACF23F63D6D85B7F1084FB70	1996800	----a-w-	C:\Windows\Sysnative\DWrite.dll
2015-05-13 11:56:57	053EF531F55B508343BB3CA91386C1C7	186368	----a-w-	C:\Windows\Sysnative\dpapisrv.dll
2015-05-13 11:56:56	7719BBE3BDA2171FF0955171D9460D26	4180480	----a-w-	C:\Windows\Sysnative\win32k.sys
2015-05-13 11:56:56	6C068E7207F183FF3647E45D2599E80C	1387008	----a-w-	C:\Windows\Sysnative\FntCache.dll
2015-05-13 11:56:56	62E3FCC2789CA52AA8A59122FDFCE26E	429568	----a-w-	C:\Windows\Sysnative\schannel.dll
2015-05-13 11:56:55	C31D57F7A58FACDA2671075CEBA75199	24971776	----a-w-	C:\Windows\Sysnative\mshtml.dll
2015-05-13 11:56:53	E061B5A1D0F9BBACA41149201ADF4A3B	14401536	----a-w-	C:\Windows\Sysnative\ieframe.dll
2015-05-13 11:56:51	79A4C71CD8B610DE9F66B72B5654C450	6025728	----a-w-	C:\Windows\Sysnative\jscript9.dll
2015-05-13 11:56:49	F0289B3A341429117696F0279DA977B6	2352128	----a-w-	C:\Windows\Sysnative\wininet.dll
2015-05-13 11:56:49	843D063E75B19188759CBEC82828BCB1	2885120	----a-w-	C:\Windows\Sysnative\iertutil.dll
2015-05-13 11:56:48	ED4EB5A0CDD251A17B946C515CB94D70	1547264	----a-w-	C:\Windows\Sysnative\urlmon.dll
2015-05-13 11:56:48	B85ECB91C88F6E74045061B7F7DDEFA2	584192	----a-w-	C:\Windows\Sysnative\vbscript.dll
2015-05-13 11:56:48	63061A0826839DE8F5B4713976C99F1B	816640	----a-w-	C:\Windows\Sysnative\jscript.dll
2015-05-13 11:56:47	F918BE3C5ACA0B6485D725CC1A5348DC	2125824	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2015-05-13 11:56:47	EB9FCD39D65E23380CB2C2F0E6F2ED53	316928	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2015-05-13 11:56:47	E20B5098C8707B2CF0858024568234FF	801280	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2015-05-13 11:56:47	C1D6BD834E69E8F77C8B4DDFCEE073F6	417792	----a-w-	C:\Windows\Sysnative\html.iec
2015-05-13 11:56:47	AB8DF81AC1BF4546C3102469B840009E	145408	----a-w-	C:\Windows\Sysnative\iepeers.dll
2015-05-13 11:56:47	8541124139D68239B1EDE3E490367A6C	107520	----a-w-	C:\Windows\Sysnative\inseng.dll
2015-05-13 11:56:47	673582881DAC4B27E9368BC8834507DD	374272	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2015-05-13 11:56:47	5EDC6AF7589B65C89CB1154B3377D0C4	720384	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2015-05-13 11:56:47	49B1935F131A44CD29857D6900CB643F	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2015-05-13 11:56:47	1D610F215769E4FF56C7B1847DE4B86D	633856	----a-w-	C:\Windows\Sysnative\ieui.dll
2015-05-13 11:56:47	1921A72BF1273BED72E569EF1F1A0611	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2015-05-13 11:56:47	14673D16D433373898FE3006C5A01157	1032704	----a-w-	C:\Windows\Sysnative\inetcomm.dll
2015-05-13 11:56:47	0D2B130C7B5BCEC85D7A789A4338F9B7	262144	----a-w-	C:\Windows\Sysnative\webcheck.dll
2015-05-13 11:56:41	9D17F78BB04A3EF67426AFD087660188	410017	----a-w-	C:\Windows\Sysnative\ApnDatabase.xml
2015-05-13 11:56:40	CBB2FE432D81825C174A65DCE538A610	1441792	----a-w-	C:\Windows\Sysnative\lsasrv.dll
2015-05-13 11:56:40	2DDC7AE2C753033E5EC95F3358358043	445440	----a-w-	C:\Windows\Sysnative\certcli.dll
2015-05-13 11:56:39	0BB6089A1AEE468209FE22E29E6B87BD	2067968	----a-w-	C:\Windows\Sysnative\wpdshext.dll
2015-05-12 23:38:19	9703EC57F5BBB94F89CA80A5D0C12221	1429504	----a-w-	C:\Windows\Sysnative\diagtrack.dll
2015-05-12 23:38:19	4C0E8295772A78291A0E256882A0D0E2	36864	----a-w-	C:\Windows\Sysnative\UtcResources.dll
====== C:\Windows\Sysnative\drivers =====
2015-05-18 23:41:55	FD44FA80DA03EA144153A76DEBBB61B4	35064	----a-w-	C:\Windows\Sysnative\drivers\TrueSight.sys
2015-05-13 11:57:11	95B0179BDA907252025DEEA183699FB3	467776	-c--a-w-	C:\Windows\Sysnative\drivers\USBHUB3.SYS
2015-05-13 11:57:10	272A62B660A48AEF366F8A1836CED19F	57856	-c--a-w-	C:\Windows\Sysnative\drivers\bthhfenum.sys
2015-05-13 11:57:00	FE14D249D39368CA62D8DA6BC94AC694	80384	----a-w-	C:\Windows\Sysnative\drivers\ahcache.sys
2015-05-13 11:57:00	C54B6B2170BF628FD42F799A66956D75	239424	-c--a-w-	C:\Windows\Sysnative\drivers\sdbus.sys
2015-05-13 11:57:00	95E295FD19F80B3AD33629B5AEFEC9C7	154432	-c--a-w-	C:\Windows\Sysnative\drivers\dumpsd.sys
2015-05-13 11:56:57	C61EAF8E1E4B2F62BA4FDF457440B2C6	316416	----a-w-	C:\Windows\Sysnative\drivers\udfs.sys
2015-05-13 11:56:40	5E5AB950693F2C6D6ACBEE3A74697ED7	561928	----a-w-	C:\Windows\Sysnative\drivers\cng.sys
2015-05-08 17:04:18	0BEE791C7C7ACE453C134E73633C497D	31152	----a-w-	C:\Windows\Sysnative\drivers\pmxdrv.sys
2015-04-20 16:29:21	E87A6D3B8FECD5B93BC0CFBB48C27970	991552	----a-w-	C:\Windows\Sysnative\drivers\http.sys
2015-04-20 16:28:57	8EB7E70C2D348FE2476A2E3F2D585E3D	377152	----a-w-	C:\Windows\Sysnative\drivers\clfs.sys
====== C:\Windows\Tasks ======
2015-05-17 20:57:55	A047CD691B8F076EE6B610DA033DBCC4	3484	----a-w-	C:\Windows\Sysnative\Tasks\PCDEventLauncherTask
2015-05-15 23:06:36	C48160181C593E25610A0C39F0FE0C58	928	----a-w-	C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 23:06:36	A4A88058E7575E8BA8504FC290D4E720	924	----a-w-	C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-15 17:22:30	9FFA3DDCF93BB72919A58EEB4F86F980	3600	----a-w-	C:\Windows\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1001
2015-04-24 18:19:45	--------	d-----w-	C:\Windows\Sysnative\Tasks\Safer-Networking
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-05-18 22:24:20	--------	d-----w-	C:\PROGRA~2\ESET
2015-05-16 01:28:41	--------	d-----w-	C:\PROGRA~2\Unchecky
2015-05-16 01:25:00	--------	d-----w-	C:\PROGRA~2\MCShield
2015-05-15 23:53:57	--------	d-----w-	C:\PROGRA~2\Dell Update
======= C: =====
2015-05-16 18:29:19	2E12565248BBA8011CF66B98A0168FE1	832	----a-w-	C:\DelFix.txt
====== C:\Users\Sabira\AppData\Roaming ======
2015-05-19 10:15:11	--------	d-----r-	C:\Users\Sabira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-05-17 20:58:53	--------	d-----w-	C:\Users\Sabira\AppData\Roaming\PCDr
2015-05-15 23:53:50	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Dell_Inc
2015-04-24 18:23:39	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
====== C:\Users\Sabira ======
2015-05-18 23:41:53	--------	d-----w-	C:\ProgramData\RogueKiller
2015-05-18 23:41:00	8D892D74A88054D38C971930D9A40985	16980568	----a-w-	C:\Users\Sabira\Downloads\RogueKiller.exe
2015-05-18 22:24:02	E8D3E34FFDAF21DF7C09CBBBA5763237	2347384	----a-w-	C:\Users\Sabira\Downloads\esetsmartinstaller_enu.exe
2015-05-16 01:28:43	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-05-16 01:28:42	--------	d-----w-	C:\ProgramData\Unchecky
2015-05-16 01:25:45	3415F0A29FD4D1780F333F9B11C7EC7E	1142616	----a-w-	C:\Users\Sabira\Downloads\unchecky_setup.exe
2015-05-16 01:25:02	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-05-16 01:25:01	--------	d-----w-	C:\ProgramData\MCShield
2015-05-16 01:24:36	6E44C49039E696991D2DB54B5C81E2F5	2856736	----a-w-	C:\Users\Sabira\Downloads\MCShield-Setup.exe
2015-05-16 00:28:09	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Sabira\sfcdetails.txt
2015-05-15 23:06:56	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-15 21:46:40	--------	d-----w-	C:\ProgramData\PCDr
2015-05-08 22:01:15	A94E2F637B9D3755B8FE3BA5ADBD7B8B	509440	----a-w-	C:\Users\Sabira\Downloads\SysInfo.exe
2015-05-08 17:04:05	018383A50A1E2FFB1EAE4B681E49C8A8	13232896	----a-w-	C:\Users\Sabira\Downloads\XPS_2720_A07.EXE

====== C: exe-files ==
2015-05-19 10:18:21	47AEA90DA4C74590BCEA471D5185951F	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2771644027-2860193389-1954980343-1001\$IEATSXO.exe
2015-05-18 23:43:57	8D892D74A88054D38C971930D9A40985	16980568	----a-w-	C:\$Recycle.Bin\S-1-5-21-2771644027-2860193389-1954980343-1001\$REATSXO.exe
2015-05-18 23:41:00	8D892D74A88054D38C971930D9A40985	16980568	----a-w-	C:\Users\Sabira\Downloads\RogueKiller.exe
2015-05-18 22:24:23	E273331224005C5A8A504164373DE1DC	535304	----a-w-	C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2015-05-18 22:24:23	9E47522861242EE002D7F385C35D1322	2887824	----a-w-	C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2015-05-18 22:24:23	5B3DE7968D23B476AFB256D8014B25B9	333424	----a-w-	C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2015-05-18 22:24:23	47B06E473B78A792DF07D226E0537D63	119184	----a-w-	C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2015-05-18 22:24:23	3C3F35C91F230493B088B334E39D1F7A	358144	----a-w-	C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-05-18 22:24:02	E8D3E34FFDAF21DF7C09CBBBA5763237	2347384	----a-w-	C:\Users\Sabira\Downloads\esetsmartinstaller_enu.exe
2015-05-17 21:11:19	F6EEE6848E933962E12E7B3F25C73C88	88392	----atw-	C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateBroker.exe
2015-05-17 21:11:19	C990A8EAD57DA59FA8156CC02D3B7DA5	931408	----a-w-	C:\Program Files (x86)\Google\Update\Install\{A45C4626-CE97-45C6-815A-EA7BE427D2F2}\GoogleUpdateSetup.exe
2015-05-17 21:11:19	C990A8EAD57DA59FA8156CC02D3B7DA5	931408	----a-w-	C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.27.5\GoogleUpdateSetup.exe
2015-05-17 21:11:19	C990A8EAD57DA59FA8156CC02D3B7DA5	931408	----a-w-	C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateSetup.exe
2015-05-17 21:11:19	BB3045B399D898061B926B447C446E05	127816	----atw-	C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateComRegisterShell64.exe
2015-05-17 21:11:19	8715A0D10CFFC8DEE923957F07DAA042	244040	----atw-	C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
2015-05-17 21:11:19	6732C4A894855042FD3618406B6BBD48	88392	----atw-	C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe
2015-05-17 21:11:19	6509A96DAE25340772B51AC020CB1094	304968	----atw-	C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
2015-05-17 21:11:19	0C03FB91E17987EED93F60007B08DAA0	144200	----atw-	C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdate.exe
2015-05-17 21:11:19	0894890F30B5F6510DF953BC50B5504F	88392	----atw-	C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateWebPlugin.exe
2015-05-16 21:32:04	B1B97114D180B5B1B05EB84F50441091	140464	----a-w-	C:\Windows\Temp\01B61414-8987-40BC-9F11-811B5789B7BF\DismHost.exe
2015-05-16 18:34:47	A5953DDD87FE3516B9C90032EFA02439	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2771644027-2860193389-1954980343-1001\$IUEICH2.exe
2015-05-16 18:34:31	05C8F9FC85AD3D1A831BB9434464DAF9	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2771644027-2860193389-1954980343-1001\$IY2CLUA.exe
2015-05-16 01:28:41	CD23E258D4FBD764C2E94540C8DD6599	402168	----a-w-	C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
2015-05-16 01:28:41	9DB596995A20B8C636ED8763AD942361	164600	----a-w-	C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
2015-05-16 01:28:41	46796958E27851FBB8C4CC3E4163F9C7	429816	----a-w-	C:\Program Files (x86)\Unchecky\uninstall.exe
2015-05-16 01:28:41	3B17CBC480F00EE527FC10423F752788	567544	----a-w-	C:\Program Files (x86)\Unchecky\setup.exe
2015-05-16 01:28:41	3B020ADE5E312E77D108356BF2C67367	1589496	----a-w-	C:\Program Files (x86)\Unchecky\unchecky.exe
2015-05-16 01:25:45	3415F0A29FD4D1780F333F9B11C7EC7E	1142616	----a-w-	C:\Users\Sabira\Downloads\unchecky_setup.exe
2015-05-16 01:25:02	6E44C49039E696991D2DB54B5C81E2F5	2856736	----a-w-	C:\ProgramData\MCShield\MCShield-Setup.exe
2015-05-16 01:24:36	6E44C49039E696991D2DB54B5C81E2F5	2856736	----a-w-	C:\Users\Sabira\Downloads\MCShield-Setup.exe
2015-05-15 23:48:09	EB81815F1628247337DCF5C44A137366	869192	----a-w-	C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\SwReporter\3.20.1\software_reporter_tool.exe
2015-05-15 23:06:48	D114497B17F8118E6AAD27735B467D3A	41774672	----a-w-	C:\Program Files (x86)\Google\Update\Install\{DD3F36A4-4224-4A95-874D-D3CF0C324371}\42.0.2311.152_chrome_installer.exe
2015-05-15 23:06:48	D114497B17F8118E6AAD27735B467D3A	41774672	----a-w-	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\42.0.2311.152\42.0.2311.152_chrome_installer.exe
2015-05-15 23:06:36	E1B44A75947137F4143308D566889837	107848	----atw-	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2015-05-15 23:06:32	F6414DD3B23979312F8EBB91DE794178	11080	----a-w-	C:\Users\Sabira\AppData\Local\Apps\2.0\LRV6DQZ7.0A8\87DVXYEK.JW2\goog...app_86fd5b6b43e66935_0001.0003_4556bdc73b7efea2\clickonce_bootstrap.exe
2015-05-15 23:06:32	7CA00A58AA808F4B9844C91845910377	880208	----a-w-	C:\Users\Sabira\AppData\Local\Apps\2.0\LRV6DQZ7.0A8\87DVXYEK.JW2\goog...app_86fd5b6b43e66935_0001.0003_4556bdc73b7efea2\GoogleUpdateSetup.exe
2015-05-15 23:06:32	7CA00A58AA808F4B9844C91845910377	880208	----a-w-	C:\Users\Sabira\AppData\Local\Apps\2.0\LRV6DQZ7.0A8\87DVXYEK.JW2\clic...exe_86fd5b6b43e66935_0001.0003_none_f263691f58f224f9\GoogleUpdateSetup.exe
2015-05-15 21:47:58	933169EEE58B90EB0900CD3B0AF02FD8	791393	----a-w-	C:\$Recycle.Bin\S-1-5-21-2771644027-2860193389-1954980343-1001\$RY2CLUA.exe
2015-05-15 19:09:55	B1B97114D180B5B1B05EB84F50441091	140464	----a-w-	C:\Windows\Temp\CE8BFAB2-6CD3-4703-9730-9740ED86B025\DismHost.exe
2015-05-15 18:21:11	B1B97114D180B5B1B05EB84F50441091	140464	----a-w-	C:\Windows\Temp\50A86F83-1F50-4F2A-B0AD-A99DB65620CC\DismHost.exe
2015-05-15 17:27:04	3F8F3B80A1A3A49D274102C7BCFE6755	51789024	----a-w-	C:\$Recycle.Bin\S-1-5-21-2771644027-2860193389-1954980343-1001\$RUEICH2.exe
2015-05-15 17:19:36	A107DE2D120C0571B544EEC53D1971AB	1406208	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe
2015-05-15 17:19:36	1B128828BF5E4353811B6DA58156B7F4	6656	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\files\dosdev.exe
2015-05-13 11:57:08	57ABF04B01CBA20B76F3EE89C18C6612	474624	----a-w-	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2015-05-13 11:57:02	E022185998E5BC0F2EBD8F5875747D3E	87296	----a-w-	C:\Windows\ImmersiveControlPanel\SystemSettings.exe
2015-05-13 11:57:01	952D277678FC177CA8549B92A01C4C2C	24576	----a-w-	C:\Windows\System32\sdbinst.exe
2015-05-13 11:57:01	0FDCB0931B57280D59942556A6706372	21504	----a-w-	C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 11:56:58	E0C7813A97CA7947FF5C18A8F3B61A45	410128	----a-w-	C:\Windows\System32\services.exe
2015-05-13 11:56:47	5EDC6AF7589B65C89CB1154B3377D0C4	720384	----a-w-	C:\Windows\System32\ie4uinit.exe
2015-05-13 11:56:39	3E4D0668C6E0AFD10AFF52C134AC3CC8	2138112	----a-w-	C:\Program Files\Windows Journal\Journal.exe
2015-05-13 11:53:52	D547717D9A968D1A662AF305FC451B2F	14154760	----a-w-	C:\ProgramData\BlueStacksSetup\BlueStacks-ThinInstaller_0.9.24.4196_DX_native.exe
=== C: other files ==
2015-05-19 01:52:50	CE59BE8BCD2340CFC051553C7D250D84	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2771644027-2860193389-1954980343-1001\$II1RGBR.zip
2015-05-18 23:41:55	FD44FA80DA03EA144153A76DEBBB61B4	35064	----a-w-	C:\Windows\System32\drivers\TrueSight.sys
2015-05-16 13:19:36	8A3FF70CF4FEE3FCB9B4DC8ADA8F04CB	86158	----a-w-	C:\Users\Sabira\AppData\Roaming\Kodi\addons\packages\metadata.tvdb.com-1.7.2.zip
2015-05-16 13:19:36	68498D222F15D46AD8CEE5C7650D5708	77745	----a-w-	C:\Users\Sabira\AppData\Roaming\Kodi\addons\packages\metadata.themoviedb.org-3.7.13.zip
2015-05-16 13:19:35	B544A8FB926A7895C86B428B2A0DDF63	62721	----a-w-	C:\Users\Sabira\AppData\Roaming\Kodi\addons\packages\metadata.musicvideos.theaudiodb.com-1.2.7.zip
2015-05-16 13:19:34	C932ACEF6AF77016BFA1839F9BB702F7	12148	----a-w-	C:\Users\Sabira\AppData\Roaming\Kodi\addons\packages\metadata.common.themoviedb.org-2.13.1.zip
2015-05-16 13:19:34	B3688BFCBF85A58161DCCFBCB7BD2E8F	80219	----a-w-	C:\Users\Sabira\AppData\Roaming\Kodi\addons\packages\metadata.album.universal-2.3.1.zip
2015-05-15 17:19:36	FB5FA705CF4508958152C4F129A104FE	7921	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\runvalues.bat
2015-05-15 17:19:36	FA6078460061B21A46C159651FA00AB7	34603	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\prelim.bat
2015-05-15 17:19:36	C16EBCAA02F2976408D2F5A68D2562FF	1771	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\delfolders.bat
2015-05-15 17:19:36	B6CEA839C92553E4EA47A949577A6B5A	18357	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\medfos.bat
2015-05-15 17:19:36	B23B16209341AEAE62A7D32117A36F55	1192	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\TDL4.bat
2015-05-15 17:19:36	A8F5541C419593F3ECAC0E0A3FB0F2BA	1162	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\surfvox.bat
2015-05-15 17:19:36	A3329663A605381C72C4F187111CA964	13832	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\chrome.bat
2015-05-15 17:19:36	9F6EB6EFC01E43FEFC1EE05C30CAF990	85320	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\misc.bat
2015-05-15 17:19:36	93A6196509429319C854A941F14F1E7C	252	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\ev_clear.bat
2015-05-15 17:19:36	8C9C18D1B671F9693AD952B21A22B5AA	17667	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\get.bat
2015-05-15 17:19:36	749C44588AD7BD398F1BDCD030F2B081	21096	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\ask.bat
2015-05-15 17:19:36	38DF1A0E0C2037993449FCE4121B048B	153581	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\firefox.bat
2015-05-15 17:19:36	2338B23B49B006B14839A9B7FF19F7B9	9459	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\searchlnk.bat
2015-05-15 17:19:36	1ED2FC3C8F413609912CD6D6C75A4B95	30974	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\iexplore.bat
2015-05-15 17:19:36	080CFDE64F31E7B50EECF4552033E84D	9937	----a-w-	C:\Users\Sabira\AppData\Local\Temp\jrt\mws.bat
2015-05-13 11:57:11	95B0179BDA907252025DEEA183699FB3	467776	-c--a-w-	C:\Windows\System32\drivers\USBHUB3.SYS
2015-05-13 11:57:10	272A62B660A48AEF366F8A1836CED19F	57856	-c--a-w-	C:\Windows\System32\drivers\bthhfenum.sys
2015-05-13 11:57:00	FE14D249D39368CA62D8DA6BC94AC694	80384	----a-w-	C:\Windows\System32\drivers\ahcache.sys
2015-05-13 11:57:00	C54B6B2170BF628FD42F799A66956D75	239424	-c--a-w-	C:\Windows\System32\drivers\sdbus.sys
2015-05-13 11:57:00	95E295FD19F80B3AD33629B5AEFEC9C7	154432	-c--a-w-	C:\Windows\System32\drivers\dumpsd.sys
2015-05-13 11:56:57	C61EAF8E1E4B2F62BA4FDF457440B2C6	316416	----a-w-	C:\Windows\System32\drivers\udfs.sys
2015-05-13 11:56:56	7719BBE3BDA2171FF0955171D9460D26	4180480	----a-w-	C:\Windows\System32\win32k.sys
2015-05-13 11:56:40	5E5AB950693F2C6D6ACBEE3A74697ED7	561928	----a-w-	C:\Windows\System32\drivers\cng.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"PrtScr by FireStarter"="C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcpltui_exe"="C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe /platui /runkey"
"EEventManager"="C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe"
"ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon"
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"
"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PrtScr by FireStarter"="C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5"
"RtHDVBg_PushButton"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll"

