Jump to content

Recommended Posts

Hello pegasis and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites

I have run 20 scans at least with various scanners and found a few hits, but the temp folders  files still keep being created.

 

is there a way to isolate a process/service creating these random names folders/files?

here are the log files from above:

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/01/2016 09:57:25 AM in x64 mode.
Windows Version: Windows 8.1 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows
Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
  0.0.0.0 cdn.guttastatdk.us
  0.0.0.0 cdn.inskinmedia.com
  0.0.0.0 cdn.insta.oibundles2.com
  0.0.0.0 cdn.insta.playbryte.com
  0.0.0.0 cdn.llogetfastcach.us
  0.0.0.0 cdn.montiera.com

  20 out of 35 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 10/01/2016 09:57:30 AM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
 

MB scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/1/2016
Scan Time: 10:01 AM
Logfile: MB results 10012016.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.01.05
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Troy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 447429
Time Elapsed: 33 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Fbar:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016
Ran by Troy (01-10-2016 11:40:27)
Running from C:\Users\T\Desktop
Windows 8.1 (Update) (X64) (2014-05-09 00:18:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2934600066-496943794-4240687687-500 - Administrator - Disabled)
Guest (S-1-5-21-2934600066-496943794-4240687687-501 - Limited - Disabled)
T (S-1-5-21-2934600066-496943794-4240687687-1001 - Limited - Enabled) => C:\Users\T
Troy (S-1-5-21-2934600066-496943794-4240687687-1003 - Administrator - Enabled) => C:\Users\Troy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(Beta) Free StockCharts (HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\1450490518.www.freestockcharts.com) (Version:  - www.freestockcharts.com)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Amazon Kindle (HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\Amazon Kindle) (Version:  - Amazon)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
APC PowerChute Personal Edition (HKLM-x32\...\{5A0C892E-FD1C-4203-941E-0956AED20A6A}) (Version: 1.5 - American Power Conversion Corporation)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM-x32\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Audio Product Tool (HKLM-x32\...\{032D9888-CC94-4AD6-9451-481CB7D67061}) (Version: 1.03 - Actions)
Auslogics BoostSpeed 9 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 9.0.0.0 - Auslogics Labs Pty Ltd)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 7.0.0.0 - Auslogics Labs Pty Ltd)
Avira Launcher (HKLM-x32\...\{af1966e2-5e60-4d93-8a48-c21462a87e3c}) (Version: 1.2.71.9779 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.71.9779 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.6.5.2921 - Avira Operations GmbH & Co. KG)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Build Tools - amd64 (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Canon CanoScan 8800F User Registration (HKLM-x32\...\Canon CanoScan 8800F User Registration) (Version:  - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MP960 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP960) (Version:  - )
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - Canon Inc.)
Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version:  - )
Canon MX890 series User Registration (HKLM-x32\...\Canon MX890 series User Registration) (Version:  - )
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.4.20.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CanoScan 8800F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CutePDF Writer 2.8 (HKLM-x32\...\CutePDF Writer Installation) (Version:  - )
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.)
CyberLink LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4619 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3530.52 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2512 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Doxillion Document Converter (HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\Doxillion) (Version: 2.37 - NCH Software)
Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit)
E.M. Total Video Player 1.31 (HKLM-x32\...\E.M. Total Video Player 1.31_is1) (Version:  - EffectMatrix Inc.)
EasySaver B9.0610.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Edimax Wireless LAN (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - Edimax Technology Co.)
Entity Framework 6.1.3 Tools  for Visual Studio 2013 (HKLM-x32\...\{D5170452-84D1-4725-AD9C-F9ECFD0A9E9F}) (Version: 12.0.40302.0 - Microsoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FastStone Image Viewer 5.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.7 - FastStone Soft)