==== Startup Folders ======================

2014-01-30 05:30:41	2072	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
2014-01-30 05:31:21	2837	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16/05/2015 00:06]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16/05/2015 00:06]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\Windows\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\Windows\SysNative\tasks\Dell SupportAssistAgent AutoUpdate" [C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\Dell\SupportAssist\sessionchecker.exe"]
"C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{2721A28C-B303-4BB3-8F48-1A3927178477}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{43E96A62-1FF1-420F-BAF2-F9C57E7B0AD8}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{55142E85-E6CE-487B-A5E5-CBD6AC44CB22}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{A0C85A69-8777-4D29-8071-803249872834}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{CE48968D-63B9-4167-8724-F9EC02C5E684}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{F980EAA8-9494-45DA-B4A9-C874331F6590}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [06/05/2015 23:17]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [06/05/2015 23:17]

==== Chromium Look ======================

Google Chrome Version: 42.0.2311.152

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[17/04/2015 09:01]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]

Google Docs - fatem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - fatem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - fatem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - fatem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - fatem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Chrome Hotword Shared Module - fatem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - fatem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - fatem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - fatem_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
SiteAdvisor - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Bookmark Manager - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Sabira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Docs - shami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - shami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - shami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - shami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - shami_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - yamee_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - yamee_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - yamee_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - yamee_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - yamee_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Skype Click to Call - yamee_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - yamee_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - yamee_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\fatem_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "https://www.facebook.com/" ]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{C2955A86-4974-4F3B-A59F-E7134FF2A874}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C2955A86-4974-4F3B-A59F-E7134FF2A874}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{822BB52E-9C4D-4C06-B7CB-6BB3CE1D6F13} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\fatem_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\fatem_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\shami_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\shami_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\yamee_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\yamee_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\fatem_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\shami_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\yamee_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2771644027-2860193389-1954980343-1001\Software\Microsoft\Internet Explorer\SearchScopes\{822BB52E-9C4D-4C06-B7CB-6BB3CE1D6F13} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{822BB52E-9C4D-4C06-B7CB-6BB3CE1D6F13} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{822BB52E-9C4D-4C06-B7CB-6BB3CE1D6F13} deleted successfully

==== Deleting CLSID Registry Values ======================

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platui /runkey
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [PrtScr by FireStarter] C:\Program Files (x86)\PrtScr\PrtScr.exe /Tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O4 - Global Startup: Killer Network Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell WMI Service - Unknown owner - C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Qualcomm Atheros Killer Service V2 - Qualcomm Atheros - C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sabira\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Sabira\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Sabira\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Sabira\AppData\Local\Microsoft\Windows\INetCache\IE\HDA1VFYJ will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\fatem_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sabira\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\shami_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\yamee_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=21 folders=15 11276221 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\fatem_000\AppData\Local\Temp emptied successfully
C:\Users\Sabira\AppData\Local\Temp will be emptied at reboot
C:\Users\shami_000\AppData\Local\Temp emptied successfully
C:\Users\yamee_000\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Sabira\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Sabira\AppData\Local\Microsoft\Windows\INetCache\IE\HDA1VFYJ" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 19/05/2015 at 12:32:29.17 ======================


----------



## kevinf80 (Mar 21, 2006)

What is the current status of your system, are there any remaining issues or concerns?


----------



## Compash (Jan 9, 2006)

Hi Kevin,

So sorry for my late reply. I was ill (still is), so wasn't be able to use PC as normal. When I will feel better, I will use my PC as normal, then I will be able to tell you if the problem occurs or not.

Kind regards,

Compash


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, hope you recover soon.. Post back whenever you`re ready....

Kevin.....:up:


----------



## Compash (Jan 9, 2006)

Hi Kevin!

I am so much better now. Been using my PC last night, and it seems to be going well without any issue.  

I really hope that nothing will happen again in next few days. Eeek. But if it do, I will contact you again.

Many thanks for your superb help and for your patience.

Have a good evening.

Regards,

Compash


----------



## kevinf80 (Mar 21, 2006)

Hello Compash,

Good to see you up and about, also thanks for the update. As you`ve marked this thread as solved I guess all is now ok, if so we just need to clean up.....

Download *"Delfix by Xplode"* and save it to your desktop.

Or use the following if first link is down:

*"Delfix link mirror"*

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


 Remove disinfection tools
 Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
 Reset system settings

Now click on "*Run*" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

Take care and surf safe,

Kevin....


----------



## Compash (Jan 9, 2006)

Hi Kevin,

I am sorry, I am sure that you are fed up with me keep coming back to announce that I still have the problem.

Black box will pop up for 1 second, it happens like 3x within of 5 seconds.

I wonder what it is? :/

Compash


----------



## kevinf80 (Mar 21, 2006)

What do you have open when the issue happens?


----------



## Compash (Jan 9, 2006)

It would happen randomly, whether I am browsing or just using spreadsheet, or combination of two. 

Strange.


----------



## kevinf80 (Mar 21, 2006)

I believe this issue maybe a corrupt task running, lets see if we can find it...

Open an elevated command prompt, <--- Must be run with Admin status (very important)

At the prompt type or batter still copy/paste:

*reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks" /s > 0 & notepad 0*

Tap enter, please wait, notepad will open with list of tasks, post those results to your next reply….