FlashLynx Video Download Software (HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\FlashLynx) (Version:  - NCH Software)
Format Package 3 (HKLM-x32\...\FormatPackage_is1) (Version: 3.0.2 - iFunSoft)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.)
Free YouTube Downloader 4.1.477 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
FreeRIP v3.30 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.30 - MGShareware)
Git version 2.7.0 (HKLM\...\Git_is1) (Version: 2.7.0 - The Git Development Community)
Glary Utilities 5.58 (HKLM-x32\...\Glary Utilities 5) (Version: 5.58.0.79 - Glarysoft Ltd)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
GoToMeeting 7.23.0.5573 (HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\GoToMeeting) (Version: 7.23.0.5573 - CitrixOnline)
GWXStopper 1.20 (HKLM-x32\...\GWXStopper_is1) (Version:  - Greatis Software, LLC.)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.)
Image Resizer for Windows (HKLM-x32\...\{0f571b70-6401-48cd-945d-45e2e8b559f8}) (Version: 3.0.4319.33193 - Brice Lambson)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel(R) Processor ID Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.90.0000 - Intel(R) Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Java SE Development Kit 8 Update 92 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180920}) (Version: 8.0.920.14 - Oracle Corporation)
JetBrains PyCharm Community Edition 5.0 (HKLM-x32\...\PyCharm Community Edition 5.0) (Version: 143.589 - JetBrains s.r.o.)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.380 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.380 - Kaspersky Lab) Hidden
Laplink PCmover Image Assistant (HKLM-x32\...\{880C0A42-B220-4136-AC91-A19A6C9B17B9}) (Version: 8.20.635 - Laplink Software, Inc.)
LightZone 4.1.6 (HKLM\...\3263-1164-2624-0047) (Version: 4.1.6 - LightZone Project)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.2.1502 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 (HKLM-x32\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4433.1508 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 5 (HKLM-x32\...\{9be17f19-c737-431d-b922-66cbd4e685f2}) (Version: 12.0.40629.0 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM-x32\...\{7785F029-FBFF-4572-8E1C-596D8A28B548}) (Version: 5.1.09 - Microsoft Research)
Mozilla Firefox 40.0.3 (x86 en-US) (HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Firefox 48.0 (x64 en-US) (HKLM\...\Mozilla Firefox 48.0 (x64 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0 - Mozilla)
MySQL Connector C++ 1.1.7 (HKLM\...\{A4310FCD-95D5-49B7-91BA-9A079F07B167}) (Version: 1.1.7 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{305FFC5F-8338-4F1A-9922-D0DB44E21648}) (Version: 5.1.38 - Oracle Corporation)
MySQL Connector Net 6.9.8 (HKLM-x32\...\{D01DF7C8-6F2D-46BC-923B-418233EB1D14}) (Version: 6.9.8 - Oracle)
MySQL Connector Python v2.1.3 for Python v3.4 (HKLM-x32\...\{90F8BCBF-586B-4439-A756-DB03EE675C04}) (Version: 2.1.3 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{ABC3A516-54E3-414B-B501-762E7FB2F9D5}) (Version: 6.1.6 - Oracle Corporation)
MySQL Connector/ODBC 5.3 (HKLM\...\{17E48BE8-F0F8-42B6-82D3-7A5840694D79}) (Version: 5.3.6 - Oracle Corporation)
MySQL Documents 5.7 (HKLM-x32\...\{E42DA76C-DE7F-4E54-91E1-86A60878F8BF}) (Version: 5.7.12 - Oracle Corporation)
MySQL Examples and Samples 5.7 (HKLM-x32\...\{143A7DCA-E4BB-44DB-8D21-F1164FD491F1}) (Version: 5.7.12 - Oracle Corporation)
MySQL Fabric 1.5.6 & MySQL Utilities 1.5.6 (HKLM-x32\...\{C914EB85-F0E6-4150-9FA0-99B716A15EAF}) (Version: 1.5.6 - Oracle Corporation)
MySQL For Excel 1.3.6 (HKLM-x32\...\{DC8733F3-63A6-43F4-8C38-637071FB6D5F}) (Version: 1.3.6 - Oracle)
MySQL for Visual Studio 1.2.6 (HKLM-x32\...\{D885AD96-9178-4CF2-836C-33AE57A57427}) (Version: 1.2.6 - Oracle)
MySQL Installer - Community (HKLM-x32\...\{E16A1E43-41FF-42F7-8864-D881AA28C1E6}) (Version: 1.4.15.0 - Oracle Corporation)
MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Version: 1.1.6 - Oracle)
MySQL Server 5.7 (HKLM\...\{654D5AEF-3F39-4705-B234-C7E64F659534}) (Version: 5.7.12 - Oracle Corporation)
MySQL Workbench 6.3 CE (HKLM\...\{59958BAC-A61D-4A23-8082-CC2FDF17937F}) (Version: 6.3.6 - Oracle Corporation)
NetBeans IDE 7.4 (HKLM-x32\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4433.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4433.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4433.1508 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Opera Stable 21.0.1432.57 (HKLM-x32\...\Opera 21.0.1432.57) (Version: 21.0.1432.57 - Opera Software ASA)
Opera Stable 28.0.1750.48 (HKLM-x32\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA)
Opera Stable 31.0.1889.99 (HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Opera Stable 36.0.2130.46 (HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\Opera 36.0.2130.46) (Version: 36.0.2130.46 - Opera Software)
Opera Stable 39.0.2256.48 (HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