----------



## Compash (Jan 9, 2006)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{006E650B-C0F4-4DA5-ADB8-C4BD9A2F842B}
Path REG_SZ \Microsoft\Windows\Shell\FamilySafetyMonitor
Hash REG_BINARY 01BCD2FF9BB3E8D1442094334C7071DA4E256E5DC18B2744DF9F3F7F20F2D252
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;BU)
Source REG_SZ $(@%SystemRoot%\System32\wpcmon.exe,-32013)
Author REG_SZ $(@%SystemRoot%\System32\wpcmon.exe,-32014)
Description REG_SZ $(@%SystemRoot%\System32\wpcmon.exe,-32015)
URI REG_SZ \Microsoft\Windows\Shell\FamilySafetyMonitor
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000281142434848484874139B85484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF58020000FFFFFFFF0100000000000000000000000000000000000000000000000000000048484848
Actions REG_BINARY 0100666600000000380000002500770069006E0064006900720025005C00530079007300740065006D00330032005C007700700063006D006F006E002E006500780065000000000000000000
DynamicInfo REG_BINARY 03000000D117B24E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01693D02-1027-498C-94DB-F7E1C3E2F6A3}
Path REG_SZ \Microsoft\Windows\NetTrace\GatherNetworkInfo
Hash REG_BINARY 9E154171408F80E0D5CEB4D8F775758B345B3FD705AD0B3058B1732870BE807F
Source REG_SZ $(@%SystemRoot%\system32\nettrace.dll,-6910)
Author REG_SZ $(@%SystemRoot%\system32\nettrace.dll,-6911)
Description REG_SZ $(@%SystemRoot%\system32\nettrace.dll,-6912)
URI REG_SZ \Microsoft\Windows\NetTrace\GatherNetworkInfo
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000002885404348484848A31C713A4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848
Actions REG_BINARY 01006666000000004E0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C006700610074006800650072004E006500740077006F0072006B0049006E0066006F002E00760062007300000000000E0000002400280041007200670031002900
DynamicInfo REG_BINARY 0300000078EFC94E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{038F4D21-BFE8-4BD5-8EE1-3071DF0D6A3C}
Path REG_SZ \WPD\SqmUpload_S-1-5-21-2771644027-2860193389-1954980343-1005
Hash REG_BINARY 6DF30C9BD0671B7E6553B9CC8743B2ED87EDB83D5D3486CFF828285627474AC8
Schema REG_DWORD 0x10003
Source REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-101)
Author REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-102)
Description REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-103)
URI REG_SZ \WPD\SqmUpload_S-1-5-21-2771644027-2860193389-1954980343-1005
Triggers REG_BINARY 1500000000000000010000000000000000A0C7F6FE0FCD010189A450FE7F000000C06BD91DE8D401D221C142484848481CB244CF484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674ED030000484848482A0000004848484848004F004D0045004F00460046004900430045005C007300680061006D0069005F0030003000300000004848484848482C00000048484848580200007043010084030000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000010000000000000000A0C7F6FE0FCD010189A450FE7F000000C06BD91DE8D401000000000000000000000000000000000000000000000000FFFFFFFF01000000010000000000000000019A0001000000100E00003D000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065003000000070006F0072007400610062006C0065006400650076006900630065006100700069002E0064006C006C002C002300310000000000
DynamicInfo REG_BINARY 0300000065EAF87B9ADCCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{039FAB5E-1B41-4B66-A79A-264AD59AB070}
Path REG_SZ \WPD\SqmUpload_S-1-5-21-2771644027-2860193389-1954980343-1006
Hash REG_BINARY 0FEC320EC6F8491E73096D0FE5FCDA39E71461D5065A1A0B339CA10CB4015AB0
Schema REG_DWORD 0x10003
Source REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-101)
Author REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-102)
Description REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-103)
URI REG_SZ \WPD\SqmUpload_S-1-5-21-2771644027-2860193389-1954980343-1006
Triggers REG_BINARY 1500000000000000010000000000000000A0C7F6FE0FCD010189E4BDFB7F000000C06BD91DE8D401D221C14248484848D40A29D6484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EE030000484848482A0000004848484848004F004D0045004F00460046004900430045005C00790061006D00650065005F0030003000300000004848484848482C00000048484848580200007043010084030000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000010000000000000000A0C7F6FE0FCD010189E4BDFB7F000000C06BD91DE8D401000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001720101000000100E000076000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065003000000070006F0072007400610062006C0065006400650076006900630065006100700069002E0064006C006C002C002300310000000000
DynamicInfo REG_BINARY 030000004BF5476DDDB1CF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{044C0ECB-D77C-4D85-A7C5-01275585901D}
Path REG_SZ \Microsoft\Windows\Autochk\Proxy
Hash REG_BINARY 3A9F8FBEC920F1C64E471E361BBF8CC369E450BF020182A92C8B46C71C61FE48
Source REG_SZ $(@%systemroot%\system32\acproxy.dll,-100)
Author REG_SZ $(@%systemroot%\system32\acproxy.dll,-101)
Description REG_SZ $(@%systemroot%\system32\acproxy.dll,-102)
URI REG_SZ Microsoft\Windows\Autochk\Proxy
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF4221424248484848413C2C5C484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C00000048484848580200008033E10180F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848FFFF0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF08070000FFFFFFFF0000000000000000000000000000000001000000000000000000000003000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065004E0000002F006400200061006300700072006F00780079002E0064006C006C002C0050006500720066006F0072006D004100750074006F00630068006B004F007000650072006100740069006F006E00730000000000
DynamicInfo REG_BINARY 03000000E735CD4D469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05293577-D647-4185-B859-C94839A0B2E3}
Path REG_SZ \Microsoft\Windows\SettingSync\NetworkStateChangeTask
Hash REG_BINARY 957629944061CDD3899EF858D2F90F55EE37F189F21FDFACC6F5856E63684350
SecurityDescriptor REG_SZ D(A;;FRFX;;;AU)(A;;FA;;;BA)(A;;FA;;;SY)
URI REG_SZ \Microsoft\Windows\SettingSync\NetworkStateChangeTask
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF8891C042484848481E1F16B3484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF060000000000000000000000000000000000000000000000000000004848484866660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000000000100500072006F0076006900640065007508BCA33E0B844101000000000000000366660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000000000100500061006E0065006C002F004F007510BCA33E0B8441010000000000000003
Actions REG_BINARY 0100777700000000493A17A473F375449A0F2D615204DC2000000000
DynamicInfo REG_BINARY 030000004A16D14E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{066D451A-7982-4621-B740-EB348449BB3C}
Path REG_SZ \Microsoft\Windows\WindowsUpdate\AUSessionConnect
Hash REG_BINARY 93309B45C5BC55179D74796A696E14C8E5DC966E07C1866C542A16B74BD8D7A4
Schema REG_DWORD 0x10004
Source REG_SZ Microsoft Corporation.
Author REG_SZ Microsoft Corporation.
Description REG_SZ This task is used to display notifications to users.
Triggers REG_BINARY 150000000000000000E0CB6EB6000000000000000000000000E0CB6EB6000000FFFFFFFFFFFFFFFF0822424248484848634F8353484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA00000000000000E0CB6EB6000000000000000000000000E0CB6EB6000000FFFFFFFFFFFFFFFF3C000000FFFFFFFF000000000000000000000000007F000000002C002D00320030003100290000000148484848484848AAAA00000000000000E0CB6EB6000000000000000000000000E0CB6EB6000000FFFFFFFFFFFFFFFF3C000000FFFFFFFF000000000000000000000000007F0000010000000000000000000000000000000048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674E903000048484848240000004848484848004F004D0045004F00460046004900430045005C00530061006200690072006100000048484848AAAA00000000000000E0CB6EB6000000000000000000000000E0CB6EB6000000FFFFFFFFFFFFFFFF3C000000FFFFFFFF000000000000000000000000007F0000010000000000000000000000000000000048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EC030000484848482E0000004848484848006F006D0065004F00660066006900630065005C0066006100740065006D005F003000300030000000000500004848AAAA00000000000000E0CB6EB6000000000000000000000000E0CB6EB6000000FFFFFFFFFFFFFFFF3C000000FFFFFFFF000000000000000000000000007F0000010000000000000000000000000000000048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EE030000484848482E0000004848484848006F006D0065004F00660066006900630065005C00790061006D00650065005F003000300030000000500000004848AAAA00000000000000E0CB6EB6000000000000000000000000E0CB6EB6000000FFFFFFFFFFFFFFFF3C000000FFFFFFFF000000000000000000000000007F0000010000000000000000000000000000000048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674ED030000484848482E0000004848484848006F006D0065004F00660066006900630065005C007300680061006D0069005F003000300030000000454D00004848777700000000000000E0CB6EB6000000000000000000000000E0CB6EB6000000FFFFFFFFFFFFFFFF3C000000FFFFFFFF000000000000000000000000007F0000000054006F006F006C0073005C004D0008000000B60000000148484848484848777700000000000000E0CB6EB6000000000000000000000000E0CB6EB6000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000007F00000000000000000000000000000000000007000000000000000148484848484848777700000000000000E0CB6EB6000000000000000000000000E0CB6EB6000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000007F000000085C6EB6000000000000000000000003000000FFFFFFFF0148484848484848666600000000000000E0CB6EB6000000000000000000000000E0CB6EB6000000FFFFFFFFFFFFFFFF78000000FFFFFFFF000000000000000000000000007F0000000041005500530063006800650064007510BCA3380C960C010000000000000001
Actions REG_BINARY 0100777700000000F4294E78BE5E794299481E8FE941646D00000000
DynamicInfo REG_BINARY 03000000EA56E031018DCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{066F8DDC-3822-4FA0-B876-271E062E1C15}
Path REG_SZ \User_Feed_Synchronization-{CE48968D-63B9-4167-8724-F9EC02C5E684}
Hash REG_BINARY 4690EF29B1EBBB57C88233963AAFE6E96F20EA92F7D3258DC0AEF1A89DCC1392
Schema REG_DWORD 0x10003
Author REG_SZ HOMEOFFICE\fatem_000
Description REG_SZ Updates out-of-date system feeds.
Triggers REG_BINARY 150000000000000000CB7D4F3D00000000962C8CC4E8CF010089A450FE7F000000562DC34E1FDB01C821C14248484848895B1906484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EC030000484848482A0000004848484848004F004D0045004F00460046004900430045005C0066006100740065006D005F0030003000300000004848484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000000CB7D4F3D00000000962C8CC4E8CF010089A450FE7F000000562DC34E1FDB01000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001130001000000000000003D000000
Actions REG_BINARY 01006666000000004600000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D00730066006500650064007300730079006E0063002E0065007800650008000000730079006E00630000000000
DynamicInfo REG_BINARY 03000000E120A84292E8CF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B545118-B563-42FC-8D07-B78F602FCF34}
Path REG_SZ \Microsoft\Windows\WS\WSRefreshBannedAppsListTask
Hash REG_BINARY D4A1415302CD8E868627250F949E1A7EA3328FE52F61337605E5617D20862500
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
Source REG_SZ $(@%SystemRoot%\WinStore\WinStoreUI.dll,-601)
Author REG_SZ $(@%SystemRoot%\WinStore\WinStoreUI.dll,-600)
Description REG_SZ $(@%SystemRoot%\WinStore\WinStoreUI.dll,-604)
URI REG_SZ \Microsoft\Windows\WS\WSRefreshBannedAppsListTask
Triggers REG_BINARY 150000000000000001B13A17B50000000030F6A7F5D0C30100B13A17B5000000FFFFFFFFFFFFFFFFC8A1C002484848484A2D0D5B4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001B13A17B50000000030F6A7F5D0C30100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001BD6F0100000080510100B5000000
Actions REG_BINARY 010066660000000018000000720075006E0064006C006C00330032002E00650078006500440000005700530043006C00690065006E0074002E0064006C006C002C005200650066007200650073006800420061006E006E006500640041007000700073004C0069007300740000000000
DynamicInfo REG_BINARY 03000000C678D34E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C6409F4-9174-415C-84AC-38611941847B}
Path REG_SZ \Microsoft\Windows\Shell\CreateObjectTask
Hash REG_BINARY D6D17340C044EF74D4B8D0C755FA70A119F37F45857B75B446E6EEEA594B7B7D
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;FA;;;SY)(A;;FRFX;;;IU)
Source REG_SZ $(@%SystemRoot%\system32\shell32.dll,-14349)
Author REG_SZ $(@%SystemRoot%\system32\shell32.dll,-14349)
Description REG_SZ $(@%SystemRoot%\system32\shell32.dll,-14350)
URI REG_SZ \Microsoft\Windows\Shell\CreateObjectTask
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000000821C24248484848EA550FDF484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF1E000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848
Actions REG_BINARY 01007777000000008F9F0A991F30F7458D0E68C5952DBA4300000000
DynamicInfo REG_BINARY 03000000C678D34E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D21BBCE-5FF6-4613-B62C-48148CA6EAA1}
Path REG_SZ \Microsoft\Windows\RAC\RacTask
Hash REG_BINARY 955F4209939ABF69E2D5916DE486AF3FE3F414BF13A6AE5EB9292A0686E02635
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BU)
Source REG_SZ $(@%SystemRoot%\system32\RacEngn.dll,-501)
Author REG_SZ $(@%SystemRoot%\system32\RacEngn.dll,-501)
Description REG_SZ $(@%SystemRoot%\system32\RacEngn.dll,-502)
URI REG_SZ Microsoft\Windows\RAC\RacTask
Data REG_SZ $(Arg0)
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF4821C24248484848D1A0A0D6484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000000000100000000000000000000000000000067010000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D0041007000700058004400650070006C006F0079006D0065006E0074005300650072007600650072002F004F007000650072006100740069006F006E0061006C0022003E003C00530065006C00650063007400200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D0041007000700058004400650070006C006F0079006D0065006E0074005300650072007600650072002F004F007000650072006100740069006F006E0061006C0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D0041007000700058004400650070006C006F0079006D0065006E0074002D0053006500720076006500720027005D00200061006E00640020004500760065006E007400490044003D003400300030005D005D00200061006E00640020002A005B004500760065006E00740044006100740061005B0044006100740061005B0040004E0061006D0065003D0027004400650070006C006F0079006D0065006E0074004F007000650072006100740069006F006E0027005D003D0027003600270020006F007200200044006100740061005B0040004E0061006D0065003D0027004400650070006C006F0079006D0065006E0074004F007000650072006100740069006F006E0027005D003D002700310027005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000000000000000000000000000000000000000000000000000CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000000000000A8000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E003C00530065006C00650063007400200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00430045004900500027005D00200061006E00640020004500760065006E007400490044003D0031003000300037005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000484848484848000000000000000000000000000000000000000000000000DDDD0000000000000066113BB50000000040A429C292C8010000000000000000000000000000000000000000000000000000000000000000C0A8000000000000FFFFFFFF000000000000000000000000000100000100000084030000B5000000FFFF0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF84030000FFFFFFFF00000000000000000000000000000000010061003700630032007D0000000000
Actions REG_BINARY 0100777700000000270D064253CAF54196E4B1E8169308A60E0000002400280041007200670030002900
DynamicInfo REG_BINARY 03000000A8FAD14D469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}
Path REG_SZ \Microsoft\Windows\Application Experience\AitAgent
Hash REG_BINARY FAE75EB8AFFB036D131CA0EAF1A16EF73594410E6FAC51F7CB03365236CFA6BD
Schema REG_DWORD 0x10004
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\aitagent.exe,-701)
Author REG_SZ $(@%SystemRoot%\system32\aitagent.exe,-701)
Description REG_SZ $(@%SystemRoot%\system32\aitagent.exe,-702)
URI REG_SZ \Microsoft\Windows\Application Experience\AitAgent
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000782142424848484848372182484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF0900000000000000000000000000000000000000000000000000000031002D0000000000000000000000000000000100000000000000000000000000020000000000000000000000
Actions REG_BINARY 0100666600000000100000006100690074006100670065006E007400140000002F0069006E006300720065006D0065006E00740000000000
DynamicInfo REG_BINARY 03000000583DD84E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11D63C02-4D1A-4712-BDDA-F94183649B85}
Path REG_SZ \WPD\SqmUpload_S-1-5-21-2771644027-2860193389-1954980343-1001
Hash REG_BINARY F1D79CECE1284AD153773E26491F25880E130B655FDCB04E15A4EE023F394E1D
Schema REG_DWORD 0x10003
Source REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-101)
Author REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-102)
Description REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-103)
URI REG_SZ \WPD\SqmUpload_S-1-5-21-2771644027-2860193389-1954980343-1001
Triggers REG_BINARY 1500000000000000010000000000000000A0C7F6FE0FCD0101894D5AFF7F000000C06BD91DE8D401D221C14248484848622284CB484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674E903000048484848240000004848484848004F004D0045004F00460046004900430045005C005300610062006900720061000000484848482C00000048484848580200007043010084030000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000010000000000000000A0C7F6FE0FCD0101894D5AFF7F000000C06BD91DE8D401000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001F9CC01000000100E00008D000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065003000000070006F0072007400610062006C0065006400650076006900630065006100700069002E0064006C006C002C002300310000000000
DynamicInfo REG_BINARY 0300000034D1CBCBF68BCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12715225-2050-4D9C-8373-26B18404863A}
Path REG_SZ \Microsoft\Windows\Application Experience\ProgramDataUpdater
Hash REG_BINARY 68E718EEF4F40CA6EAA3CA000CF438013F6A34252A6E71FB537BB980E625382F
Schema REG_DWORD 0x10004
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\aepdu.dll,-701)
Author REG_SZ $(@%SystemRoot%\system32\aepdu.dll,-701)
Description REG_SZ $(@%SystemRoot%\system32\aepdu.dll,-702)
URI REG_SZ \Microsoft\Windows\Application Experience\ProgramDataUpdater
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000007821424248484848FCFE31CA484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF04000000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000010000000000000000000000000001000C000000000000000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E0065007800650030000000610065007000640075002E0064006C006C002C0041006500500064007500520075006E00550070006400610074006500000000006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065002C00000069006E0076006100670065006E0074002E0064006C006C002C00520075006E0055007000640061007400650000000000
DynamicInfo REG_BINARY 030000002135B9AE6F49D001000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}
Path REG_SZ \Microsoft\Windows\TaskScheduler\Maintenance Configurator
Hash REG_BINARY 92185929EC63F92C4977897CB06F7C6BC1EF9E01FFEB2BDE085EECAE7345A517
Date REG_SZ 2010-01-01T00:00:00
SecurityDescriptor REG_SZ D(A;;FRFX;;;BA)(A;;FA;;;SY)
Source REG_SZ $(@%SystemRoot%\System32\msched.dll,-601)
Author REG_SZ $(@%SystemRoot%\System32\msched.dll,-600)
Description REG_SZ $(@%SystemRoot%\System32\msched.dll,-603)
URI REG_SZ \Microsoft\Windows\TaskScheduler\Maintenance Configurator
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF482142424848484896C18D56484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000000000000000000000000000000000000000000000000000004848484866660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF78000000FFFFFFFF00000000000000000000000000000000010076006500640044006100740061007508BCA32F018915000000000000000066660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF78000000FFFFFFFF0000000000000000000000000000000001C1583FB500000000000000000000007508BCA32A1E890D0000000000000000DDDD00000000000001903A17B50000000028622A8E73C00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF010000000100000000000000000100000100000000000000B5000000
Actions REG_BINARY 0100777700000000EA295E640A4B4C468B7D1A6B9F9D92A800000000
DynamicInfo REG_BINARY 030000000166EB4E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{129635CD-F657-4175-B472-39DD2C014C64}
Path REG_SZ \WPD\SqmUpload_S-1-5-21-2771644027-2860193389-1954980343-1003
Hash REG_BINARY DFD1016A63E70B39A0BF203C74779EFC8970118CEC2FE7DAF93573FF5F198F83
Schema REG_DWORD 0x10003
Source REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-101)
Author REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-102)
Description REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-103)
URI REG_SZ \WPD\SqmUpload_S-1-5-21-2771644027-2860193389-1954980343-1003
Triggers REG_BINARY 1500000000000000010000000000000000A0C7F6FE0FCD010189B355FA7F000000C06BD91DE8D401D221C14248484848FB2B8C46484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EB030000484848482A0000004848484848004F004D0045004F00460046004900430045005C00590061006D00650065005F0030003000300000004848484848482C00000048484848580200007043010084030000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000010000000000000000A0C7F6FE0FCD010189B355FA7F000000C06BD91DE8D401000000000000000000000000000000000000000000000000FFFFFFFF01000000010000000000000000019C8001000000100E00001D000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065003000000070006F0072007400610062006C0065006400650076006900630065006100700069002E0064006C006C002C002300310000000000
DynamicInfo REG_BINARY 0300000077F4E7DB619BCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}
Path REG_SZ \Microsoft\Windows\TaskScheduler\Manual Maintenance
Hash REG_BINARY D8B571F449DC1728BF79943CB4E8DF86B1F272FF18F6E5D6064F436CA4BED078
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;AU)
Source REG_SZ $(@%SystemRoot%\System32\msched.dll,-601)
Author REG_SZ $(@%SystemRoot%\System32\msched.dll,-600)
Description REG_SZ $(@%SystemRoot%\System32\msched.dll,-602)
URI REG_SZ \Microsoft\Windows\TaskScheduler\Manual Maintenance
Data REG_SZ Manual
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000008234242484848481FF7AC43484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848
Actions REG_BINARY 0100777700000000DDCFBF57E4EEBB4DA7513CDEB169FF440C0000004D0061006E00750061006C00
DynamicInfo REG_BINARY 030000000166EB4E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A4230A2-E136-4936-9B22-DDF624BB8332}
Path REG_SZ \Microsoft\Windows\IME\SQM data sender
Hash REG_BINARY 485E8D6379A9F232CD0267D9B0F2191AD4C4AF07FFE22085D57D356C48A1A60C
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FA;;;IU)
URI REG_SZ Microsoft\Windows\IME\SQM data sender
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFFFA210242484848480AF0DB2F484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848580000004848484800000000100E000000000000FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
Actions REG_BINARY 0100777700000000CBD8B1CC9FD3C941B7930196214BDC4E00000000
DynamicInfo REG_BINARY 030000007AE3D1A4219CCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A65E0DE-77EF-4608-A58B-7D4753BA0398}
Path REG_SZ \Microsoft\Windows\User Profile Service\HiveUploadTask
Hash REG_BINARY 22735240F634AF52EB496CAC7F58E85D9ED7AF876AD31D5AE4C1F57C234E5728
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)
Source REG_SZ $(@%SystemRoot%\system32\profsvc,-500)
Author REG_SZ $(@%SystemRoot%\system32\profsvc,-500)
Description REG_SZ $(@%SystemRoot%\system32\profsvc,-501)
URI REG_SZ \Microsoft\Windows\User Profile Service\HiveUploadTask
Triggers REG_BINARY 150000000000000001783A17B500000000406A6006E9C70100783A17B5000000FFFFFFFFFFFFFFFFE2210242484848480C2AD3B9484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000201C000080F40300FFFFFFFF0700000078000000030000000000000000000000000000000000000048484848DDDD00000000000001783A17B500000000406A6006E9C7010000000000000000000000000000000000000000000000000000000000000000C0A8000000000000FFFFFFFF0000000000000000000000000001B15F01000000100E0000B5000000
Actions REG_BINARY 0100777700000000747067BA2C764B4494C88C83F93F660500000000
DynamicInfo REG_BINARY 0300000085B2ED4E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E525853-4553-482B-B84C-25065B28FDBD}
Path REG_SZ \Microsoft\Windows\WindowsUpdate\Scheduled Start
Hash REG_BINARY C17825BDCA3EF3C4E8FE9CA2728249857CCE6554B48DC33E6B4E600ECE652C99
Schema REG_DWORD 0x10004
Source REG_SZ Microsoft Corporation.
Author REG_SZ Microsoft Corporation.