Opera Stable 40.0.2308.62 (HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\Opera 40.0.2308.62) (Version: 40.0.2308.62 - Opera Software)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.9 - Panda Security)
Paragon Drive Copyâ„¢ 14 Professional (HKLM\...\{24371D30-7CFF-11DE-B053-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PcCloneEX (HKLM-x32\...\PcCloneEX) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.2 - pdfforge GmbH)
PHOTOfunSTUDIO 9.7 PE (HKLM-x32\...\{2A71E3D5-1714-4E8F-88CD-7C06894FA6A2}) (Version: 9.07.707.1033 - Panasonic Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Platform (x32 Version: 1.38 - VIA Technologies, Inc.) Hidden
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PowerShellIntegration.Notifications (x32 Version: 2.6.0.0 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Puran Utilities 3.0 (HKLM\...\Puran Utilities_is1) (Version:  - Puran Software)
Python 2.7.10 (Anaconda 2.3.0 64-bit) (HKLM\...\Python 2.7.10 (Anaconda 2.3.0 64-bit)) (Version: 2.3.0 - Continuum Analytics, Inc.)
Python 3.4.3 (64-bit) (HKLM\...\{9529565f-e693-3f11-b3bf-8cd545f5f9a0}) (Version: 3.4.3150 - Python Software Foundation)
Python 3.5.0a1 (64-bit) (HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\{ebc37270-06c5-4472-b638-c6f1b08fb666}) (Version: 3.5.0.10 - Python Software Foundation)
Python 3.5.0a1 C Runtime (64-bit) (Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.0a1 Core Interpreter (64-bit) (Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.0a1 Development Libraries (64-bit) (Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.0a1 Documentation (64-bit) (Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.0a1 Executables (64-bit) (Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.0a1 Launcher (32-bit) (x32 Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.0a1 pip Bootstrap (64-bit) (Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.0a1 Standard Library (64-bit) (Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.0a1 Tcl/Tk Support (64-bit) (Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.0a1 Test Suite (64-bit) (Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.0a1 Utility Scripts (64-bit) (Version: 3.5.0.10 - Python Software Foundation) Hidden
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 (64-bit) (HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Add to Path (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation)
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
RailsInstaller 3.1.1 (HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\{613C3EA5-1248-4E35-B61A-6D0B31BBC0DB}_is1) (Version: 3.1.1 - RailsInstaller Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.2.0 - Reason Software Company Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
RStudio (HKLM-x32\...\RStudio) (Version: 0.99.489 - RStudio)
Ruby 1.9.3-p545 (HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p545 - RubyInstaller Team)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.15.0 - Seagate)
Seagate DiscWizard (HKLM-x32\...\{FDE52A79-D081-483F-8291-BD180887644C}) (Version: 16.0.5861 - Seagate)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
SILKYPIX Developer Studio 4.3 SE (HKLM-x32\...\{18F34C8F-280E-4B1F-908B-58CE6430E5E3}) (Version: 4 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 4.4 SE (HKLM-x32\...\{73506320-CCDD-46FF-AE91-1032FAAD56F7}) (Version: 4 - Ichikawa Soft Laboratory)
Skypeâ„¢ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Soda Manager (x32 Version: 8.0.0.0 - LULU Software Limited) Hidden
Soda PDF 8 Asian Fonts Pack (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Convert Module (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Create Module (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Edit Module (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Forms Module (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Insert Module (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 OCR Module (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Review Module (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 Secure Module (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Soda PDF 8 View Module (Version: 8.0.44.25306 - LULU Software Limited) Hidden
Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TC2000 v12.4 (HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\1020996830.www.tc2000.com) (Version:  - www.tc2000.com)
TC2000 v16 (HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\TC2000 v16 1.0.0) (Version: 1.0.0 - Worden Brothers, Inc.)
TC2000 v16 (x32 Version: 1.0.0 - Worden Brothers, Inc.) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
UnThreat Free AntiVirus 2014 (HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\UnThreat AntiVirus) (Version: 6.2.37.323 - Scandium Security Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.)
Virtual Disk Driver (HKLM-x32\...\{7E014B78-94DA-4DE6-8226-A674A878F0C7}) (Version: 1.1.2116 - Acronis)