Description REG_SZ This task is used to start the Windows Update service when needed to perform scheduled operations such as scans.
Triggers REG_BINARY 150000000000000000285071F87F0000000000000000000000285071F87F0000FFFFFFFFFFFFFFFF48204242484848489A9CC58C484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000000D07F802500000000D51A005D95D00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF00000000000000000000000000012670010000003C000000F87F0000777700000000000000285071F87F0000000000000000000000285071F87F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000FFFFFF00FFFFFF00000000000000000000000002000000F87F00000148484848484848777700000000000000285071F87F0000000000000000000000285071F87F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000FFFFFF00000000250000002034FBF62500000004000000250000000148484848484848666600000000000000285071F87F0000000000000000000000285071F87F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000FFFFFF000041005500530065007300730069007508BCA3380C960C010000000000000001
Actions REG_BINARY 01006666000000003400000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C00730063002E006500780065001C0000007300740061007200740020007700750061007500730065007200760000000000
DynamicInfo REG_BINARY 03000000D1357C31018DCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E5C1056-AACB-42DD-851C-531272FC633F}
Path REG_SZ \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1006
Hash REG_BINARY B57550D08202DB915E70FC9C998F61958B047595A580C8B50C3A5F6BEC041357
Source REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8000)
Author REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8001)
Description REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8002)
Data REG_SZ $(Arg0)
Triggers REG_BINARY 150000000000000000F27B9D6B000000000000000000000000F27B9D6B000000FFFFFFFFFFFFFFFF0221010248484848C734BA17484848480048484848484848004848484848484808000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EE030000484848482A0000004848484848004F004D0045004F00460046004900430045005C00790061006D00650065005F0030003000300000004848484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848EEEE00000000000000F27B9D6B000000000000000000000000F27B9D6B000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000000000100000000000000000000000E000000
Actions REG_BINARY 01007777000000001B8A3F2DCD6DD54EBDBAA096594B98EF0E0000002400280041007200670030002900
DynamicInfo REG_BINARY 0300000070973321DEB1CF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EFFB9C8-B178-41D3-906D-D567219D1B46}
Path REG_SZ \Microsoft\Windows\Multimedia\SystemSoundsService
Hash REG_BINARY FD7B51B9FB6DDD39374C586690F9E934EE65EB22FD61531B5408B20591031CE2
Date REG_SZ 2005-06-23T13:48:00-08:00
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)
Source REG_SZ $(@%systemRoot%\System32\PlaySndSrv.Dll,-106)
Description REG_SZ $(@%systemRoot%\System32\PlaySndSrv.Dll,-105)
URI REG_SZ Microsoft\Windows\Multimedia\SystemSoundsService
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF08854042484848489D3512E94848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
Actions REG_BINARY 01007777000000008F65EA2DC1542742AF9B260AB5FC354300000000
DynamicInfo REG_BINARY 03000000C7417B4E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2085BF56-520D-4951-B7C0-DF34AF90CC6A}
Path REG_SZ \Microsoft\Windows\Sysmain\WsSwapAssessmentTask
Hash REG_BINARY 82A3B21AD1591DC956729F78D580018EE0160C0516878E6BD7AD84BD4B7AF9F1
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
Author REG_SZ $(@%systemRoot%\System32\sysmain.dll,-3000)
Description REG_SZ $(@%systemRoot%\System32\sysmain.dll,-3001)
URI REG_SZ \Microsoft\Windows\Sysmain\WsSwapAssessmentTask
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000018214203484848480F27DF6E484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF060000000000000000000000000000000000000000000000000000003300320000000000000000000000000000001E000000000000000000000000001F0000000000000001000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E00650078006500480000007300790073006D00610069006E002E0064006C006C002C0050006600530076005700730053007700610070004100730073006500730073006D0065006E0074005400610073006B0000000000
DynamicInfo REG_BINARY 030000001615F04E469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{208E31E3-3FCD-48B1-BF9E-242FF5584D4A}
Path REG_SZ \Dell SupportAssistAgent AutoUpdate
Hash REG_BINARY 6CE04A933335913B3C4F7A9FD2B1EC462E32AE9BF88889F02F876F224033EEF4
Date REG_SZ 2015-04-22T16:12:24.7177355+01:00
Author REG_SZ Dell, Inc.
Description REG_SZ Dell SupportAssistAgent Auto Update Task Scheduler
Triggers REG_BINARY 15000000000000000100000000000000005C7098C27ED00100FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4021414348484848068AD031484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674E903000048484848240000004848484848004F004D0045004F00460046004900430045005C005300610062006900720061000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0400000000000000000000000000000000000000000000000000000048484848DDDD0000000000000100000000000000005C7098C27ED00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0200000001002000000000000001C0A10100000000000000FD7F0000
Actions REG_BINARY 01006666000000008800000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00440065006C006C005C0053007500700070006F00720074004100730073006900730074004100670065006E0074005C00620069006E005C0053007500700070006F00720074004100730073006900730074002E00650078006500140000004100750074006F005500700064006100740065006400000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00440065006C006C005C0053007500700070006F00720074004100730073006900730074004100670065006E0074005C00620069006E00
DynamicInfo REG_BINARY 03000000A9B76DBD0E7DD001000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{221203AC-EBF6-499E-817E-E0EFB5EAB1BF}
Path REG_SZ \Microsoft\Windows\WS\WSTask
Hash REG_BINARY E0DC067C7EF49B43C14390F4E185B886E9E7E54E7671CA4F418E564ED445D556
Date REG_SZ 2010-10-27T17:18:44.0816608
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-80-1227353651-1023108616-160957920-2792958081-1972711695)
Source REG_SZ $(@%SystemRoot%\system32\wsservice.dll,-122)
Author REG_SZ $(@%SystemRoot%\system32\wsservice.dll,-120)
Description REG_SZ $(@%SystemRoot%\system32\wsservice.dll,-121)
URI REG_SZ \Microsoft\Windows\WS\WSTask
Data REG_SZ $(Arg0);$(Arg1)
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000082142424848484806F0D542484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848
Actions REG_BINARY 0100777700000000259A2CE5E8F3E449BAA7FAD0EF6201291E00000024002800410072006700300029003B002400280041007200670031002900
DynamicInfo REG_BINARY 030000001615F04E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BC666B2-C77B-492D-A698-30536C6C4D42}
Path REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Hash REG_BINARY 555CD377BA0A0532A5630EBE96AE9DB1843E642B2A15BA07C40C8B67BE00E87F
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)
Source REG_SZ $(@%systemRoot%\system32\wsqmcons.exe,-106)
Author REG_SZ Microsoft Corporation
Description REG_SZ $(@%systemRoot%\system32\wsqmcons.exe,-107)
URI REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Triggers REG_BINARY 1500000000000000016E113BB500000000C05B5DC3D0C301006E113BB5000000FFFFFFFFFFFFFFFF4821424248484848F3FE730B484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848DDDD000000000000016E113BB500000000C05B5DC3D0C3010000000000000000000000000000000000000000000000000000000000000000300B010000000000FFFFFFFF0000000000000000000000000001B15F0100000000000000B5000000
Actions REG_BINARY 0100666600000000440000002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C007700730071006D0063006F006E0073002E006500780065000000000000000000
DynamicInfo REG_BINARY 030000003577F24E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C9C0C6C-2A74-46F2-858A-4389D253EAD0}
Path REG_SZ \Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Hash REG_BINARY E6F6C425E4BCB2604773E16D9792E18595E18289CE28C14988FD19E57E1FC96D
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
Author REG_SZ $(@%systemRoot%\System32\sysmain.dll,-3000)
Description REG_SZ $(@%systemRoot%\System32\sysmain.dll,-3003)
URI REG_SZ \Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000003A210203484848486C5202F0484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF201C0000FFFFFFFF0600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000E0000000000000000000000
Actions REG_BINARY 01007777000000005722C8174E65474C8E23DCA24EAA76A000000000
DynamicInfo REG_BINARY 030000003577F24E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D95D35A-54AC-40CE-B246-F4AB6D2A6CD8}
Path REG_SZ \Microsoft\Windows\Device Setup\Metadata Refresh
Hash REG_BINARY 60C1D3BE35F106AA6413FF71AEBDF50C8ABC19F81173752555100D0499B8693E
Source REG_SZ Device Metadata Refresh Task
Author REG_SZ Microsoft Corporation
Description REG_SZ Performs a device metadata refresh on a periodic basis
URI REG_SZ \Microsoft\Windows\Device Setup\Metadata Refresh
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000F885C0424848484800FC525B484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848580000004848484858020000100E000080F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000E00000000000000000000000000000000000000000000000000
Actions REG_BINARY 0100777700000000CFF3C12310C11245ACA97B6174ECE88800000000
DynamicInfo REG_BINARY 0300000086D94DA5219CCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FC4FD44-CAD0-4799-BD51-812331252C81}
Path REG_SZ \User_Feed_Synchronization-{43E96A62-1FF1-420F-BAF2-F9C57E7B0AD8}
Hash REG_BINARY 62E417457E76161F6602E75E59E8E16FD89D2A86BD0F546349FF41949780663A
Schema REG_DWORD 0x10003
Author REG_SZ HOMEOFFICE\fatem_000
Description REG_SZ Updates out-of-date system feeds.
Triggers REG_BINARY 150000000000000000D36B81B700000000F74E58FB61D001000000000000000000B74F8F8598DB01C821C14248484848F432E78E484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EC030000484848482A0000004848484848004F004D0045004F00460046004900430045005C0066006100740065006D005F0030003000300000004848484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000000D36B81B700000000F74E58FB61D001000000000000000000B74F8F8598DB01000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001389A0100000000000000F97F0000
Actions REG_BINARY 01006666000000004600000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D00730066006500650064007300730079006E0063002E0065007800650008000000730079006E00630000000000
DynamicInfo REG_BINARY 0300000024541C6D3BA7CF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{329D0FF6-145E-4A45-9CBD-CBE6BB2FC8D8}
Path REG_SZ \Microsoft\Windows\PI\Sqm-Tasks
Hash REG_BINARY B4C453FD5CF6D546E9521D5AE925A70E849097FCD79E52D26BAA5B73B1A86269
Date REG_SZ 2011-07-22T00:00:00.8844064
SecurityDescriptor REG_SZ O:BAG:BAD(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\TpmTasks.dll,-601)
Author REG_SZ $(@%SystemRoot%\system32\TpmTasks.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\TpmTasks.dll,-603)
URI REG_SZ Microsoft\Windows\PI\Sqm-Tasks
Data REG_SZ PiSqmTasks
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000005821424248484848E40CB123484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000
Actions REG_BINARY 0100777700000000C8B714504E9362429816887FA745A6C41400000050006900530071006D005400610073006B007300
DynamicInfo REG_BINARY 03000000EA7BA32AA18BCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34946D56-A8FF-4198-BD85-43FA91981A0F}
Path REG_SZ \Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Hash REG_BINARY 0C8CFE6871C065E6A77223579BD61EA1583A067D921FB1833ACC697B88628BD2
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)
Source REG_SZ $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-601)
Author REG_SZ $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-603)
URI REG_SZ \Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Data REG_SZ Event
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF7EA1C00348484848C9ACE1954848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002002000000000000484848482C0000004848484800000000FFFFFFFF201C0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001010000000000052000000000000000D4000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D005700450052002D00530079007300740065006D004500720072006F0072005200650070006F007200740069006E00670027005D00200061006E006400200028004500760065006E007400490044003D00310030003000300020006F00720020004500760065006E007400490044003D00310030003000310020006F00720020004500760065006E007400490044003D00310030003000360029005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000484848484848000000000000000000000000000000000000000000000000CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001010000000000052000000000000000A3000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E003C00530065006C00650063007400200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004100700070006C00690063006100740069006F006E0020004500720072006F00720027005D00200061006E00640020004500760065006E007400490044003D0031003000300030005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000000000000000000000000000000000000000000000000000CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000000000101000000000005200000000000000099000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004100700070006C00690063006100740069006F006E00200050006F0070007500700027005D00200061006E00640020004500760065006E007400490044003D0031003800300031005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001003B003B00460052003B003B003B00F4000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004B00650072006E0065006C002D00530074006F00720065004D00670072002F004F007000650072006100740069006F006E0061006C0022003E003C00530065006C00650063007400200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004B00650072006E0065006C002D00530074006F00720065004D00670072002F004F007000650072006100740069006F006E0061006C0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004B00650072006E0065006C002D00530074006F00720065004D006700720027005D00200061006E00640020004500760065006E007400490044003D0036005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000484848484848000000000000000000000000000000000000000000000000
Actions REG_BINARY 01007777000000004AE768819FB3D846ADCD7BED477B80A30A0000004500760065006E007400
DynamicInfo REG_BINARY 03000000EA3BF74E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}
Path REG_SZ \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join
Hash REG_BINARY 694400BF8F5531D57D2A50526200BD76E95101EAD968E65CF6DA5C5A2D671064
SecurityDescriptor REG_SZ D:AI(A;;FA;;;NS)(A;;GA;;;SY)(A;ID;FA;;;BA)(A;ID;GRGX;;;AU)
Description REG_SZ $(@%SystemRoot%\system32\AutoWorkplaceN.dll,-101)
URI REG_SZ \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF8891004248484848114540B1484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000050B0000004848484800000000484848482C0000004848484800000000FFFFFFFF2C010000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF2C010000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
Actions REG_BINARY 01006666000000004E0000002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C004100750074006F0057006F0072006B0070006C006100630065002E00650078006500080000006A006F0069006E0000000000
DynamicInfo REG_BINARY 03000000CAB6904E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{358EE060-BD59-4F93-9741-A57AE6887DC0}
Path REG_SZ \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Hash REG_BINARY DCE5FD4266719E1762251B3B6149DBCA8C3264A9A886C715CE60E55F289B90EC
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFW;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-4)
Source REG_SZ $(@%systemroot%\system32\sppc.dll,-200)
Author REG_SZ $(@%systemroot%\system32\sppc.dll,-200)
Description REG_SZ $(@%systemroot%\system32\sppc.dll,-202)
URI REG_SZ \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Data REG_SZ logon
Triggers REG_BINARY 15000000000000000005DAE28D00000000000000000000000005DAE28D000000FFFFFFFFFFFFFFFF08A18002484848488A4309A3484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C000000030000000000000000000000000000000000000048484848AAAA0000000000000005DAE28D00000000000000000000000005DAE28D000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000007F000001006C006900630065006E00730069000148484848484848
Actions REG_BINARY 01007777000000005DBBAEB1D9EA7644B3759C3ED9F32AFC0A0000006C006F0067006F006E00
DynamicInfo REG_BINARY 03000000CAB6904E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B23C1DC-4C36-42B7-926E-67E6AF6BEB03}
Path REG_SZ \Microsoft\Windows\Shell\FamilySafetyRefresh
Hash REG_BINARY B59F09E1407F194C4360AEC1295FDFDD6783EEF06C2DBB180C4CAD76C1237FD9
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;LA)(A;OICI;FA;;;SY)(A;OICI;FRFX;;;AU)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\System32\WpcWebSync.dll,-32010)
Author REG_SZ $(@%SystemRoot%\System32\WpcWebSync.dll,-32011)
Description REG_SZ $(@%SystemRoot%\System32\WpcWebSync.dll,-32012)
URI REG_SZ \Microsoft\Windows\Shell\FamilySafetyRefresh
Data REG_SZ $(Arg0)
Triggers REG_BINARY 150000000000000000E065AB2F000000000000000000000000E065AB2F000000FFFFFFFFFFFFFFFFA811424348484848163E8238484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF58020000FFFFFFFF07000000000000000000000000000000000000000000000000000000FFFFFFFF00000000000000000000000000000F00000000000000000001000000000000000000000000000000666600000000000000E065AB2F000000000000000000000000E065AB2F000000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000005044CBAC2F0000007508BCA33A0895410000000000000000
Actions REG_BINARY 0100777700000000CB0FF0EB6907814B9BEC6C05514111AA0E0000002400280041007200670030002900
DynamicInfo REG_BINARY 030000003B0D32615C84CF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B6D8A73-F20B-4C93-B8FB-56A154F172D2}
Path REG_SZ \Microsoft\Windows\Time Zone\SynchronizeTimeZone
Hash REG_BINARY 0545DC31F1BE092F022A1D9850CECE7E4AACD0030F05E0B83F08B4639653F6D2
Date REG_SZ 2013-01-10T16:32:04.2837388
Author REG_SZ $(@%SystemRoot%\system32\tzsyncres.dll,-101)
Description REG_SZ $(@%SystemRoot%\system32\tzsyncres.dll,-102)
URI REG_SZ Microsoft\Windows\Time Zone\SynchronizeTimeZone
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000028214243484848483B926CE8484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000E0000000000000000000000
Actions REG_BINARY 0100666600000000380000002500770069006E0064006900720025005C00730079007300740065006D00330032005C0074007A00730079006E0063002E006500780065000000000000000000
DynamicInfo REG_BINARY 030000009CC0BECFEA9CCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C0FF73C-5118-46A3-9350-6B6A8A9D2C4A}
Path REG_SZ \Microsoft\Windows\Shell\FamilySafetyUpload
Hash REG_BINARY D3691BA49E7014D916856EF2A25D08E860EC07368A6DC7DEDB9D0F3DD69A8C5A
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)
Source REG_SZ $(@%SystemRoot%\System32\WpcWebSync.dll,-32010)
Author REG_SZ $(@%SystemRoot%\System32\WpcWebSync.dll,-32011)
Description REG_SZ $(@%SystemRoot%\System32\WpcWebSync.dll,-32016)
URI REG_SZ \Microsoft\Windows\Shell\FamilySafetyUpload
Data REG_SZ 4
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000E8210243484848483DD97CCE484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF58020000FFFFFFFF070000000000000000000000000000000000000000000000000000007200650000000000000000000000000000000100000000000000000000000000050000000000000000000000
Actions REG_BINARY 0100777700000000CB0FF0EB6907814B9BEC6C05514111AA020000003400
DynamicInfo REG_BINARY 030000000FC1F133018DCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FD92324-06BF-4DFF-B702-1C7B4581CFFB}
Path REG_SZ \PCDoctorBackgroundMonitorTask
Hash REG_BINARY 3287C693155149381E665E885CD7D3B8119AA57605F57EBF624311E2AD169A01
Schema REG_DWORD 0x10002
Author REG_SZ PC-Doctor
Triggers REG_BINARY 1500000000000000010000000000000000B0E7743B7CD00100FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF50214141484848489972597B484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674E903000048484848240000004848484848004F004D0045004F00460046004900430045005C005300610062006900720061000000484848482C0000004848484800000000F0FF0F0080F40300FFFFFFFF0500000000000000000000000000000000000000000000000000000048484848DDDD000000000000010000000000000000B0E7743B7CD00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0300000000001000FF0F00000001E6F30100000000000000F97F0000
Actions REG_BINARY 01006666000000006A000000220043003A005C00500072006F006700720061006D002000460069006C00650073005C00440065006C006C005C0053007500700070006F00720074004100730073006900730074005C007500610063006C00610075006E0063006800650072002E006500780065002200E00000002D006200610063006B00670072006F0075006E0064006D006F006E00200073006300720069007000740073005C006200610063006B00670072006F0075006E0064006D006F006E002E0078006D006C0020002D007300740020005000430044006F00630074006F0072004200610063006B00670072006F0075006E0064004D006F006E00690074006F0072005400610073006B0020002D002D00690067006E006F00720065007300650063006F006E006400610072007900730070006C0061007300680020002D002D00720075006E00730069006C0065006E0074006C0079004600000043003A005C00500072006F006700720061006D002000460069006C00650073005C00440065006C006C005C0053007500700070006F0072007400410073007300690073007400
DynamicInfo REG_BINARY 030000007D1A41C7646CD001576F168BEC93D00101130400000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{400BB0A6-89F9-43DC-BF42-3056EB62A018}
Path REG_SZ \GoogleUpdateTaskMachineUA
Hash REG_BINARY BF20A267C067D0898D35ED852AEF4FAB0053CDA3E15AD1729A472AE5865C74C6
Schema REG_DWORD 0x10001
Author REG_SZ WORKGROUP\HOMEOFFICE$
Description REG_SZ Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
Triggers REG_BINARY 15000000000000000123D296FC7F000000D0FC0DEF90D00100FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00216241484848482B4F51DA484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000000000000FFFFFFFF0500000000000000000000000000000000000000000000000000000048484848DDDD0000000000000123D296FC7F000000D0FC0DEF90D0010000000000000000000000000000000000000000000000000000000000000000100E000080510100FFFFFFFF010000000100000000000000000179940100000000000000FC7F0000
Actions REG_BINARY 01006666000000006A00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0047006F006F0067006C0065005C005500700064006100740065005C0047006F006F0067006C0065005500700064006100740065002E00650078006500380000002F007500610020002F0069006E007300740061006C006C0073006F00750072006300650020007300630068006500640075006C006500720000000000
DynamicInfo REG_BINARY 03000000AD200636FF8BCF01DB2E98A5ED94D00100000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45561755-0BB2-49DF-9B3C-3F0CEB4AB61E}
Path REG_SZ \Microsoft\Windows\WS\Badge Update
Hash REG_BINARY 4BE4B93A26FEBE2B39D1361279F0575E4718C6FC1C7D0350196AFE3BCFFC1161
Date REG_SZ 2011-05-13T12:24:14.5690357
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
Source REG_SZ $(@%SystemRoot%\WinStore\WinStoreUI.dll,-601)
Author REG_SZ $(@%SystemRoot%\WinStore\WinStoreUI.dll,-600)
Description REG_SZ $(@%SystemRoot%\WinStore\WinStoreUI.dll,-602)
URI REG_SZ \Microsoft\Windows\WS\Badge Update
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF28A1404248484848880EBC79484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000004848484866660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001DB6D19B500000030DB6D19B50000007510BCA33A1B87410000000000000000
Actions REG_BINARY 0100777700000000F6DDCC0007514D42853D3907AE5502DC00000000
DynamicInfo REG_BINARY 030000009C00FC4E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47BFE674-5DFA-4395-B88C-47D28D6E5597}
Path REG_SZ \Microsoft\Windows\Maintenance\WinSAT
Hash REG_BINARY 5B218B29FAF97DEFC9946B07C26A102D47E562210904F9AE1717D450C61342C0
Date REG_SZ 2008-02-25T19:15:00
SecurityDescriptor REG_SZ DA;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
Source REG_SZ $(@%systemroot%\system32\winsatapi.dll,-113)
Author REG_SZ $(@%systemroot%\system32\winsatapi.dll,-112)
Description REG_SZ $(@%systemroot%\system32\winsatapi.dll,-114)
URI REG_SZ Microsoft\Windows\Maintenance\WinSAT
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000038A14043484848488DEC84BE484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000200200000000000048484848580000004848484800000000FFFFFFFF08070000FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000001000000000000000000000001000000
Actions REG_BINARY 01007777000000003634A3A98B679C4CA2117CC38785E79D00000000
DynamicInfo REG_BINARY 0300000008E32AFAB39DCE01000000000000000000000000000000000000000000000000