Visual Studio 2013 Update 5 (KB2829760) (HKLM-x32\...\{17551f85-1d1c-4142-a83f-bbd18a3522c2}) (Version: 12.0.40629 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VS Update core components (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.1.5976 - WinISO Computing Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )
YACReader 8.5.0 (HKLM-x32\...\YACReader_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2934600066-496943794-4240687687-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2934600066-496943794-4240687687-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\T\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2934600066-496943794-4240687687-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04FE3547-D596-401B-8CFB-1EF379C32463} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2016-03-29] (Reason Software Company Inc.)
Task: {05BF9B66-5D69-4BF7-B22C-378943AF5C7E} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2016-03-29] (Reason Software Company Inc.)
Task: {068968E5-1961-44A3-A23D-EC294B89029A} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-04-28] (WinZip Computing, S.L.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1143850B-8F72-4BE6-8490-76541BC624A2} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2015-01-13] (IObit)
Task: {1330F95E-2FC6-40E5-A890-4D79B92B960B} - System32\Tasks\Opera scheduled Autoupdate 1390170709 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-21] (Opera Software)
Task: {37896CD7-5EE3-4B65-BF14-CAC84D60B64C} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Troy logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe [2016-06-24] (Auslogics)
Task: {3CB7015C-A427-462F-9EC6-9586FB2D19D6} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2016-03-02] (Oracle Corporation)
Task: {46985712-72AE-4135-BE17-CB0D16013250} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-04-17] (Microsoft Corporation)
Task: {46B0EEEB-7DE3-44BE-9511-63E7E421E430} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-08-19] (Glarysoft Ltd)
Task: {515193B9-2A26-4771-9065-E5349F53D31D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-04-17] (Microsoft Corporation)
Task: {5179F342-12AF-4FBC-8673-C0717ABCC6ED} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)
Task: {64F64DD0-D519-4697-B851-4207D3741709} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2014-09-03] (Oracle Corporation)
Task: {6FE6235A-6798-4670-8BE1-3273B7ADE7E6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2016-09-14] (Microsoft Corporation)
Task: {7247F862-0623-4D4F-9612-534B6562F08A} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoDefrag.exe
Task: {76EBB469-2443-4B5D-A68E-8C55A081ADBA} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-t_dv@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {7BEB78FA-690A-4F1D-ADD0-C4CDDFCC1ABE} - System32\Tasks\FormatPackage_SkipUac_Troy => C:\Program Files (x86)\iFunSoft\Format Package\FormatPackage.exe
Task: {8F6CF312-37BC-47D8-A9EE-F2AC4930438D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {A1CB77B4-403D-4450-8B1B-AAE686648A47} - System32\Tasks\G2MUploadTask-S-1-5-21-2934600066-496943794-4240687687-1001 => C:\Users\T\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A88770B2-3A5B-414E-B83D-AFDB3381D2EC} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-08-19] (Glarysoft Ltd)
Task: {B19145D0-1A4C-451F-952C-841FED377E94} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {BC60DE8E-88A7-48E5-B2CB-1E24CCA083F6} - System32\Tasks\Opera scheduled Autoupdate 1428577164 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-21] (Opera Software)
Task: {BF51850D-EF4A-437E-8714-CF74081B0A37} - System32\Tasks\G2MUpdateTask-S-1-5-21-2934600066-496943794-4240687687-1001 => C:\Users\T\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C2DCF06F-650D-439F-A1AE-CA170251F661} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-08-05] (Adobe Systems Incorporated)
Task: {C499B2AB-70B1-43E9-A61F-CA34EA686549} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {CA3DAF44-BD63-4918-B743-FFE071E99435} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {D3064858-4616-4836-9C32-39C5E6ADD6BF} - System32\Tasks\herdProtectScan => C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe [2014-12-18] (Reason Software Company Inc.)
Task: {D72A5D06-9751-4D05-8FC1-B7C481AF53B7} - System32\Tasks\Microsoft\Office\Office Background Streaming => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-11-22] (Microsoft Corporation)
Task: {F0CC760B-D305-4A4D-B916-D7BECC094438} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2934600066-496943794-4240687687-1001.job => C:\Users\T\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2934600066-496943794-4240687687-1001.job => C:\Users\T\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 1.9.3-p545\Interactive Ruby.lnk -> C:\Ruby193\bin\irb.bat ()
Shortcut: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\Interactive Ruby.lnk -> C:\RailsInstaller\Ruby2.1.0\bin\irb.bat ()