----------



## Compash (Jan 9, 2006)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49754026-21E1-41FC-94FD-727AFE414FE7}
Path REG_SZ \Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Hash REG_BINARY 5002BFE30AF30026E176A5643F832DB50E1A687CEB94C4A05B3A449234258196
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
Author REG_SZ $(@%systemRoot%\System32\sysmain.dll,-3000)
Description REG_SZ $(@%systemRoot%\System32\sysmain.dll,-3002)
URI REG_SZ \Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000000A21020348484848EC0C8945484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF58020000FFFFFFFF060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000070000000000000001000000
Actions REG_BINARY 0100777700000000B87743D42F1FAA4F9C8E6C4AD2928E4700000000
DynamicInfo REG_BINARY 0300000055C5004F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C65E53E-0AEF-4A49-9842-A3B3C51560B8}
Path REG_SZ \GoogleUpdateTaskMachineCore
Hash REG_BINARY 9F5286BE3448F41D31B84442AA183634386952C4CC35FD737477F0252CF2FEEE
Schema REG_DWORD 0x10001
Author REG_SZ WORKGROUP\HOMEOFFICE$
Description REG_SZ Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
Triggers REG_BINARY 15000000000000000028D496FC7F000000000000000000000028D496FC7F0000FFFFFFFFFFFFFFFF0021624148484848D8C57C4C484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000000000000FFFFFFFF0500000000000000000000000000000000000000000000000000000048484848AAAA0000000000000028D496FC7F000000000000000000000028D496FC7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000FFFFFF010000000000000000000000000000000148484848484848DDDD000000000000010000000000000000D0FC0DEF90D00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF010000000100000000000000000179940100000000000000FC7F0000
Actions REG_BINARY 01006666000000006A00000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0047006F006F0067006C0065005C005500700064006100740065005C0047006F006F0067006C0065005500700064006100740065002E00650078006500040000002F00630000000000
DynamicInfo REG_BINARY 030000009437BC35FF8BCF01B998A6FB5395D00100000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55390B09-D1C5-4005-9E26-12E918A9D12D}
Path REG_SZ \User_Feed_Synchronization-{55142E85-E6CE-487B-A5E5-CBD6AC44CB22}
Hash REG_BINARY BDBF9CC304E608CE7989044177F69D3E9FC67B00B95A9CA4E1C0DE9008D61170
Schema REG_DWORD 0x10003
Author REG_SZ HOMEOFFICE\shami_000
Description REG_SZ Updates out-of-date system feeds.
Triggers REG_BINARY 1500000000000000001ED93F960000000069BC452714D0010089AAB4FC7F00000029BD7CB14ADB01C821C14248484848086661B8484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674ED030000484848482A0000004848484848004F004D0045004F00460046004900430045005C007300680061006D0069005F0030003000300000004848484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000001ED93F960000000069BC452714D0010089AAB4FC7F00000029BD7CB14ADB01000000000000000000000000000000000000000000000000FFFFFFFF01000000010000000000000000010F00010000000000000096000000
Actions REG_BINARY 01006666000000004600000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D00730066006500650064007300730079006E0063002E0065007800650008000000730079006E00630000000000
DynamicInfo REG_BINARY 030000006DBB33CA9ADCCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55E46F05-2A1C-4F8F-8254-26482B40C290}
Path REG_SZ \Microsoft\Windows\Plug and Play\Device Install Reboot Required
Hash REG_BINARY E6CE704B5A3CFA4CB1BC516ECF14FB9703AD56FF132061198AF823D3B3D8D170
SecurityDescriptor REG_SZ O:BAG:BADA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;;FR;;;IU)
Author REG_SZ $(@%SystemRoot%\system32\pnpui.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\pnpui.dll,-602)
URI REG_SZ \Microsoft\Windows\Plug and Play\Device Install Reboot Required
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF08A0C00348484848CBD27A28484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF060000000000000000000000000000000000000000000000000000004848484866660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000000000007508BCA33D0096020000000000000000
Actions REG_BINARY 0100777700000000824779481F6AB947BD521D5F95D49C1B00000000
DynamicInfo REG_BINARY 03000000CF4E0A4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5705047A-8B57-4B41-881F-DAEA70D97A9C}
Path REG_SZ \Microsoft\Windows\Plug and Play\Device Install Group Policy
Hash REG_BINARY 4018E692EBEDD31883FACE6D90EDCCFBDACB0F9D5597229E15A8A33B50A8CA03
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)
Author REG_SZ $(@%SystemRoot%\system32\pnppolicy.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\pnppolicy.dll,-602)
URI REG_SZ \Microsoft\Windows\Plug and Play\Device Install Group Policy
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF0811C20348484848752634D9484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF80510100FFFFFFFF0600000000000000000000000000000000000000000000000000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001002D004D0065006400690061002F00A5000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00470072006F007500700050006F006C0069006300790027005D00200061006E00640020004500760065006E007400490044003D0031003500300032005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000
Actions REG_BINARY 01007777000000008302406042B2A84F8C25CAF695B8820900000000
DynamicInfo REG_BINARY 030000001EB10C4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57D2908A-C2C5-4156-BF22-3FDC8E3F83BA}
Path REG_SZ \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Hash REG_BINARY F27F730393BD350CF2F97E6F6FF649BF12BE81F8053EA66DC81E01D8EF90C568
SecurityDescriptor REG_SZ D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
Source REG_SZ $(@%systemroot%\system32\discan.dll,-601)
Author REG_SZ $(@%systemroot%\system32\discan.dll,-600)
Description REG_SZ $(@%systemroot%\system32\discan.dll,-602)
URI REG_SZ \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000045113BB5000000FFFFFFFFFFFFFFFF702102434848484807DDE924484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD0000000000000145113BB50000000018DA9D07AACB0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0200000004004000000000000001BD6F01000000803A0900B5000000FFFF0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF100E0000FFFFFFFF000000000000000000000000000000000000410064006D0069006E0074007900
Actions REG_BINARY 0100777700000000A83EFDDC60D919478206490AE315F94F00000000
DynamicInfo REG_BINARY 030000008FF36C4E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57E1AB59-8B1F-47D2-AD45-7F2A4F5CDF39}
Path REG_SZ \Microsoft\Windows\TPM\Tpm-Maintenance
Hash REG_BINARY BABAB502904A40DEAB3A3D926F7BF3DA28EF8A44684E0F0425C62EB7FD98ED64
Date REG_SZ 2010-06-10T17:49:20.8844064
SecurityDescriptor REG_SZ O:BAG:BAD(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\TpmTasks.dll,-601)
Author REG_SZ $(@%SystemRoot%\system32\TpmTasks.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\TpmTasks.dll,-602)
URI REG_SZ Microsoft\Windows\TPM\Tpm-Maintenance
Data REG_SZ TpmTasks
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF08114242484848486B32C82E484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848480000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001002D0050006500720066006F007200A5000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00470072006F007500700050006F006C0069006300790027005D00200061006E00640020004500760065006E007400490044003D0031003500300032005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010065002F0041006E0061006C00790089000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D002700540050004D0027005D00200061006E00640020004500760065006E007400490044003D00310038005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E0000004848484800000000000000000000000000000000000000000000000066660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001003000610061003500660034003200750CBCA3290B9641000000000000000066660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010076006500640044006100740061007510BCA3391E8B410000000000000000
Actions REG_BINARY 0100777700000000C8B714504E9362429816887FA745A6C410000000540070006D005400610073006B007300
DynamicInfo REG_BINARY 030000001EB10C4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A3FB241-0B11-4EA5-BC66-0D9F1B406040}
Path REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Hash REG_BINARY D0E6A73164860AA805579DA9653B1CCCA192684F0ADCCF5D787831749A2F6482
Schema REG_DWORD 0x10004
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-224361007-3711242123-1183041157-3960732064-2483374445)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\BthSQM.dll,-601)
Author REG_SZ $(@%SystemRoot%\system32\BthSQM.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\BthSQM.dll,-602)
URI REG_SZ Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Data REG_SZ SYSTEM
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000007821C243484848485A854061484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000
Actions REG_BINARY 0100777700000000207336C8856FE011A1F00800200C9A660C000000530059005300540045004D00
DynamicInfo REG_BINARY 030000006953FE7A589BCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B19D8A3-54C1-44A4-A332-9A0F6E249272}
Path REG_SZ \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1001
Hash REG_BINARY FAC1D58EF5DA2F37943505E422D783868AA5A38BAAE2EE71AD10DF4B5D9911E5
Source REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8000)
Author REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8001)
Description REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8002)
Data REG_SZ $(Arg0)
Triggers REG_BINARY 150000000000000000285071F87F0000000000000000000000285071F87F0000FFFFFFFFFFFFFFFF022101024848484814600F58484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674E903000048484848240000004848484848004F004D0045004F00460046004900430045005C005300610062006900720061000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848EEEE00000000000000285071F87F0000000000000000000000285071F87F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000000000000
Actions REG_BINARY 01007777000000001B8A3F2DCD6DD54EBDBAA096594B98EF0E0000002400280041007200670030002900
DynamicInfo REG_BINARY 030000007D66F2B8338FD001000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{633BC3C6-1F19-4998-859B-DFCBEC3D2E92}
Path REG_SZ \[email protected]
Hash REG_BINARY 20FB9D6CEC444C77678B369E3BDA09CE02ECFBA59974D26EF7BAD47885592DB3
Schema REG_DWORD 0x10002
Author REG_SZ Author Name
Triggers REG_BINARY 1500000000000000010535D1E3000000001003AB7492CF01000535D1E3000000FFFFFFFFFFFFFFFF78214142484848489E4C7D17484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674E903000048484848240000004848484848004F004D0045004F00460046004900430045005C005300610062006900720061000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000010535D1E3000000001003AB7492CF0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001FFD00100000000000000E3000000
Actions REG_BINARY 0100666600000000A400000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0043006F006D006D006F006E002000460069006C00650073005C00410064006F00620065005C004F004F00420045005C00500044004100700070005C005500570041005C00550070006400610074006500720053007400610072007400750070005500740069006C006900740079002E006500780065001E0000002D006D006F00640065003D007300630068006500640075006C006500640000000000
DynamicInfo REG_BINARY 030000001A7C6F1D2093CF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{668F8557-652D-433B-9CD3-CB95162F402D}
Path REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
Hash REG_BINARY F1F641F0DD4953B6D24513D707E0D31F90D0765BB5AE0438C3C3714F7A5612CD
Schema REG_DWORD 0x10004
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\usbceip.dll,-601)
Author REG_SZ $(@%SystemRoot%\system32\usbceip.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\usbceip.dll,-602)
URI REG_SZ Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
Data REG_SZ SYSTEM
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000078A1C04348484848CDEE645F484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000200200000000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000006900630000000000000000000000000000000700000000000000000000000000000000000000000000000000
Actions REG_BINARY 01007777000000001D6B7FC20BFEE445925738799FA69BC80C000000530059005300540045004D00
DynamicInfo REG_BINARY 03000000D79C71A5219CCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66926B60-F280-4F44-974E-9B7C8406A2A3}
Path REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\Uploader
Hash REG_BINARY 658750F14DA0BF49F1A63C4349EE7A350BE594AF4C0E9D63F739F9882CC54C2B
Version REG_SZ 1.0
Date REG_SZ 2005-06-24T10:10:35-08:00
Source REG_SZ Windows Customer Experience Improvement Program
Description REG_SZ This job sends data about windows based on user participation in the Windows Customer Experience Improvement Program
URI REG_SZ Microsoft\Windows\Customer Experience Improvement Program\Uploader
Triggers REG_BINARY 150000000000000001D51F8025000000805C07665D95D0010100C5F5250000008066FB146595D001882142424848484891FB6563484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C0000004848484800000000FFFFFFFF08070000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001D51F8025000000805C07665D95D00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000001267001000000E40C0000F87F0000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C005700530071006D0043006F006E0073002E00650078006500040000002D00750000000000
DynamicInfo REG_BINARY 03000000EAC6D2FDF78BCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AA91E8C-DDBD-4979-8464-4062F7681A19}
Path REG_SZ \Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Hash REG_BINARY 6BEA62C591A3C6ABEC5FE6ADB0D85B53ACB81B5CCB38647EA63C0E184D871B24
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)
Source REG_SZ $(@%SystemRoot%\system32\pnpclean.dll,-201)
Author REG_SZ $(@%SystemRoot%\system32\pnpclean.dll,-201)
Description REG_SZ $(@%SystemRoot%\system32\pnpclean.dll,-202)
URI REG_SZ \Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000007A214203484848480844678E484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF100E0000FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000002000000000000000000000000000000
Actions REG_BINARY 01007777000000003232F0DE8896E211BE7FB4B52FD966FF00000000
DynamicInfo REG_BINARY 0300000033BFE8D27C93CE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D21C8E9-C77F-4EE7-9252-2D30C930528A}
Path REG_SZ \Microsoft\Windows\Defrag\ScheduledDefrag
Hash REG_BINARY 9BAF4BF99E7E9019B8B65D3B0088909B45A9B3EDF2D9F398321F95A0A0D742B7
SecurityDescriptor REG_SZ D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
Source REG_SZ $(@%systemroot%\system32\defragsvc.dll,-800)
Author REG_SZ $(@%systemroot%\system32\defragsvc.dll,-801)
Description REG_SZ $(@%systemroot%\system32\defragsvc.dll,-802)
URI REG_SZ Microsoft\Windows\Defrag\ScheduledDefrag
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000007821424348484848FAF5C5E2484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000001000000000000000000000000000000
Actions REG_BINARY 0100666600000000380000002500770069006E0064006900720025005C00730079007300740065006D00330032005C006400650066007200610067002E00650078006500160000002D00630020002D00680020002D006F0020002D00240000000000
DynamicInfo REG_BINARY 030000009021E0CFEA9CCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}
Path REG_SZ \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Hash REG_BINARY C0FE93414206317DCA8BA0388B35703D6B3A92438FBBAF2046DDB79558B235FF
SecurityDescriptor REG_SZ D(A;;FRFX;;;AU)(A;;FA;;;SY)(A;;FA;;;BA)
Author REG_SZ $(@%SystemRoot%\System32\SyncEngine.dll,-20447)
Description REG_SZ $(@%SystemRoot%\System32\SyncEngine.dll,-20449)
URI REG_SZ \Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Data REG_SZ IdleSyncMaintenance
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000B485404248484848715A21EE484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000010000000000010000000000
Actions REG_BINARY 0100777700000000471E6CBFEC8694419CE513C15DCB200126000000490064006C006500530079006E0063004D00610069006E00740065006E0061006E0063006500
DynamicInfo REG_BINARY 0300000090611D4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}
Path REG_SZ \Microsoft\Windows\TaskScheduler\Idle Maintenance
Hash REG_BINARY D9613C248C7FB12E275EDBD5E150579EB1121D5C98C07307ED955F882BA728FE
Date REG_SZ 2010-01-29T15:25:46.8348948
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;AU)
Source REG_SZ $(@%SystemRoot%\System32\msched.dll,-601)
Author REG_SZ $(@%SystemRoot%\System32\msched.dll,-600)
Description REG_SZ $(@%SystemRoot%\System32\msched.dll,-602)
URI REG_SZ \Microsoft\Windows\TaskScheduler\Idle Maintenance
Data REG_SZ Idle
Triggers REG_BINARY 15000000000000000028C358FC7F000000000000000000000028C358FC7F0000FFFFFFFFFFFFFFFF0A2042424848484812EE0F02484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848EEEE0000000000000028C358FC7F000000000000000000000028C358FC7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000000000100000000000000000000000E000000
Actions REG_BINARY 0100777700000000DDCFBF57E4EEBB4DA7513CDEB169FF4408000000490064006C006500
DynamicInfo REG_BINARY 0300000003C41F4F469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{726C5B0D-D3E8-4487-8866-43922E0C641B}
Path REG_SZ \WPD\SqmUpload_S-1-5-21-2771644027-2860193389-1954980343-1004
Hash REG_BINARY 28F75C98FF97F46324F87FD2A14C408321BEA8AB8DAC80470A866B2242F3A658
Schema REG_DWORD 0x10003
Source REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-101)
Author REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-102)
Description REG_SZ $(@%systemroot%\system32\PortableDeviceApi.dll,-103)
URI REG_SZ \WPD\SqmUpload_S-1-5-21-2771644027-2860193389-1954980343-1004
Triggers REG_BINARY 1500000000000000010000000000000000A0C7F6FE0FCD010189E4BDFB7F000000C06BD91DE8D401D221C142484848489C51A5AF484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EC030000484848482A0000004848484848004F004D0045004F00460046004900430045005C0066006100740065006D005F0030003000300000004848484848482C00000048484848580200007043010084030000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000010000000000000000A0C7F6FE0FCD010189E4BDFB7F000000C06BD91DE8D401000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001900001000000100E000076000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065003000000070006F0072007400610062006C0065006400650076006900630065006100700069002E0064006C006C002C002300310000000000
DynamicInfo REG_BINARY 03000000E93689A63AA7CF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73B1B253-CE67-4501-AE1A-377DD1D68B65}
Path REG_SZ \Microsoft\Windows\Application Experience\StartupAppTask
Hash REG_BINARY 83DAB59C9B3B1C0BD546A07FCA3E1D7293B2E81B321B95EB88218C136590402C
Schema REG_DWORD 0x10004
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;LA)(A;OICI;FA;;;SY)(A;OICI;FRFX;;;AU)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\Startupscan.dll,-701)
Author REG_SZ $(@%SystemRoot%\system32\Startupscan.dll,-701)
Description REG_SZ $(@%SystemRoot%\system32\Startupscan.dll,-702)
URI REG_SZ \Microsoft\Windows\Application Experience\StartupAppTask
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000078854042484848481B34D193484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000030000000000000000000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065003400000053007400610072007400750070007300630061006E002E0064006C006C002C00530075007300520075006E005400610073006B0000000000
DynamicInfo REG_BINARY 0300000003C41F4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73D1388C-336E-40EC-B0B4-62CB862AF2BE}
Path REG_SZ \Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
Hash REG_BINARY F42851A4F4E1967FD8A6AB9D7F2A69877379928AB2DD48807C74AFC95D735990
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)
Author REG_SZ $(@%SystemRoot%\System32\sppnp.dll,-2000)
Description REG_SZ $(@%SystemRoot%\System32\sppnp.dll,-2001)
URI REG_SZ \Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000008214242484848482794CC27484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Actions REG_BINARY 0100666600000000420000002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0064007200760069006E00730074002E0065007800650002000000360000000000
DynamicInfo REG_BINARY 030000006426224F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7452D166-04C2-4DB1-A5FE-A607D2730CAD}
Path REG_SZ \CLMLSvc_P2G8
Hash REG_BINARY 95E43E4F0753B5A6602BD9CDAA53625A5E0FF4313D83B8D32871DC724B6708F5
Schema REG_DWORD 0x10002
SecurityDescriptor REG_SZ DA;OICI;FAGAKA;;;WD)
Author REG_SZ CyberLink
Triggers REG_BINARY 15000000000000000071EA539600000000000000000000000071EA5396000000FFFFFFFFFFFFFFFF48A1C0024848484872B8CE7B4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA0000000000000071EA539600000000000000000000000071EA5396000000FFFFFFFFFFFFFFFF3C000000FFFFFFFF000000000000000000000000007F0000010000000000000000000000020000000148484848484848
Actions REG_BINARY 01006666000000007600000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00430079006200650072004C0069006E006B005C0050006F00770065007200320047006F0038005C0043004C004D004C005300760063005F0050003200470038002E006500780065000000000000000000
DynamicInfo REG_BINARY 0300000045CC06B27D1DCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7455D819-E7EF-4B39-A9D4-CF3BC2CA7EDB}
Path REG_SZ \Microsoft\Windows\Ras\MobilityManager
Hash REG_BINARY 5121D6E9BF231AC07440B86B039E5C7774CF55A724434A3BCFA0EE87F11CC0CE
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)
Author REG_SZ $(@%SystemRoot%\system32\rasmbmgr.dll,-201)
Description REG_SZ $(@%SystemRoot%\system32\rasmbmgr.dll,-202)
URI REG_SZ Microsoft\Windows\Ras\MobilityManager
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF480542424848484829F336AD484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848480000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001616374000D000000000000000000005B010000000000003C00510075006500720079004C006900730074003E000A000A000A000A000A000A000A000A00200020002000200020002000200020002000200020002000200020003C00510075006500720079000A000A000A000A000A000A000A000A00200020002000200020002000200020002000200020002000200020002000200020002000490064003D002200300022000A000A000A000A000A000A000A000A0020002000200020002000200020002000200020002000200020002000200020002000200050006100740068003D0022004100700070006C00690063006100740069006F006E0022000A000A000A000A000A000A000A000A002000200020002000200020002000200020002000200020002000200020002000200020003E000A000A000A000A000A000A000A000A0020002000200020002000200020002000200020002000200020002000200020003C00530065006C00650063007400200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D00270052006100730043006C00690065006E00740027005D00200061006E006400200028004C006500760065006C003D00340020006F00720020004C006500760065006C003D0030002900200061006E006400200028004500760065006E007400490044003D003200300032003800310029005D005D003C002F00530065006C006500630074003E000A000A000A000A000A000A000A000A00200020002000200020002000200020002000200020002000200020003C002F00510075006500720079003E000A000A000A000A000A000A000A000A002000200020002000200020002000200020002000200020003C002F00510075006500720079004C006900730074003E000000000000000000000000000000000000000000000000000000
Actions REG_BINARY 0100777700000000FCA063C44F79DF4F920101938CEACAFA00000000
DynamicInfo REG_BINARY 030000006426224F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77F1D869-6E65-4079-A2A0-E2023408EF97}
Path REG_SZ \Microsoft\Windows\ApplicationData\CleanupTemporaryState
Hash REG_BINARY 6F0090F4D4DF277FF98ECF1EFCC485CF0B86C53432399366747BA86741A97A94
SecurityDescriptor REG_SZ DA;;FRFX;;;BA)(A;;FA;;;SY)
Source REG_SZ $(@%systemroot%\system32\Windows.Storage.ApplicationData.dll,-5001)
Author REG_SZ $(@%systemroot%\system32\Windows.Storage.ApplicationData.dll,-5002)
Description REG_SZ $(@%systemroot%\system32\Windows.Storage.ApplicationData.dll,-5003)
URI REG_SZ Microsoft\Windows\ApplicationData\CleanupTemporaryState
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000782142424848484806CF4EB9484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000006900630000000000000000000000000000000700000000000000000001000000000000000000000000000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E0065007800650072000000570069006E0064006F00770073002E00530074006F0072006100670065002E004100700070006C00690063006100740069006F006E0044006100740061002E0064006C006C002C0043006C00650061006E0075007000540065006D0070006F0072006100720079005300740061007400650000000000
DynamicInfo REG_BINARY 030000006466B8247D9ECE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A1CA63A-3611-4E61-AAFA-1B56F8746F3A}
Path REG_SZ \Microsoft\Windows\AppID\PolicyConverter
Hash REG_BINARY C645BB8F8D8C5DE3EA7A893D785BD95FC06FA4D7810745FE4E78E392009FFFB8
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)
Source REG_SZ $(@%systemroot%\system32\appidsvc.dll,-300)
Author REG_SZ $(@%systemroot%\system32\appidsvc.dll,-301)
Description REG_SZ $(@%systemroot%\system32\appidsvc.dll,-302)
URI REG_SZ Microsoft\Windows\AppID\PolicyConverter
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000048110242484848483498017A484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848480000000048484848
Actions REG_BINARY 0100666600000000540000002500770069006E0064006900720025005C00730079007300740065006D00330032005C006100700070006900640070006F006C0069006300790063006F006E007600650072007400650072002E006500780065000000000000000000
DynamicInfo REG_BINARY 030000009D88244F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C7C8E23-C7CC-409A-8252-C6348C532139}
Path REG_SZ \PCDEventLauncherTask
Hash REG_BINARY 490608F3A8EDEA2906DE457C2C76DD8558EF3ABF93AA1E8C050E570FDFEA1A4B
Schema REG_DWORD 0x10002
Date REG_SZ 2010-03-19T17:18:00
Author REG_SZ PC-Doctor, Inc.
Triggers REG_BINARY 15000000000000000028D496FC7F000000000000000000000028D496FC7F0000FFFFFFFFFFFFFFFF2884400348484848EDBBA1C14848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0400000000000000000000000000000000000000000000000000000048484848CCCC0000000000000028D496FC7F000000000000000000000028D496FC7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000FFFFFF0100530074006F00720061006700650087000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079003E003C00530065006C00650063007400200050006100740068003D0027004100700070006C00690063006100740069006F006E0027003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D002700500043002D0044006F00630074006F00720020004C00610075006E00630068006500720027005D00200061006E00640020004500760065006E007400490044003D0031005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000000000000000000000000000000000000000000000000000
Actions REG_BINARY 010066660000000070000000220043003A005C00500072006F006700720061006D002000460069006C00650073005C00440065006C006C005C0053007500700070006F00720074004100730073006900730074005C00730065007300730069006F006E0063006800650063006B00650072002E006500780065002200000000004600000043003A005C00500072006F006700720061006D002000460069006C00650073005C00440065006C006C005C0053007500700070006F0072007400410073007300690073007400
DynamicInfo REG_BINARY 0300000043490326E490D001000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DD666D5-AC93-428A-B051-BD4F13C8356D}
Path REG_SZ \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Hash REG_BINARY 40F4A1B4CBF346720B7A186AAE912FCEA1FBE0DD82F48F51FCB9AD1A76BF2525
Date REG_SZ 2005-11-08T17:18:32
SecurityDescriptor REG_SZ O:BAG:BAD(A;;FA;;;BA)(A;;FA;;;SY)
Source REG_SZ $(@%systemroot%\system32\msra.exe,-687)
Author REG_SZ $(@%systemroot%\system32\msra.exe,-686)
Description REG_SZ $(@%systemroot%\system32\msra.exe,-688)
URI REG_SZ Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF2811C2434848484866D894B3484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF0F000000FFFFFFFF0000000000000000000000000000000001000000000000000000000000000000A5000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00470072006F007500700050006F006C0069006300790027005D00200061006E00640020004500760065006E007400490044003D0031003500300032005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E0000004848484800000000000000000000000000000000000000000000000088880000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000003000000
Actions REG_BINARY 0100666648000000340039006200320034003700630064002D0032003400640034002D0034006100640061002D0061006400360039002D003200640039003700350061003000320062003700340038003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00520041005300650072007600650072002E006500780065001C0000002F006F00660066006500720072006100750070006400610074006500100000002500770069006E006400690072002500
DynamicInfo REG_BINARY 030000009D88244F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81A56CE6-601C-4260-9E89-C2ECE15AC668}
Path REG_SZ \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Hash REG_BINARY 9B3BBA700C0A30B446F9D3EB4361B141CD823E459F47D4EF77CACB8478F12BD9
Date REG_SZ 2010-09-30T14:53:37.9516706
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
URI REG_SZ Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Data REG_SZ /RuntimeWide
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000003821C24248484848DE72E37A484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF201C0000FFFFFFFF070000000000000000000000000000000000000000000000000000006E44696100000000000000000000000000000100000000000000000000000000020000000000000000000000
Actions REG_BINARY 010077770000000048C09B429E37E04580E4EB1977941B5C180000002F00520075006E00740069006D0065005700690064006500
DynamicInfo REG_BINARY 0300000005EB264F469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81ADE2CF-6A20-45DB-8231-3F41276E391D}
Path REG_SZ \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Hash REG_BINARY 95E1B5B1E6DFED23BD68985D14708EF1DDCFE880D6A08FB4727EE656432E00E5
Date REG_SZ 2010-09-30T14:53:37.9516706
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
URI REG_SZ Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Data REG_SZ /RuntimeWide
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000003821C24248484848A6149BE3484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF201C0000FFFFFFFF07000000000000000000000000000000000000000000000000000000FFFFFFFF00000000000000000000000000000100000000000000000000000000020000000000000000000000
Actions REG_BINARY 0100777700000000E1FAF0847BC26F4F807B28CF6F96287D180000002F00520075006E00740069006D0065005700690064006500
DynamicInfo REG_BINARY 0300000005EB264F469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83C9C36D-1B68-48A3-BB87-76C55E1A6CE6}
Path REG_SZ \SystemToolsDailyTest
Hash REG_BINARY 00B72F82A14FF1A98577BA082AEAE42A31CEA541179C5E07C2D026D5E99A9568
Schema REG_DWORD 0x10002
Author REG_SZ PC-Doctor
Triggers REG_BINARY 1500000000000000010000000000000000E8F2FB616DD00100FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF502141434848484801C3708A484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674E903000048484848240000004848484848004F004D0045004F00460046004900430045005C005300610062006900720061000000484848482C0000004848484800000000F0FF0F0080F40300FFFFFFFF0500000000000000000000000000000000000000000000000000000048484848DDDD000000000000010000000000000000E8F2FB616DD00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001E6F30100000000000000F97F0000
Actions REG_BINARY 01006666000000002200000022007500610063006C00610075006E0063006800650072002E006500780065002200A20000002D00730069006C0065006E00740065006E0075006D00650072006100740069006F006E0020002D00730074002000530079007300740065006D0054006F006F006C0073004400610069006C007900540065007300740020002D002D00690067006E006F00720065007300650063006F006E006400610072007900730070006C0061007300680020002D002D00720075006E00730069006C0065006E0074006C0079004600000043003A005C00500072006F006700720061006D002000460069006C00650073005C00440065006C006C005C0053007500700070006F0072007400410073007300690073007400
DynamicInfo REG_BINARY 030000007A2A50C6646CD001000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84400372-B6DB-4852-B387-6CE186EAE25B}
Path REG_SZ \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
Hash REG_BINARY 50EFA5AB2699FD9D2180C6D18ECE781AC15204B753A1307F8DEC6F7DA76A447F
Version REG_SZ 1.3
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
Source REG_SZ $(@%SystemRoot%\system32\MbaeParserTask.exe,-1901)
Author REG_SZ $(@%SystemRoot%\system32\MbaeParserTask.exe,-1902)
Description REG_SZ $(@%SystemRoot%\system32\MbaeParserTask.exe,-1903)
URI REG_SZ \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF0011424248484848F59821A9484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFFB4000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000000000004A010000000000003C00510075006500720079004C006900730074003E000A002000200020002000200020002000200020002000200020003C00510075006500720079002000490064003D002700310027003E000A002000200020002000200020002000200020002000200020003C00530065006C00650063007400200050006100740068003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00440065007600690063006500530065007400750070004D0061006E0061006700650072002F004F007000650072006100740069006F006E0061006C0027003E002A005B00530079007300740065006D002F004500760065006E007400490044003D003300300032005D00200061006E00640020002A005B004500760065006E00740044006100740061002F0044006100740061005B0040004E0061006D0065003D002700500072006F0070005F00530065007200760069006300650049006E0066006F004E0061006D0065007300700061006300650027005D003D00270068007400740070003A002F002F0073006300680065006D00610073002E006D006900630072006F0073006F00660074002E0063006F006D002F00770069006E0064006F00770073002F0032003000310030002F00310032002F004400650076006900630065004D0065007400610064006100740061002F004D006F00620069006C006500420072006F0061006400420061006E00640049006E0066006F0027005D003C002F00530065006C006500630074003E000A002000200020002000200020002000200020002000200020003C002F00510075006500720079003E000A002000200020002000200020002000200020002000200020003C002F00510075006500720079004C006900730074003E0000004848000000000000000000000000000000000000000000000000
Actions REG_BINARY 0100666600000000500000002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C004D006200610065005000610072007300650072005400610073006B002E006500780065000000000000000000
DynamicInfo REG_BINARY 030000004D4D294F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84FD51C6-5122-465D-A52B-E651D692834A}
Path REG_SZ \Microsoft\Windows\WindowsUpdate\AUScheduledInstall
 Hash REG_BINARY 7E9EDFEA006754A7F34B50FC90C538F8257355EA88E9E849087B3E0B492A4821
Schema REG_DWORD 0x10004
Source REG_SZ Microsoft Corporation.
Author REG_SZ Microsoft Corporation.
Description REG_SZ Initiates scheduled install of updates on the machine.
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000004823024248484848D7E551A3484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848
Actions REG_BINARY 010077770000000034E2B4F3687A434EB813E4BA55A065F600000000
DynamicInfo REG_BINARY 0300000009E74E31018DCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{864D3E13-5C03-4906-B33A-C7B8EA3DFB22}
Path REG_SZ \CCleanerSkipUAC
Hash REG_BINARY D7C58F64BB7855A4A22987B7AB491DDC7DC34E1431A56CE4399FB5F09AAAB902
Author REG_SZ Piriform Ltd
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000000805414348484848DA96C269484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674E903000048484848240000004848484848004F004D0045004F00460046004900430045005C005300610062006900720061000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848
Actions REG_BINARY 010066660000000050000000220043003A005C00500072006F006700720061006D002000460069006C00650073005C00430043006C00650061006E00650072005C00430043006C00650061006E00650072002E0065007800650022000E000000240028004100720067003000290000000000
DynamicInfo REG_BINARY 030000009788A71A4EEECF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86C209A4-74BB-48FE-B626-53EE71A07511}
Path REG_SZ \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Hash REG_BINARY 13B772C20839C4DFDDC088595EFE717BB8CE63BC56BB1D400417D6D275504AAA
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
Source REG_SZ $(@%systemRoot%\system32\energytask.dll,-601)
Author REG_SZ $(@%systemRoot%\system32\energytask.dll,-600)
Description REG_SZ $(@%systemRoot%\system32\energytask.dll,-602)
URI REG_SZ \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000048214242484848483271F5EE484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF2C010000FFFFFFFF070000000000000000000000000000000000000000000000000000006100610000000000000000000000000000000E000000000000000000000000001C0000000000000001000000
Actions REG_BINARY 0100777700000000AFA27E92541CD543825E0074CE028EEE00000000
DynamicInfo REG_BINARY 03000000A86F4726C699CE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}
Path REG_SZ \Microsoft\Windows\SkyDrive\Routine Maintenance Task
Hash REG_BINARY 5CE057A48D35013A55960BB2F2368C484212A0BC668DF73120EC412D7E18566C
SecurityDescriptor REG_SZ D(A;;FRFX;;;AU)(A;;FA;;;SY)(A;;FA;;;BA)
Author REG_SZ $(@%SystemRoot%\System32\SyncEngine.dll,-20447)
Description REG_SZ $(@%SystemRoot%\System32\SyncEngine.dll,-20448)
URI REG_SZ \Microsoft\Windows\SkyDrive\Routine Maintenance Task
Data REG_SZ RoutineMaintenance
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000B8854042484848484403506C484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000020000000000000000000000
Actions REG_BINARY 01007777000000002E471F1B2132264897DB2C2324D389AE2400000052006F007500740069006E0065004D00610069006E00740065006E0061006E0063006500
DynamicInfo REG_BINARY 03000000A8AF2B4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88CE2172-60B3-46FB-83FA-FF41186CA970}
Path REG_SZ \Microsoft\Windows\RemovalTools\MRT_HB
Hash REG_BINARY 107995FA59262D2D7D256F83F1CB990DFAE40715247028ACEDF51755F752F425
Schema REG_DWORD 0x10004
Author REG_SZ Microsoft
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000088214243484848489D9BCEA4484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484858020000100E000008070000FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000070000000000000000000000
Actions REG_BINARY 01006666000000003600000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C004D00520054002E006500780065000E0000002F0045004800420020002F0051002600000043003A005C00570069006E0064006F00770073005C00730079007300740065006D0033003200
DynamicInfo REG_BINARY 0300000001F0A934F394D001000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B6F734B-452C-40E4-88DC-346EB19A28F0}
Path REG_SZ \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Hash REG_BINARY 78C5B945277EA516661972ADD8AE61493AE5F648FACDF20D3A86EA62321815AD
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-87-2912274048-3994893941-1669128114-1310430903-1263774323)
Source REG_SZ $(@%systemroot%\system32\sppc.dll,-200)
Author REG_SZ $(@%systemroot%\system32\sppc.dll,-200)
Description REG_SZ $(@%systemroot%\system32\sppc.dll,-201)
URI REG_SZ \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Data REG_SZ timer
Triggers REG_BINARY 150000000000000000D370802500000080CC7E84A69E400200FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4821C202484848486F55C433484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005140000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C000000030000000000000000000000000000000000000048484848DDDD00000000000000D370802500000080CC7E84A69E400200000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF010000000100000000000000000126700100000000000000F87F0000
Actions REG_BINARY 01007777000000005DBBAEB1D9EA7644B3759C3ED9F32AFC0A000000740069006D0065007200
DynamicInfo REG_BINARY 030000000B122E4F469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CC813C9-712A-41EF-9512-B233444FC669}
Path REG_SZ \Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
Hash REG_BINARY E3E1F333E7019B18DF0D9E01EE9914CDAC48E4E32F71CBE982D47DBDAC37EAD0
SecurityDescriptor REG_SZ DA;;GA;;;SY)(A;;FRFX;;;LS)(A;;FA;;;BA)
URI REG_SZ \Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
Triggers REG_BINARY 150000000000000000602A1F89000000000000000000000000602A1F89000000FFFFFFFFFFFFFFFF32218202484848483E9B96F0484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484884030000FFFFFFFF00000000FFFFFFFF070000000000000000000000000000000000000000000000000000004700320000000000000000000000000000000100000000000000000000000000070000000000000000000000AAAA00000000000000602A1F89000000000000000000000000602A1F89000000FFFFFFFFFFFFFFFF100E0000FFFFFFFF00000000000000000000000000000000010000000000000000000000070000000148484848484848
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065008A0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C0041007000700078004400650070006C006F0079006D0065006E00740043006C00690065006E0074002E0064006C006C002C0041007000700078005000720065005300740061006700650043006C00650061006E0075007000520075006E005400610073006B0000000000
DynamicInfo REG_BINARY 03000000A97B954E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F548334-8040-4EFC-8615-19E274CD5AD8}
Path REG_SZ \User_Feed_Synchronization-{F980EAA8-9494-45DA-B4A9-C874331F6590}
Hash REG_BINARY 578AC34C53AA074137A695E50924210EA275B4C4FEA562C38B92DB241A8DF3F2
Schema REG_DWORD 0x10003
Author REG_SZ HOMEOFFICE\yamee_000
Description REG_SZ Updates out-of-date system feeds.
Triggers REG_BINARY 1500000000000000004B4E9A6B000000001864C9AD30D001008965EAFD7F000000D864003867DB01C821C14248484848E6595116484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EE030000484848482A0000004848484848004F004D0045004F00460046004900430045005C00790061006D00650065005F0030003000300000004848484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000004B4E9A6B000000001864C9AD30D001008965EAFD7F000000D864003867DB01000000000000000000000000000000000000000000000000FFFFFFFF010000000100000000000000000119AA01000000000000006B000000
Actions REG_BINARY 01006666000000004600000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D00730066006500650064007300730079006E0063002E0065007800650008000000730079006E00630000000000
DynamicInfo REG_BINARY 030000003603D61E83BCCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92908369-CCF2-493A-85AB-05A9F8E620B0}
Path REG_SZ \Microsoft\Windows\SettingSync\BackgroundUploadTask
Hash REG_BINARY 364F21DF0EFB96EB6E0342D7C980518B6A1A3D40EC97FAE2E5FA6B85600F3C06
SecurityDescriptor REG_SZ D(A;;FRFX;;;AU)(A;;FA;;;SY)
URI REG_SZ \Microsoft\Windows\SettingSync\BackgroundUploadTask
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000004A85C04248484848F48CC9D3484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848580000004848484800000000302A000080F40300FFFFFFFF070000000000000000000000000000000000000000000000000000006E44696100000000000000000000000000000100000000000000000000000000020000000000000000000000
Actions REG_BINARY 01007777000000000B64B959703F1C4DB159F26EEB8A4C8700000000
DynamicInfo REG_BINARY 030000000B122E4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93710550-E8E4-4846-9858-D1E824535216}
Path REG_SZ \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1005
Hash REG_BINARY F65388E2BABCA898760F4F3A73C758005BF995C6A45936D9F8E41E6CFF047B1A
Source REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8000)
Author REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8001)
Description REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8002)
Data REG_SZ $(Arg0)
Triggers REG_BINARY 150000000000000000CAB75396000000000000000000000000CAB75396000000FFFFFFFFFFFFFFFF022101024848484860A6FE3C484848480048484848484848004848484848484808000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674ED030000484848482A0000004848484848004F004D0045004F00460046004900430045005C007300680061006D0069005F0030003000300000004848484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848EEEE00000000000000CAB75396000000000000000000000000CAB75396000000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001002E0064006C006C002C002D003200
Actions REG_BINARY 01007777000000001B8A3F2DCD6DD54EBDBAA096594B98EF0E0000002400280041007200670030002900
DynamicInfo REG_BINARY 03000000FB4040309BDCCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94E12419-82B1-4D1E-9DEF-5A2959B6C0B0}
Path REG_SZ \Microsoft\Windows\WindowsColorSystem\Calibration Loader
Hash REG_BINARY 6091BD2373CE1D9871ED56F0AA24B75D9C54032BD5E19FFBEA1F756B0379B4E8
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)
Source REG_SZ $(@%SystemRoot%\system32\mscms.dll,-200)
Author REG_SZ $(@%SystemRoot%\system32\mscms.dll,-201)
Description REG_SZ $(@%SystemRoot%\system32\mscms.dll,-202)
URI REG_SZ \Microsoft\Windows\WindowsColorSystem\Calibration Loader
Triggers REG_BINARY 150000000000000000600DC5CC000000000000000000000000600DC5CC000000FFFFFFFFFFFFFFFF0891000248484848FAB7AB6D4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA00000000000000600DC5CC000000000000000000000000600DC5CC000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000007F0000010064006C006C002C002D00330030000148484848484848777700000000000000600DC5CC000000000000000000000000600DC5CC000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000007F00000100000000000000000000000000000001000000000000000148484848484848
Actions REG_BINARY 010077770000000094D610B2DFC80D4995769E20CDBC20BD00000000
DynamicInfo REG_BINARY 03000000A97B954E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96B095BB-12CF-465E-9072-863BA0F5696E}
Path REG_SZ \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Hash REG_BINARY C336FB527AF3CB84CCF54A0867CA580105B57960A85BB1318DE842A789B264AC
SecurityDescriptor REG_SZ D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
Source REG_SZ $(@%systemroot%\system32\discan.dll,-601)
Author REG_SZ $(@%systemroot%\system32\discan.dll,-600)
Description REG_SZ $(@%systemroot%\system32\discan.dll,-603)
URI REG_SZ \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Data REG_SZ -CrashRecovery
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF7021C24348484848A6A8955B484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000000000000000000000000000000000000000000000000000004848484866660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF2C010000FFFFFFFF00000000000000000000000000000000010065006E00730069006F006E002D007508BCA32907950A0000000000000000
Actions REG_BINARY 0100777700000000A83EFDDC60D919478206490AE315F94F1C0000002D00430072006100730068005200650063006F007600650072007900
DynamicInfo REG_BINARY 030000000B122E4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AE37D28-4D53-45A9-970D-A57242F1A84F}
Path REG_SZ \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Hash REG_BINARY B913DDA1B4BA0943469E2B63141D0BFDDD0297315163F83FE34D4D211134011D
Date REG_SZ 2010-09-30T14:53:37.9516706
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
URI REG_SZ Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Data REG_SZ /RuntimeWide
Triggers REG_BINARY 15000000000000000028D496FC7F000000000000000000000028D496FC7F0000FFFFFFFFFFFFFFFF0823824248484848E438D658484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF201C0000FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000020000000000000000000000EEEE0000000000000028D496FC7F000000000000000000000028D496FC7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000000000000
Actions REG_BINARY 010077770000000038BA3F61DFA3B84A96745604984A299A180000002F00520075006E00740069006D0065005700690064006500
DynamicInfo REG_BINARY 030000007D74304F469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B3A5D95-1AE4-45DE-9991-05BD06F89D25}
Path REG_SZ \Microsoft\Windows\WDI\ResolutionHost
Hash REG_BINARY 7678F283CD528277951D5955D00319DC3E404F5D6AD8E0806B80DC781E7181CA
Version REG_SZ 1.0
SecurityDescriptor REG_SZ O:BAG:BAD(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)
Source REG_SZ $(@%systemroot%\system32\dps.dll,-601)
Author REG_SZ $(@%systemroot%\system32\dps.dll,-600)
Description REG_SZ $(@%systemroot%\system32\dps.dll,-602)
URI REG_SZ Microsoft\Windows\WDI\ResolutionHost
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000000885C043484848489D84F470484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0A00000000000000000000000000000000000000000000000000000048484848
Actions REG_BINARY 01007777000000009DE30B90E86B1A46BC4DB0FA71F5ECB100000000
DynamicInfo REG_BINARY 03000000B9DE324F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C8E21C9-6AB1-4D66-8DF5-73AF5359B24E}
Path REG_SZ \Microsoft\Windows\WS\Sync Licenses
Hash REG_BINARY 3281B9F2986AF791D512A87B0B2A76CE4DEB5A04CAA0F37457D4D1F6BB75D6A0
Date REG_SZ 2012-01-06T12:24:14.5690357
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;BU)
Source REG_SZ $(@%SystemRoot%\WinStore\WinStoreUI.dll,-601)
Author REG_SZ $(@%SystemRoot%\WinStore\WinStoreUI.dll,-600)
Description REG_SZ $(@%SystemRoot%\WinStore\WinStoreUI.dll,-603)
URI REG_SZ \Microsoft\Windows\WS\Sync Licenses
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000008A1404248484848B112557B4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848
Actions REG_BINARY 0100777700000000BE91F510843C8A4186DDBAA002E2F36E00000000
DynamicInfo REG_BINARY 03000000B9DE324F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FF4C139-5234-410C-B7FA-23EE2FD2AB53}
Path REG_SZ \Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Hash REG_BINARY 02AFE856812FD06BE76C63FDB59ED0EFD56F7548495D1F8B57249D14F0F8357D
Version REG_SZ 1.0
Source REG_SZ $(@%systemroot%\system32\WorkFoldersShell.dll,-18004)
Author REG_SZ $(@%systemroot%\system32\WorkFoldersShell.dll,-18005)
Description REG_SZ $(@%systemroot%\system32\WorkFoldersShell.dll,-18006)
URI REG_SZ Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF78A14042484848480271FCE6484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848580000004848484800000000FFFFFFFF80510100FFFFFFFF050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000020000000000000000000000AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF08070000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
Actions REG_BINARY 0100777700000000CE0B2663FBA3344AAA51D4D8E877B62B00000000
DynamicInfo REG_BINARY 030000005467A14E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A216000C-66D3-4E66-8A6E-D98AB5762D3C}
Path REG_SZ \Microsoft\Windows\Bluetooth\UninstallDeviceTask
Hash REG_BINARY 860636D31037A3F3CBF1A50A0C13C93CACB49012F7DE6A5D5FA7A50BC935F67E
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
Author REG_SZ $(@%SystemRoot%\system32\BthUdTask.exe,-1002)
Description REG_SZ $(@%SystemRoot%\system32\BthUdTask.exe,-1001)
URI REG_SZ Microsoft\Windows\Bluetooth\UninstallDeviceTask
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000008054242484848480E4C613E484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Actions REG_BINARY 01006666000000001A000000420074006800550064005400610073006B002E006500780065000E000000240028004100720067003000290000000000
DynamicInfo REG_BINARY 03000000B9DE324F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2CC4267-A8F3-494C-9A1F-0B7BA7D4538F}
Path REG_SZ \User_Feed_Synchronization-{2721A28C-B303-4BB3-8F48-1A3927178477}
Hash REG_BINARY 212372B46008843E31C5A6BF453EB541C1789F52EC3F10F5264080FAE6AF23E2
Schema REG_DWORD 0x10003
Author REG_SZ HOMEOFFICE\Sabira
Description REG_SZ Updates out-of-date system feeds.
Triggers REG_BINARY 150000000000000000D377812500000000FFB6CE8695D001000000000000000000BFB70511CCDB01C821C142484848489010770D484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674E903000048484848240000004848484848004F004D0045004F00460046004900430045005C005300610062006900720061000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000000D377812500000000FFB6CE8695D001000000000000000000BFB70511CCDB01000000000000000000000000000000000000000000000000FFFFFFFF010000000100000000000000000126700100000000000000F87F0000
Actions REG_BINARY 01006666000000004600000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D00730066006500650064007300730079006E0063002E0065007800650008000000730079006E00630000000000
DynamicInfo REG_BINARY 0300000047C1B8E4F78BCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A44A1624-C719-4A46-8833-AA65471469C9}
Path REG_SZ \Microsoft\Windows\SystemRestore\SR
Hash REG_BINARY F245F1BB07FBB50D1305AA7BA5E8B1939C138102693CF0F194328B10365BBC03
SecurityDescriptor REG_SZ DA;;GA;;;SY)(A;;GA;;;BA)(A;;FRFX;;;LS)
Source REG_SZ $(@%systemroot%\system32\srrstr.dll,-320)
Author REG_SZ $(@%systemroot%\system32\srrstr.dll,-321)
Description REG_SZ $(@%systemroot%\system32\srrstr.dll,-322)
URI REG_SZ Microsoft\Windows\SystemRestore\SR
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000005A21424248484848EA184A1F484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000030000000100000001000000
Actions REG_BINARY 01006666000000003A0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00730072007400610073006B0073002E006500780065003600000045007800650063007500740065005300630068006500640075006C00650064005300500050004300720065006100740069006F006E0000000000
DynamicInfo REG_BINARY 030000006A9B374F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5480E25-AF71-4B88-A76E-C9C3BA1588EE}
Path REG_SZ \Microsoft\Windows\FileHistory\File History (maintenance mode)
Hash REG_BINARY 651399B7EBDB26BEB35246D56625E7787AD8F77CF37D82C06200123078FB45BE
Version REG_SZ 1.0
Date REG_SZ 2010-08-12T00:00:00
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;FRFX;;;LS)(A;OICI;FRFX;;;AU)
Source REG_SZ $(@%systemRoot%\system32\fhtask.dll,-200)
Author REG_SZ $(@%systemRoot%\system32\fhtask.dll,-201)
Description REG_SZ $(@%systemRoot%\system32\fhtask.dll,-202)
URI REG_SZ \Microsoft\Windows\FileHistory\File History (maintenance mode)
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000030214242484848480706F472484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848580000004848484800000000FFFFFFFF00000000FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000070000000000000000000000
Actions REG_BINARY 01007777000000007C7B9189A6A1DF118BF618A90531A85A00000000
DynamicInfo REG_BINARY 030000006ADBCD247D9ECE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A693A6E9-FB8C-46CA-932B-88DC7684BE1C}
Path REG_SZ \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
Hash REG_BINARY CD3589987E9B5E1E6B4EEC849A5ADBBEECEA05CB35BB86B07AC66C4029EB0D6D
Author REG_SZ $(@%SystemRoot%\system32\bfe.dll,-2001)
Description REG_SZ $(@%SystemRoot%\system32\bfe.dll,-2002)
URI REG_SZ \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF0810C20248484848170F4F6E484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001010000000000052000000000000000D3000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A002F00530079007300740065006D002F00500072006F00760069006400650072005B0040004E0061006D0065003D0027005300650072007600690063006500200043006F006E00740072006F006C0020004D0061006E00610067006500720027005D00200061006E00640020002A002F00530079007300740065006D002F004500760065006E007400490044003D00270037003000340030002700200061006E00640020002A002F004500760065006E00740044006100740061002F0044006100740061005B0040004E0061006D0065003D00270070006100720061006D00340027005D003D00270042004600450027003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000000000000000000000000000000000000000000000000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E00650078006500460000006200660065002E0064006C006C002C004200660065004F006E0053006500720076006900630065005300740061007200740054007900700065004300680061006E006700650000000000
DynamicInfo REG_BINARY 030000006A9B374F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A98AD887-1E81-47AF-B3DF-F06329AB67E5}
Path REG_SZ \Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Hash REG_BINARY E1683156E771614364E6A7482ADBC3EF9A45DC2920798394FBDCFF894FFF41E9
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BA)
Source REG_SZ $(@%systemroot%\system32\srchadmin.dll,-1901)
Author REG_SZ $(@%systemroot%\system32\srchadmin.dll,-1901)
Description REG_SZ $(@%systemroot%\system32\srchadmin.dll,-1902)
URI REG_SZ \Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000003821424248484848A4E33A5C484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000020000000000000000000000
Actions REG_BINARY 0100777700000000A660BA3FF57B6848A2CA6623B3DFFEA600000000
DynamicInfo REG_BINARY 03000000CEFD394F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAA89DAF-1B4F-447D-AF21-7F0559AC9962}
Path REG_SZ \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
Hash REG_BINARY 72A5683A40FAA291AA33CC4DD71A02E9E691D7C5A7BA213B817C759F7D4E24BE
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
Author REG_SZ $(@%ProgramFiles%\Windows Media Player\wmpnscfg.exe,-1001)
Description REG_SZ $(@%ProgramFiles%\Windows Media Player\wmpnscfg.exe,-1002)
URI REG_SZ Microsoft\Windows\Windows Media Sharing\UpdateLibrary
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF4885404248484848EC26CB6D484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000050B0000004848484800000000484848480000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000FFFFFFFF1E010000000000003C00510075006500720079004C006900730074003E000A00200020002000200020002000200020002000200020002000200020003C00510075006500720079000A00200020002000200020002000200020002000200020002000200020002000200020002000490064003D002200300022000A0020002000200020002000200020002000200020002000200020002000200020002000200050006100740068003D002200530079007300740065006D0022000A002000200020002000200020002000200020002000200020002000200020002000200020003E000A0020002000200020002000200020002000200020002000200020002000200020003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D0057004D0050004E00530053002D00530065007200760069006300650027005D00200061006E006400200028004500760065006E007400490044003D003100340032003100300029005D005D003C002F00530065006C006500630074003E000A00200020002000200020002000200020002000200020002000200020003C002F00510075006500720079003E000A002000200020002000200020002000200020002000200020003C002F00510075006500720079004C006900730074003E0000004848000000000000000000000000000000000000000000000000
Actions REG_BINARY 01006666000000006400000022002500500072006F006700720061006D00460069006C006500730025005C00570069006E0064006F007700730020004D006500640069006100200050006C0061007900650072005C0077006D0070006E0073006300660067002E0065007800650022000000000000000000
DynamicInfo REG_BINARY 03000000CEFD394F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB20BE9-C5D4-490A-A51E-2B7706FD7135}
Path REG_SZ \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
Hash REG_BINARY D52A65E1D12ACD2F6FC16C8F7CF4BDA570D9696411695381B8F4B8264DC6DD2E
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\aepdu.dll,-701)
Author REG_SZ $(@%SystemRoot%\system32\aepdu.dll,-701)
Description REG_SZ $(@%SystemRoot%\system32\aepdu.dll,-702)
URI REG_SZ \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
Triggers REG_BINARY 15000000000000000100D38BF87F000000C041ADC50BC9010000D38BF87F0000FFFFFFFFFFFFFFFFC8214242484848487182FABD484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF08070000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD0000000000000100D38BF87F000000C041ADC50BC90100000000000000000000000000000000000000000000000000000000000000008051010000000000FFFFFFFF0000000000000000000000000001000001000000201C000000000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E0065007800650044000000610065007000640075002E0064006C006C002C0041006500500064007500520075006E0055007000640061007400650020002D006E006F006C0065006700610063007900000000006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065004A0000006100700070007200610069007300650072002E0064006C006C002C0044006F005300630068006500640075006C0065006400540065006C0065006D006500740072007900520075006E0000000000
DynamicInfo REG_BINARY 03000000C694E0AE6F49D001000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B50BAEC5-0584-4982-9D57-D1533C04FEA1}
Path REG_SZ \Microsoft\Windows\WOF\WIM-Hash-Management
Hash REG_BINARY FEF56419FAA7F077BEB76D9EBF8EE6ADE2AF43EB568AECB984BA1D98BFBE34ED
SecurityDescriptor REG_SZ O:BAG:BAD(A;;FA;;;BA)(A;;FA;;;SY)
Source REG_SZ $(@%SystemRoot%\system32\WofTasks.dll,-601)
Author REG_SZ $(@%SystemRoot%\system32\WofTasks.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\WofTasks.dll,-602)
URI REG_SZ Microsoft\Windows\WOF\WIM-Hash-Management
Data REG_SZ WimHashManagement
Triggers REG_BINARY 150000000000000000712A1F89000000000000000000000000712A1F89000000FFFFFFFFFFFFFFFF38114242484848481F0AAF87484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848666600000000000000712A1F89000000000000000000000000712A1F89000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000000000007518BCA32B188341010000000000000001666600000000000000712A1F89000000000000000000000000712A1F89000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000000000007528BCA32B188341010000000000000003
Actions REG_BINARY 01007777000000005AFBBFB7A8EF8C4DBBDEC8D5FAAF54A122000000570069006D0048006100730068004D0061006E006100670065006D0065006E007400
DynamicInfo REG_BINARY 030000004FFE242C378CCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6FEB39C-BEB1-406D-986B-D9FAE6D3ECD4}
Path REG_SZ \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1003
Hash REG_BINARY AF3B56B8B97182B66E8A7200B73CBCB97C46AA41BABF6A021E2818E28540A04A
Source REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8000)
Author REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8001)
Description REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8002)
Data REG_SZ $(Arg0)
Triggers REG_BINARY 150000000000000000E0915076000000000000000000000000E0915076000000FFFFFFFFFFFFFFFF02210102484848482E83776A484848480048484848484848004848484848484808000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EB030000484848482A0000004848484848004F004D0045004F00460046004900430045005C00590061006D00650065005F0030003000300000004848484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848EEEE00000000000000E0915076000000000000000000000000E0915076000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000007F000001002E0064006C006C002C002D003600
Actions REG_BINARY 01007777000000001B8A3F2DCD6DD54EBDBAA096594B98EF0E0000002400280041007200670030002900
DynamicInfo REG_BINARY 03000000172AE793629BCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}
Path REG_SZ \Microsoft\Windows\TaskScheduler\Regular Maintenance
Hash REG_BINARY 47979E163A878557E9E263688E4ACB155F20E964032617D7CAE6E395D3C6229D
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;AU)
Source REG_SZ $(@%SystemRoot%\System32\msched.dll,-601)
Author REG_SZ $(@%SystemRoot%\System32\msched.dll,-600)
Description REG_SZ $(@%SystemRoot%\System32\msched.dll,-602)
URI REG_SZ \Microsoft\Windows\TaskScheduler\Regular Maintenance
Data REG_SZ Regular
Triggers REG_BINARY 150000000000000001D131802500000000D0F61F868ACA0100FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4E20424248484848A53023D0484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C000000484848480000000050270100100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001D131802500000000D0F61F868ACA0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF010000000100000000000000000126700100000040380000F87F0000
Actions REG_BINARY 0100777700000000DDCFBF57E4EEBB4DA7513CDEB169FF440E00000052006500670075006C0061007200
DynamicInfo REG_BINARY 030000003687434F469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1}
Path REG_SZ \Microsoft\Windows\UPnP\UPnPHostConfig
Hash REG_BINARY 1E5A9772C14832F201EF276A1D6E2CB9300C7337FAD56385E42E5B534A307EF9
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
Author REG_SZ $(@%systemroot%\system32\upnphost.dll,-215)
Description REG_SZ $(@%systemroot%\system32\upnphost.dll,-216)
URI REG_SZ Microsoft\Windows\UPnP\UPnPHostConfig
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000000821424248484848E455B9DE484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Actions REG_BINARY 01006666000000000C000000730063002E006500780065003600000063006F006E006600690067002000750070006E00700068006F00730074002000730074006100720074003D0020006100750074006F0000000000
DynamicInfo REG_BINARY 030000003687434F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB68DDBF-92C8-40D8-B44B-66D59A260BFE}
Path REG_SZ \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Hash REG_BINARY 7C90BE8C4E068C3354BE8729C025D9F6D559F10FD57CCCD0065B51D0BCADC08E
Schema REG_DWORD 0x10002
Version REG_SZ 1.0
Source REG_SZ Windows Live Essentials
Author REG_SZ Microsoft Corporation
Description REG_SZ Updates the definition file for the Windows Live Social Object Extractor Engine
Triggers REG_BINARY 15000000000000000074F4539600000000000000000000000000000000000000FFFFFFFFFFFFFFFFF8A14042484848480E0907C6484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF07000000100E0000010000000000000000000000000000000000000048484848DDDD000000000000010000000000000000638F4726C9CA0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000007000000000000000001415301000000803A090096000000AAAA0000000000000074F4539600000000000000000000000074F45396000000FFFFFFFFFFFFFFFF84030000FFFFFFFF000000000000000000000000007F0000010065007800650000000000070000000148484848484848
Actions REG_BINARY 01007777000000004C1519357E22F3479CC912C3F05817F100000000
DynamicInfo REG_BINARY 03000000595785257E1DCF01000000000000000000000000000000000000000000000000