ShortcutWithArgument: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 1.9.3-p545\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Ruby193\bin\setrbvars.bat
ShortcutWithArgument: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RailsInstaller\Command Prompt with Ruby and Rails.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\RailsInstaller\Ruby2.1.0\setup_environment.bat C:\RailsInstaller
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FullHD Video Editor LoiLoScope Download.lnk -> C:\Program Files (x86)\LoiLo\LoiLoScope Download\WebShortcut.exe () -> hxxp://loilo.tv/product/20?partner_id=14

==================== Loaded Modules (Whitelisted) ==============

2016-03-08 07:31 - 2013-03-19 11:07 - 00712288 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2016-03-08 07:31 - 2013-09-03 13:29 - 00111832 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2015-09-08 12:54 - 2016-01-22 16:57 - 00089008 _____ () C:\Windows\System32\cpwmon64.dll
2016-04-17 08:01 - 2012-11-02 19:33 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2016-04-17 08:01 - 2012-11-02 19:32 - 00499264 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2016-04-17 08:01 - 2012-11-02 19:32 - 00601152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2016-04-17 08:03 - 2016-04-17 08:03 - 06522480 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-12 02:49 - 2014-05-12 02:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-01-02 09:16 - 2016-08-22 11:21 - 00254232 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2016-09-30 11:53 - 2016-09-26 09:30 - 25222728 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe
2016-01-02 09:16 - 2016-08-22 11:21 - 00570648 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2015-08-05 16:57 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-05 16:57 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-05 16:57 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-05 16:57 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-06 11:32 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-13 05:09 - 2014-06-06 13:07 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2014-09-13 05:09 - 2014-06-06 13:07 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2014-09-13 05:09 - 2014-06-06 13:07 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2014-09-13 05:09 - 2014-06-06 13:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2016-09-22 09:32 - 2016-09-22 09:31 - 62461208 _____ () C:\Program Files (x86)\Opera\40.0.2308.62\opera.dll
2016-04-17 08:03 - 2016-04-17 08:03 - 06522480 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-09-22 09:32 - 2016-09-22 09:31 - 01812760 _____ () C:\Program Files (x86)\Opera\40.0.2308.62\libglesv2.dll
2016-09-22 09:32 - 2016-09-22 09:31 - 00095000 _____ () C:\Program Files (x86)\Opera\40.0.2308.62\libegl.dll
2015-10-21 15:50 - 2015-10-21 15:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2015-10-21 15:49 - 2015-10-21 15:49 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\T\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\T\Desktop\TFC.exe:BDU [0]
AlternateDataStreams: C:\Users\Troy\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe:BDU [0]
AlternateDataStreams: C:\Users\Troy\Downloads\reason-core-security-setup.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02380077.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\04090050.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49591988.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61766447.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75106628.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83713647.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99344388.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02380077.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\04090050.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49591988.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61766447.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75106628.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83713647.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99344388.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\100sexlinks.com -> 100sexlinks.com

There are 4792 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2016-09-30 09:06 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2934600066-496943794-4240687687-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\T\Pictures\SS\Veronica_Varekova_hot_bikini_693.jpg
HKU\S-1-5-21-2934600066-496943794-4240687687-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Troy\AppData\Local\Microsoft\Windows\Themes\Autumn Co\DesktopBackground\autumnjapan2.jpg
DNS Servers: 192.168.254.254 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Apple Mobile Device => 3
MSCONFIG\Services: Bonjour Service => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: L4301_Solar => 2
MSCONFIG\startupreg: AcronisTibMounterMonitor => c:\program files (x86)\common files\acronis\tibmounter\tibmountermonitor.exe
MSCONFIG\startupreg: Adobe ARM => c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: Adobe Photo Downloader => c:\program files (x86)\adobe\photoshop elements 5.0\apdproxy.exe
MSCONFIG\startupreg: CanonQuickMenu => c:\program files (x86)\canon\quick menu\cnqmmain.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => c:\program files (x86)\canon\solution menu ex\cnsemain.exe /logon
MSCONFIG\startupreg: CCleaner Monitoring => "c:\program files (x86)\ccleaner\ccleaner64.exe" /monitor
MSCONFIG\startupreg: Dashlane => "C:\Users\Troy\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
MSCONFIG\startupreg: DiscWizardMonitor.exe => c:\program files (x86)\seagate\discwizard\discwizardmonitor.exe
MSCONFIG\startupreg: HotKeysCmds => 
MSCONFIG\startupreg: IgfxTray => c:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => 
MSCONFIG\startupreg: OpwareSE4 => c:\program files (x86)\scansoft\omnipagese4.0\opwarese4.exe
MSCONFIG\startupreg: Persistence => 
MSCONFIG\startupreg: PrivDogService => 
MSCONFIG\startupreg: QuickTime Task => 
MSCONFIG\startupreg: RTHDVCPL => "c:\program files\realtek\audio\hda\rtkngui64.exe" -s
MSCONFIG\startupreg: Seagate Scheduler2 Service => "c:\program files (x86)\common files\seagate\schedule2\schedhlp.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "c:\program files\common files\av\spybot - search and destroy\test.exe"
MSCONFIG\startupreg: SSBkgdUpdate => "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe" -embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenu"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "OpwareSE4"
HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "*WerKernelReporting"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "MalTray"
HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\StartupApproved\StartupFolder: => "Webshots.lnk"
HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\StartupApproved\Run: => "hsscp.EXE"
HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\StartupApproved\Run: => "Dashlane"
HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\StartupApproved\Run: => "DashlanePlugin"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{507DE711-E8A4-471D-B3FA-31CD1A06B081}] => (Allow) C:\Program Files (x86)\Laplink\PCmover\pcmover.exe