----------



## Compash (Jan 9, 2006)

CAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC537794-54F5-4702-8CEB-06F584ECD24A}
Path REG_SZ \Microsoft\Windows\SpacePort\SpaceAgentTask
Hash REG_BINARY 10887C521371EE48F15AD13FE2BB5DFFA94A5BEC8653EC0CE9361D6990B3F43B
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)
Source REG_SZ $(@%SystemRoot%\system32\SpaceAgent.exe,-1)
Author REG_SZ $(@%SystemRoot%\system32\SpaceAgent.exe,-2)
Description REG_SZ $(@%SystemRoot%\system32\SpaceAgent.exe,-3)
URI REG_SZ \Microsoft\Windows\SpacePort\SpaceAgentTask
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF08214243484848484AC2C454484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF60540000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848FFFF0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF78000000FFFFFFFF000000000000000000000000000000000000000000000000000000000300000066660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001007400720075006D0065006E0074007508BCA33E1E87020000000000000000
Actions REG_BINARY 0100666600000000400000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00530070006100630065004100670065006E0074002E006500780065000000000000000000
DynamicInfo REG_BINARY 030000004BB8714E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD50F9D1-96F6-4CFA-A79F-701151C176D3}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
Hash REG_BINARY 31880432649E93091DFB7098AC0A3EB0456F22E613669BD414681042E67F8586
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)
Source REG_SZ $(@%SystemRoot%\system32\dimsjob.dll,-100)
Author REG_SZ $(@%SystemRoot%\system32\dimsjob.dll,-101)
Description REG_SZ $(@%SystemRoot%\system32\dimsjob.dll,-102)
URI REG_SZ \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
Data REG_SZ KEYROAMING
Triggers REG_BINARY 150000000000000000A3A8CB8D000000000000000000000000A3A8CB8D000000FFFFFFFFFFFFFFFFB885004248484848E1E6A835484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C000000050000000000000000000000000000000000000048484848777700000000000000A3A8CB8D000000000000000000000000A3A8CB8D000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000007F000001FFFFFF00000000000000000000000007000000B50000000148484848484848777700000000000000A3A8CB8D000000000000000000000000A3A8CB8D000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000007F000001006E005C004E006F00740069006600080000006E0073000148484848484848
Actions REG_BINARY 0100777700000000B976FB5885AC554EAC04427593B1D060140000004B004500590052004F0041004D0049004E004700
DynamicInfo REG_BINARY 03000000CBE9454F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C07B05E6-76A7-4F41-9A52-FB55F4EB8520}
Path REG_SZ \Microsoft\Windows\DiskFootprint\Diagnostics
Hash REG_BINARY 28BFBD963E5037BEA815ED67AB4B89F68DBF3328E60E8911FC9D47505D0B0E88
Schema REG_DWORD 0x10004
URI REG_SZ \Microsoft\Windows\DiskFootprint\Diagnostics
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000382142434848484803B6C857484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000033003200000000000000000000000000000007000000000000000000000000000E0000000000000000000000
Actions REG_BINARY 010077770000000034686B5BF034B949AD4E81D4994C7A7400000000
DynamicInfo REG_BINARY 03000000E5D05B2D8087CF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1871B11-4A68-44D9-98B3-EE63B16D29E1}
Path REG_SZ \Microsoft\Windows\Task Manager\Interactive
Hash REG_BINARY 89DE49D146B9DA8A3F686F98CC965767AFCD9716B08A2FC65105DC7B0DDDC519
Version REG_SZ 1.0
SecurityDescriptor REG_SZ O:BAG:BAD(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)
Source REG_SZ $(@%systemroot%\system32\wdc.dll,-10042)
Author REG_SZ $(@%systemroot%\system32\wdc.dll,-10041)
Description REG_SZ $(@%systemroot%\system32\wdc.dll,-10043)
URI REG_SZ Microsoft\Windows\Task Manager\Interactive
Data REG_SZ $(Arg0)
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000000885C0424848484819D7D458484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0500000000000000000000000000000000000000000000000000000048484848
Actions REG_BINARY 010077770000000053EC5F85E4D299499E873414E9CF0FF40E0000002400280041007200670030002900
DynamicInfo REG_BINARY 03000000CBE9454F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1975B6D-13BA-4442-897A-92128B3ED96C}
Path REG_SZ \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Hash REG_BINARY B7BD3F8CF44C4AD37CB25020C67D27E45F87B1B37C3B63A34650DC2B9D2824BE
SecurityDescriptor REG_SZ DA;;GA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
URI REG_SZ Microsoft\Windows\Setup\gwx\refreshgwxconfig
Triggers REG_BINARY 150000000000000000D87F8025000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC821420348484848FD15D960484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000017C2D70F87F000000201676A646CE0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF01000000010000000000000000010000010000008051010000000000888800000000000000D87F8025000000000000000000000000D87F8025000000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000002000000
Actions REG_BINARY 0100666600000000540000002500770069006E0064006900720025005C00730079007300740065006D00330032005C004700570058005C0047005700580043006F006E006600690067004D0061006E0061006700650072002E006500780065001C0000002F00520065006600720065007300680043006F006E0066006900670000000000
DynamicInfo REG_BINARY 0300000024BE38ADF493D001000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2599556-050C-48B7-98E3-CD224A313FE3}
Path REG_SZ \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
Hash REG_BINARY A8559F6CCCA2DF09F1225F5DCFF67D8C6FF124FC5F85DCDF7F191DC7CF13EADE
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)
Source REG_SZ $(@%systemroot%\system32\appidsvc.dll,-200)
Author REG_SZ $(@%systemroot%\system32\appidsvc.dll,-201)
Description REG_SZ $(@%systemroot%\system32\appidsvc.dll,-202)
URI REG_SZ Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF7E11024248484848218D22DB484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C00000048484848B40000007043010080F40300FFFFFFFF0A00000000000000000000000000000000000000000000000000000048484848FFFF0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF08070000FFFFFFFF8051010000000000000000000000000001000000000000000000000003000000
Actions REG_BINARY 0100666600000000520000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00610070007000690064006300650072007400730074006F007200650063006800650063006B002E006500780065000000000000000000
DynamicInfo REG_BINARY 03000000AB1A744E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C371F25E-745F-4A1E-BEF3-959161B56258}
Path REG_SZ \Microsoft\Windows\AppID\SmartScreenSpecific
Hash REG_BINARY D67F491346FC6E056555743B88C33EF23CA23B6DAF5DC6A35F3F4970F53B7680
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;AU)
Source REG_SZ $(@%systemroot%\system32\apprepsync.dll,-701)
Author REG_SZ $(@%systemroot%\system32\apprepsync.dll,-700)
Description REG_SZ $(@%systemroot%\system32\apprepsync.dll,-702)
URI REG_SZ Microsoft\Windows\AppID\SmartScreenSpecific
Data REG_SZ U
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFFBA85404248484848FFA92F96484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848580000004848484800000000100E000080F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000001000000000000000000000000000000AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF08070000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
Actions REG_BINARY 010077770000000085002B9F1892A14288B09F0E65851666020000005500
DynamicInfo REG_BINARY 0300000054A737247D9ECE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3BC58BF-FE17-4E06-B231-415CA4048DE7}
Path REG_SZ \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Hash REG_BINARY F5312DDF146E0A1432020E9741768E67427F39527EF9D22F22BD5FF6948A7292
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFW;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-87-431836887-2321537645-4075769387-3393595759-2187231311)
Source REG_SZ $(@%systemroot%\system32\sppc.dll,-200)
Author REG_SZ $(@%systemroot%\system32\sppc.dll,-200)
Description REG_SZ $(@%systemroot%\system32\sppc.dll,-203)
URI REG_SZ \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Data REG_SZ network
Triggers REG_BINARY 15000000000000000005DAE28D00000000000000000000000005DAE28D000000FFFFFFFFFFFFFFFF08218202484848482B6FC868484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005140000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C000000030000000000000000000000000000000000000048484848CCCC0000000000000005DAE28D00000000000000000000000005DAE28D000000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000007F000001000005200000002002000000001400BE000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00500072006F00660069006C0065002F004F007000650072006100740069006F006E0061006C0022003E003C00530065006C00650063007400200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00500072006F00660069006C0065002F004F007000650072006100740069006F006E0061006C0022003E002A005B00530079007300740065006D005B004500760065006E007400490044003D00310030003000300030005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E0000004848000000000000000000000000000000000000000000000000
Actions REG_BINARY 01007777000000005DBBAEB1D9EA7644B3759C3ED9F32AFC0E0000006E006500740077006F0072006B00
DynamicInfo REG_BINARY 03000000CBE9454F469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4AE3C3E-C327-4689-B6FD-C11FB31AE88B}
Path REG_SZ \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Hash REG_BINARY A3A6190D7BF9D556951DA57C75C0FCCC694A50A1DBCE0F6F379FC991430DEA24
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FR;;;BU)(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;NS)(A;;FRFX;;;LS)(A;;FRFX;;;S-1-5-80-2898649604-2335086160-1904548223-3761738420-3855444835)(A;;FRFX;;;NO)(A;;FA;;;S-1-3-4)
Author REG_SZ $(@%systemRoot%\System32\netcfgx.dll,-14025)
Description REG_SZ $(@%systemRoot%\System32\netcfgx.dll,-14026)
URI REG_SZ Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF4811424248484848A4461E09484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848FFFF0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000003000000
Actions REG_BINARY 0100777700000000A099A15AED1CA5439B853226086738A300000000
DynamicInfo REG_BINARY 03000000AB1A744E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4EBB37B-BF54-4F58-A310-0C2E69F57048}
Path REG_SZ \Optimize Start Menu Cache Files-S-1-5-21-2771644027-2860193389-1954980343-1004
Hash REG_BINARY BE397734F6912AD5A164830BA408877947A20C41B58D424522AEA42D3A30EA9C
Source REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8000)
Author REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8001)
Description REG_SZ $(@%SystemRoot%\system32\twinapi.dll,-8002)
Data REG_SZ $(Arg0)
Triggers REG_BINARY 1500000000000000002803F0F87F00000000000000000000002803F0F87F0000FFFFFFFFFFFFFFFF0221410248484848B46FC7B5484848480048484848484848004848484848484808000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EC030000484848482A0000004848484848004F004D0045004F00460046004900430045005C0066006100740065006D005F0030003000300000004848484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848EEEE000000000000002803F0F87F00000000000000000000002803F0F87F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000000000000
Actions REG_BINARY 01007777000000001B8A3F2DCD6DD54EBDBAA096594B98EF0E0000002400280041007200670030002900
DynamicInfo REG_BINARY 0300000005444D553BA7CF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBD3EF37-0E38-431A-A6E8-607C56893A63}
Path REG_SZ \Microsoft\Windows\MUI\LPRemove
Hash REG_BINARY A9D6C15A70D44D759C48DD4821EA103834AE4689C1607487EAFD87F75770A353
Source REG_SZ $(@%systemRoot%\System32\lpremove.exe,-100)
Author REG_SZ $(@%systemRoot%\System32\lpremove.exe,-100)
Description REG_SZ $(@%systemRoot%\System32\lpremove.exe,-101)
URI REG_SZ Microsoft\Windows\MUI\LPRemove
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000382142034848484894924888484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF907E0000FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000040000000000000001000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C006C007000720065006D006F00760065002E006500780065000000000000000000
DynamicInfo REG_BINARY 03000000E18BDE247D9ECE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCFEBB07-718E-418A-804E-3E5593D0793F}
Path REG_SZ \Microsoft\Windows\Registry\RegIdleBackup
Hash REG_BINARY AEB059239D87F40449A588A6D06506089F5DB7127A7E8D6EF0C6F6842316A9CC
Version REG_SZ 1.0
SecurityDescriptor REG_SZ O:BAG:BAD(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)(A;;FRFX;;;LS)
Source REG_SZ $(@%systemroot%\system32\regidle.dll,-601)
Author REG_SZ $(@%systemroot%\system32\regidle.dll,-600)
Description REG_SZ $(@%systemroot%\system32\regidle.dll,-602)
URI REG_SZ Microsoft\Windows\Registry\RegIdleBackup
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000005821C2424848484882531197484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF00000000FFFFFFFF050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A000000000000000000000000000E0000000000000000000000
Actions REG_BINARY 0100777700000000A87A76CA57910446B64B40747123D5F200000000
DynamicInfo REG_BINARY 03000000E18B90D13398CE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD3F71A5-25DA-4A71-B641-3B0B338D3B10}
Path REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
Hash REG_BINARY 46CDF49FF65570915C9090AFD4C53C023FE47F718AC9598C2FE5A0054DFC3C0D
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SDFRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\kernelceip.dll,-601)
Author REG_SZ $(@%SystemRoot%\system32\kernelceip.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\kernelceip.dll,-602)
URI REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000005821C24248484848E239583F484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000008C0A0000010000000000000000000000000000000000000000000000000080000000000000000000000007000000000000000000000000000E0000000000000000000000
Actions REG_BINARY 01007777000000004F31EDE71628264CAEB554A34D02404C00000000
DynamicInfo REG_BINARY 030000006D2E77FAB39DCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD5B361C-450C-456E-AF2C-B490D5AD4938}
Path REG_SZ \Microsoft\Windows\Chkdsk\ProactiveScan
Hash REG_BINARY AA7EFB60264DE1D7409ADF6D6DB6758616B7D1C285F2213DFE36F2668E6DC4A9
SecurityDescriptor REG_SZ D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
Source REG_SZ $(@%systemroot%\system32\pstask.dll,-100)
Author REG_SZ $(@%systemroot%\system32\pstask.dll,-101)
Description REG_SZ $(@%systemroot%\system32\pstask.dll,-102)
URI REG_SZ \Microsoft\Windows\Chkdsk\ProactiveScan
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000078214242484848483EACC894484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000006D00330000000000000000000000000000000100000000000000000000000100000000000000000000000000
Actions REG_BINARY 0100777700000000F57042CF432E684483B3A8C45BB33EA100000000
DynamicInfo REG_BINARY 030000006DAE4A4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE2DE968-E342-40D7-9566-427D45E4A886}
Path REG_SZ \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
Hash REG_BINARY 5B4E2D273A11A7B118A86A824D6E980EC630A412344A9DE541691FEE84C06564
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;LS)
Author REG_SZ $(@%systemRoot%\System32\perftrack.dll,-2003)
Description REG_SZ $(@%systemRoot%\System32\perftrack.dll,-2002)
URI REG_SZ Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
Triggers REG_BINARY 15000000000000000028C358FC7F000000000000000000000028C358FC7F0000FFFFFFFFFFFFFFFF1821C2024848484854C24905484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848EEEE0000000000000028C358FC7F000000000000000000000028C358FC7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000000000000DDDD00000000000001000000000000000078BA3F01C2C80100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF010000000100000000000000000192560100000000000000FC7F0000
Actions REG_BINARY 0100777700000000A35591EA398AB4408963D3C761B1837100000000
DynamicInfo REG_BINARY 030000006DAE4A4F469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE2EF38-FCF8-49E9-8655-E065CDC856BB}
Path REG_SZ \CLVDLauncher
Hash REG_BINARY 81A68DE9EABD7DE3EEB37C905DAD29D56708EA3B08D411A8C7C98BACC912B0F2
Schema REG_DWORD 0x10002
SecurityDescriptor REG_SZ DA;OICI;FAGAKA;;;WD)
Author REG_SZ CyberLink
Triggers REG_BINARY 15000000000000000071EA539600000000000000000000000071EA5396000000FFFFFFFFFFFFFFFF48A1C00248484848C07E37224848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA0000000000000071EA539600000000000000000000000071EA5396000000FFFFFFFFFFFFFFFF3C000000FFFFFFFF000000000000000000000000007F0000010000000000000001000000000000000148484848484848
Actions REG_BINARY 01006666000000007600000043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C00430079006200650072004C0069006E006B005C0050006F00770065007200320047006F0038005C0043004C00560044004C00610075006E0063006800650072002E006500780065000000000000000000
DynamicInfo REG_BINARY 03000000B22E28B27D1DCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}
Path REG_SZ \Microsoft\Windows\SettingSync\BackupTask
Hash REG_BINARY F8F180356D6B90429191E5C32A2D69C3B72C62D12D2CDBAC9D86F752FC575BAA
SecurityDescriptor REG_SZ D(A;;FRFX;;;AU)(A;;FA;;;BA)(A;;FA;;;SY)
URI REG_SZ \Microsoft\Windows\SettingSync\BackupTask
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000008A85C042484848486CDC25D3484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848580000004848484800000000302A000080F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000020000000000000000000000
Actions REG_BINARY 01007777000000008CC7A460B8E26E4E876FDA203B02C05E00000000
DynamicInfo REG_BINARY 030000006DAE4A4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFFB31DB-A07D-4569-B954-E2169057BBE6}
Path REG_SZ \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Hash REG_BINARY 09A8D75B6952E21A49E6C10EFCBE709DD7F6167EF87807A8293CE7C8ADC5118C
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)
Source REG_SZ $(@%SystemRoot%\System32\DFDTS.dll,-100)
Author REG_SZ $(@%SystemRoot%\System32\DFDTS.dll,-101)
Description REG_SZ $(@%SystemRoot%\System32\DFDTS.dll,-118)
URI REG_SZ Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Triggers REG_BINARY 150000000000000000D5A2BC8F000000000000000000000000D5A2BC8F000000FFFFFFFFFFFFFFFF0885804348484848559FF38A4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848480000000048484848AAAA00000000000000D5A2BC8F000000000000000000000000D5A2BC8F000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000070000010000000000000000000000030000000148484848484848
Actions REG_BINARY 0100666600000000380000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00440046004400570069007A002E006500780065000000000000000000
DynamicInfo REG_BINARY 030000001D7AC9E5791DCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D00E7CB4-F82A-4A72-AB0F-7BB86DCA6F2F}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\UserTask
Hash REG_BINARY DB89FE61B38CF541D584C34612B856A825EF9A287779F0CCBFAA95A0183E8781
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)
Source REG_SZ $(@%SystemRoot%\system32\dimsjob.dll,-100)
Author REG_SZ $(@%SystemRoot%\system32\dimsjob.dll,-101)
Description REG_SZ $(@%SystemRoot%\system32\dimsjob.dll,-102)
URI REG_SZ \Microsoft\Windows\CertificateServicesClient\UserTask
Data REG_SZ USER
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFFE885404248484848965281FA484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C000000050000000000000000000000000000000000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000000000100720073000000C812833AB5000000A5000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00470072006F007500700050006F006C0069006300790027005D00200061006E00640020004500760065006E007400490044003D0031003500300033005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E0000004848484800000000000000000000000000000000000000000000000088880000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000003000000AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF80700000000000000000000000000000010000000000000000000000030000000148484848484848
Actions REG_BINARY 0100777700000000B976FB5885AC554EAC04427593B1D060080000005500530045005200
DynamicInfo REG_BINARY 03000000B7C9A34E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1D8F1BA-2E8D-4582-8CB7-7777C9E26E39}
Path REG_SZ \Microsoft\Windows\Diagnosis\Scheduled
Hash REG_BINARY DE8776C00A46912CC06F1DED4ECBF7088633D73BBE4AC386A006E58C220ADC02
Version REG_SZ 1.0
SecurityDescriptor REG_SZ O:BAG:BAD(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)(A;;FRFX;;;LS)
Source REG_SZ $(@%systemroot%\system32\sdiagschd.dll,-102)
Author REG_SZ $(@%systemroot%\system32\sdiagschd.dll,-101)
Description REG_SZ $(@%systemroot%\system32\sdiagschd.dll,-103)
URI REG_SZ \Microsoft\Windows\Diagnosis\Scheduled
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000078A1C00348484848035A48B5484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000504000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000001000000000000000000000000000000
Actions REG_BINARY 0100777700000000F85EF8C1C2BC0646BB3970C523715EB300000000
DynamicInfo REG_BINARY 030000009290D2508F9ACE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D456434E-4CB6-49DD-94B9-FB68BDAB1725}
Path REG_SZ \User_Feed_Synchronization-{A0C85A69-8777-4D29-8071-803249872834}
Hash REG_BINARY B7C4D675FEE6E56C853C009CE434564F92854CB1AC502341B27108A32140CD01
Schema REG_DWORD 0x10003
Author REG_SZ HOMEOFFICE\Yamee_000
Description REG_SZ Updates out-of-date system feeds.
Triggers REG_BINARY 1500000000000000004E0D4E7600000080E52DC807B2CF010089E4BDFB7F000080A52EFF91E8DA01C821C14248484848C3C7EC70484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674EB030000484848482A0000004848484848004F004D0045004F00460046004900430045005C00590061006D00650065005F0030003000300000004848484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000004E0D4E7600000080E52DC807B2CF010089E4BDFB7F000080A52EFF91E8DA01000000000000000000000000000000000000000000000000FFFFFFFF01000000010000000000000000014C00010000000000000076000000
Actions REG_BINARY 01006666000000004600000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D00730066006500650064007300730079006E0063002E0065007800650008000000730079006E00630000000000
DynamicInfo REG_BINARY 030000004ABDA8C9629BCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6F4A061-CEFB-4F38-81EC-6E80ECDD3011}
Path REG_SZ \Microsoft\Windows\Location\Notifications
Hash REG_BINARY F64870E12BFF2642A1B8EC19B8F88CBB9491AF11DFB90001A05DE90480B68C19
Version REG_SZ 1.3
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
Description REG_SZ $(@%systemRoot%\system32\LocationNotifications.exe,-102)
URI REG_SZ Microsoft\Windows\Location\Notifications
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF0885404248484848F8120380484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000050B0000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000000000100640066006100650031002D003500A4000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E003C00530065006C00650063007400200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004C006F0063006100740069006F006E004E006F00740069006600690063006100740069006F006E00730027005D00200061006E00640020004500760065006E007400490044003D0033005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000484848484848000000000000000000000000000000000000000000000000
Actions REG_BINARY 0100666600000000560000002500770069006E0064006900720025005C00530079007300740065006D00330032005C004C006F0063006100740069006F006E004E006F00740069006600690063006100740069006F006E0073002E006500780065000000000000000000
DynamicInfo REG_BINARY 0300000092104D4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D84BAEDA-AEC0-4A7F-927D-ACB28F11EDD2}
Path REG_SZ \Microsoft\Windows\DiskCleanup\SilentCleanup
Hash REG_BINARY AAB3EF42073372B5856B2BF3374EBCA04CECBF8830AEE528A6CBF03D57C173B6
SecurityDescriptor REG_SZ D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;AU)
Source REG_SZ $(@%systemroot%\system32\cleanmgr.exe,-1300)
Author REG_SZ $(@%systemroot%\system32\cleanmgr.exe,-1300)
Description REG_SZ $(@%systemroot%\system32\cleanmgr.exe,-1301)
URI REG_SZ Microsoft\Windows\DiskCleanup\SilentCleanup
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF000000000000000040A140434848484870355A8D484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000001000000000000000000000000000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C0063006C00650061006E006D00670072002E00650078006500360000002F006100750074006F0063006C00650061006E0020002F00640020002500730079007300740065006D0064007200690076006500250000000000
DynamicInfo REG_BINARY 030000007C839625378CCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D88FEC9E-A82A-46F9-87E2-B6B97B301C1A}
Path REG_SZ \Microsoft\Windows\WS\License Validation
Hash REG_BINARY DFE9A54A4AF925B6338A9AC3A4064623795E4C2115127D120119BEA8A4EE8AB9
Date REG_SZ 2010-10-27T17:18:44.0816608
SecurityDescriptor REG_SZ D(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)(A;;FA;;;S-1-5-80-1227353651-1023108616-160957920-2792958081-1972711695)(A;;FR;;;S-1-5-87-1452649159-2109950929-2856838567-3638795029-1283063528)
Source REG_SZ $(@%SystemRoot%\system32\wsservice.dll,-122)
Author REG_SZ $(@%SystemRoot%\system32\wsservice.dll,-120)
Description REG_SZ $(@%SystemRoot%\system32\wsservice.dll,-123)
URI REG_SZ \Microsoft\Windows\WS\License Validation
Triggers REG_BINARY 150000000000000000234E71F87F0000006F2159FD96D00100FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF4821C2024848484898D2B83B484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848580000004848484800000000FFFFFFFF00000000FFFFFFFF0700000080DE2800FF000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000020000000000000000000000DDDD00000000000000234E71F87F0000006F2159FD96D00100000000000000000000000000000000000000000000000000000000000000006054000000000000FFFFFFFF000000000000000000000000000126700100000000000000F87F0000
Actions REG_BINARY 010066660000000018000000720075006E0064006C006C00330032002E006500780065003A0000005700530043006C00690065006E0074002E0064006C006C002C0057005300700054004C00520020006C006900630065006E00730069006E00670000000000
DynamicInfo REG_BINARY 03000000F9724F4F469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB}
Path REG_SZ \Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Hash REG_BINARY C6A50D18ED1E46B7BBDF3FBA7AC332DB858BFCE1F4D5B59C38F6067D584B98B4
Version REG_SZ 1.0
Source REG_SZ $(@%systemroot%\system32\WorkFoldersShell.dll,-18000)
Author REG_SZ $(@%systemroot%\system32\WorkFoldersShell.dll,-18001)
Description REG_SZ $(@%systemroot%\system32\WorkFoldersShell.dll,-18002)
URI REG_SZ Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Data REG_SZ Logon
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF08A14042484848481398EC5F484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF80510100FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF2C010000FFFFFFFF000000000000000000000000000000000100410064006D0069006E00790074000148484848484848
Actions REG_BINARY 0100777700000000567DD4977737FB498E8F90D7E30E1A1E0A0000004C006F0067006F006E00
DynamicInfo REG_BINARY 03000000B7C9A34E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF8FF214-D536-45F4-90EC-1767F65DBED4}
Path REG_SZ \Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Hash REG_BINARY 8B14B3FF18C3FC4650A2573AED7314DD7DD6F45A402461B16AABF9D4B36CE77E
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-601)
Author REG_SZ $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-602)
URI REG_SZ \Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Data REG_SZ Time
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000007EA1C00348484848104CC724484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000200200000000000048484848580000004848484800000000FFFFFFFF201C0000FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000002000000000000000000000000000000
Actions REG_BINARY 01007777000000004AE768819FB3D846ADCD7BED477B80A308000000540069006D006500
DynamicInfo REG_BINARY 030000001ADA457B589BCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E075AC73-7FC0-4ACD-9F28-DD590C391C1C}
Path REG_SZ \Microsoft\Windows\Windows Error Reporting\QueueReporting
Hash REG_BINARY A417265EEBB1B4AA686B8843AFAA12A28E495A54773C9C2C13240BCF1B579094
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
Source REG_SZ $(@%SystemRoot%\system32\wer.dll,-292)
Author REG_SZ $(@%SystemRoot%\system32\wer.dll,-293)
Description REG_SZ $(@%SystemRoot%\system32\wer.dll,-294)
URI REG_SZ \Microsoft\Windows\Windows Error Reporting\QueueReporting
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF50A14042484848487B83F319484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000210200000000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000050004C0000000000000000000000000000000100000000000000000000000000070000000000000000000000AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF0C030000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF0C030000FFFFFFFF0000000000000000000000000000000001010000000000052000000000000000BE000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00500072006F00660069006C0065002F004F007000650072006100740069006F006E0061006C0022003E003C00530065006C00650063007400200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00500072006F00660069006C0065002F004F007000650072006100740069006F006E0061006C0022003E002A005B00530079007300740065006D005B004500760065006E007400490044003D00310030003000300030005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E0000004848000000000000000000000000000000000000000000000000
Actions REG_BINARY 0100666600000000380000002500770069006E0064006900720025005C00730079007300740065006D00330032005C007700650072006D00670072002E006500780065001E0000002D00710075006500750065007200650070006F007200740069006E00670000000000
DynamicInfo REG_BINARY 03000000042CA64E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E131C6A0-5FFC-419B-ABFA-CE4CB36CDE8A}
Path REG_SZ \Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Hash REG_BINARY 9024D9034C549E179A88536AAAA66A95FA15364C722C7CA39A8C9A3A6D020B5A
Source REG_SZ $(@%SystemRoot%\system32\TimeSyncTask.dll,-601)
Author REG_SZ $(@%SystemRoot%\system32\TimeSyncTask.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\TimeSyncTask.dll,-602)
URI REG_SZ Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Data REG_SZ TimeSyncTask
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF8821424348484848AC40CA77484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848000000004848484866660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF3C000000FFFFFFFF00000000000000000000000000000000010000000000000000000000000000007510BCA32F0189150000000000000000
Actions REG_BINARY 0100777700000000C2D61AA34CFFD4438E907101023096F918000000540069006D006500530079006E0063005400610073006B00
DynamicInfo REG_BINARY 03000000B385624F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E367590C-10F8-4401-B924-5839261DC94E}
Path REG_SZ \Microsoft\Windows\Wininet\CacheTask
Hash REG_BINARY 1D2E92CFD3366BC5EBEE8D25DC772B0A29D9BA39245BBB30531948497C69E430
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;0x001200a9;;;BU)(A;;0x001200a9;;;WD)(A;;0x001200a9;;;LW)
Author REG_SZ $(@%systemroot%\system32\wininet.dll,-16000)
Description REG_SZ $(@%systemroot%\system32\wininet.dll,-16001)
URI REG_SZ \Microsoft\Windows\Wininet\CacheTask
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF0085404248484848768FC0524848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
Actions REG_BINARY 010077770000000020B95803C70A1F4698F458E32CD8914800000000
DynamicInfo REG_BINARY 03000000688EA84E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3F311F6-F703-4BC8-BFC6-040D4F5D2CC1}
Path REG_SZ \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Hash REG_BINARY 16218400340B0C31BDE443C630B7324010D4E99763B18A07E194874951153A70
Schema REG_DWORD 0x10004
SecurityDescriptor REG_SZ DA;;FA;;;SY)(A;;FRFX;;;LS)(A;;FA;;;BA)
Source REG_SZ $(@%SystemRoot%\System32\wuaueng.dll,-112)
Author REG_SZ $(@%SystemRoot%\System32\wuaueng.dll,-112)
Description REG_SZ $(@%SystemRoot%\System32\wuaueng.dll,-200)
URI REG_SZ \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Triggers REG_BINARY 1500000000000000009FACAE2F0000000000000000000000009FACAE2F000000FFFFFFFFFFFFFFFF08220242484848487C6633D4484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000484848486666000000000000009FACAE2F0000000000000000000000009FACAE2F000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000000000000000000000000000000000007518BCA3380C960C010000000000000001
Actions REG_BINARY 010077770000000053F1F7EF971C7A41B633FEDE6683A93900000000
DynamicInfo REG_BINARY 0300000083FE0C32018DCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E64595D9-E1AF-4E09-8D36-1721FC82AEE3}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\SystemTask
Hash REG_BINARY 5F1741F0E3673AEE6B7D983CDB718C34640A8C20B8D2F627B7AA491C12F16358
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)
Source REG_SZ $(@%SystemRoot%\system32\dimsjob.dll,-100)
Author REG_SZ $(@%SystemRoot%\system32\dimsjob.dll,-101)
Description REG_SZ $(@%SystemRoot%\system32\dimsjob.dll,-102)
URI REG_SZ \Microsoft\Windows\CertificateServicesClient\SystemTask
Data REG_SZ SYSTEM
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFFE8054242484848484E9F42CE484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C000000050000000000000000000000000000000000000048484848CCCC0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010074002E004D0061006300680069001B010000000000003C00510075006500720079004C006900730074003E000A0020002000200020002000200020002000200020002000200020002000200020003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E000A00200020002000200020002000200020002000200020002000200020002000200020002000200020003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E000A002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00470072006F007500700050006F006C0069006300790027005D00200061006E00640020004500760065006E007400490044003D0031003500300032005D005D000A00200020002000200020002000200020002000200020002000200020002000200020002000200020003C002F00530065006C006500630074003E000A0020002000200020002000200020002000200020002000200020002000200020003C002F00510075006500720079003E000A0020002000200020002000200020002000200020002000200020002000200020003C002F00510075006500720079004C006900730074003E00000000000000000000000000000000000000000000000000000088880000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000003000000FFFF0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF0A000000FFFFFFFF8070000000000000000000000000000001000000000000000000000003000000
Actions REG_BINARY 0100777700000000B976FB5885AC554EAC04427593B1D0600C000000530059005300540045004D00
DynamicInfo REG_BINARY 03000000F57C764E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E69149DF-81FC-41D7-B301-6791C1EF3CCF}
Path REG_SZ \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2771644027-2860193389-1954980343-1001
Hash REG_BINARY BFD112018B31E35963E1071A841BA23E20D8C6C7D2FDCEE98B8660515C54F600
Schema REG_DWORD 0x10003
Data REG_SZ Windows-Credentials
Triggers REG_BINARY 150000000000000001130CA5FE7F000000F784E8B90AD00100130CA5FE7F0000FFFFFFFFFFFFFFFF582101424848484828ECC938484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007BEE33A56D167BAAF7A18674E903000048484848240000004848484848004F004D0045004F00460046004900430045005C005300610062006900720061000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0500000000000000000000000000000000000000000000000000000048484848DDDD00000000000001130CA5FE7F000000F784E8B90AD00100000000000000000000000000000000000000000000000000000000000000005802000000000000FFFFFFFF000000000000000000000000000149800100000000000000BB000000
Actions REG_BINARY 010077770000000006A663F04867894B82A03D19D94CE8D326000000570069006E0064006F00770073002D00430072006500640065006E007400690061006C007300
DynamicInfo REG_BINARY 030000006A3B5515D9BCCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6D378FA-E068-4BCB-80DE-56D43A249507}
Path REG_SZ \Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Hash REG_BINARY 931BA19618D99B560AE67BD2AA2F09FF17BB5A1EBE608D7AC0AD4E65BDA06B24
Version REG_SZ 1.0
SecurityDescriptor REG_SZ D(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\ReAgentTask.dll,-602)
Author REG_SZ $(@%SystemRoot%\system32\ReAgentTask.dll,-601)
Description REG_SZ $(@%SystemRoot%\system32\ReAgentTask.dll,-603)
URI REG_SZ \Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Data REG_SZ VerifyWinRE
Triggers REG_BINARY 1500000000000000000ABBBE1D000000FFFFFFFFFFFFFFFF000ABBBE1D000000000000000000000052A18003484848485612B897484848480048484848484848004848484848484804000000484848481000000048484848010200000000000520000000200200000000000048484848580000004848484800000000FFFFFFFF100E0000FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000E00000000000000000001000000000000000000000000000000
Actions REG_BINARY 0100777700000000C2D0D189CFA30C49ABE3B86CDE34B04716000000560065007200690066007900570069006E0052004500
DynamicInfo REG_BINARY 030000001FA827D0EA9CCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7DAAC26-472A-4671-A1FF-080BA3B42C09}
Path REG_SZ \Microsoft\Windows\WindowsUpdate\Scheduled Start With Network
Hash REG_BINARY DC2E0DD35730DFCF848B9B349144457E0D0FDF70D09CC18CF4B471CFCD388DC8
Schema REG_DWORD 0x10004
Source REG_SZ Microsoft Corporation.
Author REG_SZ Microsoft Corporation.
Description REG_SZ This task is used to start the Windows Update service when needed to perform scheduled operations such as scans.
Triggers REG_BINARY 150000000000000000285071F87F0000000000000000000000285071F87F0000FFFFFFFFFFFFFFFFC820424248484848F1330DF8484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000000CE31802500000080D5820EF894D00100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF00000000000000000000000000012670010000003C000000F87F0000777700000000000000285071F87F0000000000000000000000285071F87F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000FFFFFF0000410055005300630068006500640002000000730074000148484848484848777700000000000000285071F87F0000000000000000000000285071F87F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000FFFFFF00000000925F00005031FBF62500000004000000250000000148484848484848666600000000000000285071F87F0000000000000000000000285071F87F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000FFFFFF000000000000000000000000000000007508BCA3380C960C010000000000000001
Actions REG_BINARY 01006666000000003400000043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C00730063002E006500780065001C0000007300740061007200740020007700750061007500730065007200760000000000
DynamicInfo REG_BINARY 030000002394BC31018DCF01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8CC75DC-A5F5-4267-BD93-8A3479D0A822}
Path REG_SZ \Microsoft\Windows\TextServicesFramework\MsCtfMonitor
Hash REG_BINARY F7CCB39021E7E245CADCD75E426102522087DD3AC91AF7D4387D8D70ED6DDAB4
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
Source REG_SZ $(@%systemRoot%\system32\MsCtfMonitor.dll,-1000)
Description REG_SZ $(@%systemRoot%\system32\MsCtfMonitor.dll,-1001)
URI REG_SZ Microsoft\Windows\TextServicesFramework\MsCtfMonitor
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF0885C04248484848E774F3144848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
Actions REG_BINARY 0100777700000000FE5C5701559A0340A5E1F38D1EBDCBE100000000
DynamicInfo REG_BINARY 03000000688EA84E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E90AFE1C-4FDE-42AA-955F-3B9EDF653C66}
Path REG_SZ \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Hash REG_BINARY 00694C1CCE1F29442AA3395CC2ABCCF0948B84A9F68F4BC60ED02C06A0511BC8
Date REG_SZ 2010-09-30T14:53:37.9516706
SecurityDescriptor REG_SZ DA;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
URI REG_SZ Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Data REG_SZ /RuntimeWide
Triggers REG_BINARY 15000000000000000028D496FC7F000000000000000000000028D496FC7F0000FFFFFFFFFFFFFFFF0823824248484848F6BF523F484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF201C0000FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000020000000000000000000000EEEE0000000000000028D496FC7F000000000000000000000028D496FC7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000000000000
Actions REG_BINARY 0100777700000000644243DEE98F0B4CA83B89EBEEBFF78E180000002F00520075006E00740069006D0065005700690064006500
DynamicInfo REG_BINARY 030000001FE8644F469FCE01000000000000000000000000000000000000000000000000
Schema REG_DWORD 0x10004

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDCAD10E-42B8-45F3-AAEF-DE86F7373643}
Path REG_SZ \Microsoft\Windows\Time Synchronization\SynchronizeTime
Hash REG_BINARY 7092C876E6568150619F525C9FD5AC700D3DACCBE0AAA638CCE25FC33F542258
Source REG_SZ $(@%systemroot%\system32\w32time.dll,-200)
Author REG_SZ $(@%systemroot%\system32\w32time.dll,-202)
Description REG_SZ $(@%systemroot%\system32\w32time.dll,-201)
URI REG_SZ Microsoft\Windows\Time Synchronization\SynchronizeTime
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF0000000000000000F821424348484848616C7544484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000513000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000E0000000000000000000000
Actions REG_BINARY 0100666600000000300000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00730063002E0065007800650034000000730074006100720074002000770033003200740069006D00650020007400610073006B005F00730074006100720074006500640000000000
DynamicInfo REG_BINARY 03000000007BFD508F9ACE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F15E0568-C1DA-446E-86C9-4AF3857BADF7}
Path REG_SZ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Hash REG_BINARY 5FEA8C5D590E391F05DC6BF182EE76FA80BE1EC03C9F02439F1A619A1D371CBB
Date REG_SZ 2006-11-10T14:29:55.5851926
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
Author REG_SZ $(@%systemRoot%\System32\msdrm.dll,-6001)
Description REG_SZ $(@%systemRoot%\System32\msdrm.dll,-6002)
URI REG_SZ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Triggers REG_BINARY 15000000000000000020D6C8FD7F0000000000000000000000883A17B5000000FFFFFFFFFFFFFFFFC8850002484848484F482AB2484848480048484848484848004848484848484805000000484848480C000000484848480101000000000001000000004848484800000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001883A17B500000000781825AB03C70100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001B05F01000000100E0000B5000000AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF100E0000FFFFFFFF00000000000000000000000000000000010000000000000000000000030000000148484848484848
Actions REG_BINARY 010077770000000028F42CCF5B32D3488CA87633E36E5A3200000000
DynamicInfo REG_BINARY 03000000B7F0AA4E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3033906-E419-4CA4-AAA0-8E9B8B3154E2}
Path REG_SZ \Microsoft\Windows\PI\Secure-Boot-Update
Hash REG_BINARY 70F38E6D87067D819C2D0CA5B1426E012B47CE752BDCFDED3B8F3006F21EFFF3
Date REG_SZ 2012-02-07T16:39:20
SecurityDescriptor REG_SZ O:BAG:BAD(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\system32\TpmTasks.dll,-601)
Author REG_SZ $(@%SystemRoot%\system32\TpmTasks.dll,-600)
Description REG_SZ $(@%SystemRoot%\system32\TpmTasks.dll,-604)
URI REG_SZ Microsoft\Windows\PI\Secure-Boot-Update
Data REG_SZ SBServicing
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF58214242484848483F09D942484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848000000004848484866660000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000000000000100610073006B0073002E0064006C007508BCA33E0C95410000000000000000
Actions REG_BINARY 0100777700000000C8B714504E9362429816887FA745A6C4160000005300420053006500720076006900630069006E006700
DynamicInfo REG_BINARY 03000000575D7A4F469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F61C1098-6385-4992-9119-CE0F68340314}
Path REG_SZ \Microsoft\Windows\Servicing\StartComponentCleanup
Hash REG_BINARY 831746C17771B63A9166A1342CD2C96DB57F9BDEE3C6EFDA29DB1BE734B2D0BA
Schema REG_DWORD 0x10004
URI REG_SZ \Microsoft\Windows\Servicing\StartComponentCleanup
Triggers REG_BINARY 150000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFFFFFFFFFFFF00000000000000007821420348484848713522E3484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000E0000000000000000000000
Actions REG_BINARY 0100777700000000A1732075F223964385F08FDB879ED0ED00000000
DynamicInfo REG_BINARY 0300000057DDFF508F9ACE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F62D3A5B-5E2E-4305-A06A-A7CE9DE361B0}
Path REG_SZ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
Hash REG_BINARY 62050C0D7C474998414FA2C47E4D346ECE628D7D974F377EE3B8AE2E60982EE3
Date REG_SZ 2006-11-10T14:29:55.5851926
SecurityDescriptor REG_SZ DA;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
Author REG_SZ $(@%systemRoot%\System32\msdrm.dll,-6001)
Description REG_SZ $(@%systemRoot%\System32\msdrm.dll,-6003)
URI REG_SZ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
Triggers REG_BINARY 15000000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFFF885400248484848CE52BAAA484848480048484848484848004848484848484805000000484848480C000000484848480101000000000001000000004848484800000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA0000000000000020D6C8FD7F000000000000000000000020D6C8FD7F0000FFFFFFFFFFFFFFFF100E0000FFFFFFFF00000000000000000000000000000000000046003400300041007D0000005DF30148484848484848
Actions REG_BINARY 010077770000000048B15CBF777C8A4DA53ED81C70CF743C00000000
DynamicInfo REG_BINARY 03000000B7F0AA4E469FCE01000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8F60B81-1848-4BE1-AD7E-4C58101995A4}
Path REG_SZ \Microsoft\Windows\Setup\gwx\launchtrayprocess
Hash REG_BINARY 826CF57D8C8AC136C8F0AC529FA158F7C322047933A97F34F303D59E33C936BF
SecurityDescriptor REG_SZ DA;;GA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
URI REG_SZ Microsoft\Windows\Setup\gwx\launchtrayprocess
Triggers REG_BINARY 150000000000000000D7418025000000000000000000000000D7418025000000FFFFFFFFFFFFFFFF4885400248484848460086F1484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0600000000000000000000000000000000000000000000000000000048484848AAAA000000000000017C2D70F87F000000201676A646CE0100D7418025000000FFFFFFFFFFFFFFFF0F000000FFFFFFFF00000000000000000000000000FFFFFF010000000000000000000000020000000148484848484848888800000000000000D7418025000000000000000000000000D7418025000000FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000000000001000000000000000000000007000000
Actions REG_BINARY 01006666000000003A0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C004700570058005C004700570058002E00650078006500160000002F007400610073006B006C00610075006E006300680000000000
DynamicInfo REG_BINARY 03000000F50A66ADF493D001000000000000000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9656F1E-91A0-45AC-94C9-FB3ED31E915D}
Path REG_SZ \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Hash REG_BINARY A01C7DC33EA42E5A6B1093A9EDCC00476427B5B462440233F4859ABB9F470993
Version REG_SZ 1.0
SecurityDescriptor REG_SZ DA;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
Source REG_SZ $(@%SystemRoot%\System32\DFDTS.dll,-100)
Author REG_SZ $(@%SystemRoot%\System32\DFDTS.dll,-101)
Description REG_SZ $(@%SystemRoot%\System32\DFDTS.dll,-119)
URI REG_SZ Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Triggers REG_BINARY 1500000000000000000ABBBE1D000000FFFFFFFFFFFFFFFF000ABBBE1D00000000000000000000005821824248484848A54D764C484848480048484848484848004848484848484805000000484848480C00000048484848010100000000000512000000484848480000000048484848580000004848484800000000FFFFFFFF80F40300FFFFFFFF070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000E00000000000000000001000000000000000000000000000000
Actions REG_BINARY 01006666000000003C0000002500770069006E0064006900720025005C00730079007300740065006D00330032005C00720075006E0064006C006C00330032002E006500780065004A000000640066006400740073002E0064006C006C002C00440066006400470065007400440065006600610075006C00740050006F006C0069006300790041006E00640053004D0041005200540000000000


----------



## kevinf80 (Mar 21, 2006)

Please follow these instructions carefully:

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:
(Make sure Windows Registry Editor Version 5.00 goes on the top line)


```
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FD92324-06BF-4DFF-B702-1C7B4581CFFB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AC3BFA0-32C9-4A07-AF53-3BBB43765CF7}]
```
Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to *All Files*.

Next navigate to your desktop, and enter the file name *fixme.reg*, and click Save.

You should now find a new file on your desktop named *fixme.reg*. Double click on *fixme.reg*. You will get a warning,
agree to the merge, and then a message the file has been merged will immediately pop up.

Then reboot.

Does the black box issue cease?


----------



## Compash (Jan 9, 2006)

Hi Kevin,

Many thanks for taking your valuable time to help with this issue. I appreciate it.

I have followed your instruction carefully (I always try my best).

I will have to use my PC for 1-2 days before I can know if it is gone for good. 

Fingers crossed.

Have a good weekend, Kevin.

Regards,

Compash


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update Compash, post back whenever you`re ready....

Kevin...


----------