FirewallRules: [TCP Query User{E13575B3-1DD3-47ED-BA61-DC2AD52AADE2}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{A81E218D-4BDE-40A5-BD8E-CA532D529A91}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{31F9DD07-A82A-4E0D-9CFF-73761B92B3FC}] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{06BCE3AA-E02D-4EAA-877D-57EFDD2EBE2F}] => (Block) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [TCP Query User{8682B4AC-2637-4616-AED9-9E239AAFE829}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Block) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{76E5BC50-044A-4EC6-B5F2-B585E621FC20}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Block) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [TCP Query User{86FBC87D-448D-45CC-A6AE-67615E78B54E}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Block) C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe
FirewallRules: [UDP Query User{07CC04FD-E746-4A73-BF7D-0AC189C120E9}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Block) C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe
FirewallRules: [TCP Query User{79C457D1-BDC7-4F6D-A465-B8A20FDA2AEC}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{33DA73A9-69B8-42CE-8596-95672DEDE5D4}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{E9DA4DD8-7FA7-4512-B0B0-81FC7A3B2407}] => (Block) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{7C0040F2-307D-413B-BB41-885856C156A3}] => (Block) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{ADE41270-8D7A-4D5F-B552-E30FB0DA2E12}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{721AD0A9-5B4F-4F1A-9F1B-E3ED9E7EAE98}C:\program files (x86)\jetbrains\pycharm community edition 5.0\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 5.0\bin\pycharm.exe
FirewallRules: [UDP Query User{5ABD5A95-F917-4D63-B264-ED00E1E6AE1D}C:\program files (x86)\jetbrains\pycharm community edition 5.0\bin\pycharm.exe] => (Allow) C:\program files (x86)\jetbrains\pycharm community edition 5.0\bin\pycharm.exe
FirewallRules: [{CDD93DC3-0369-40E0-B69C-32810147AF9D}] => (Block) C:\program files (x86)\jetbrains\pycharm community edition 5.0\bin\pycharm.exe
FirewallRules: [{629C0C6E-0591-4A63-85E1-95B647B6DF3A}] => (Block) C:\program files (x86)\jetbrains\pycharm community edition 5.0\bin\pycharm.exe
FirewallRules: [TCP Query User{6B0A71C7-78F7-46E5-9928-2C18E43E34E1}C:\anaconda\python.exe] => (Allow) C:\anaconda\python.exe
FirewallRules: [UDP Query User{0EBA5A30-692C-47C0-A76E-4C4EAC7F60F0}C:\anaconda\python.exe] => (Allow) C:\anaconda\python.exe
FirewallRules: [{C9F5ADA0-5210-4017-9F4D-9247964AF8D8}] => (Block) C:\anaconda\python.exe
FirewallRules: [{EF18D83B-3FF3-42D0-ABA3-F8F52D2E2695}] => (Block) C:\anaconda\python.exe
FirewallRules: [{D538FD08-683A-4EA0-B445-C8482CF30E64}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{3F117BEE-249D-4523-B9F1-BB7C794795F7}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{E5E2C1F2-9C3F-40E8-814A-CB5ECFA96F4B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{24E35B38-DA1B-4754-B66D-45E83654E060}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{FF34D697-0408-43CA-BB0E-427A0FA3C24E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{FBD02C0B-C3F5-4D99-B48E-BB19C9853D5B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{C7053F4D-0F25-4BD4-BD91-3FCEDAFE949A}] => (Allow) LPort=3306
FirewallRules: [TCP Query User{F8C29DFE-C751-4F37-9273-3B131B5CD91A}C:\program files\mysql\mysql server 5.7\bin\mysqld.exe] => (Allow) C:\program files\mysql\mysql server 5.7\bin\mysqld.exe
FirewallRules: [UDP Query User{DDFCA1C9-F9D6-4493-A49E-CF9F4FE1F4B6}C:\program files\mysql\mysql server 5.7\bin\mysqld.exe] => (Allow) C:\program files\mysql\mysql server 5.7\bin\mysqld.exe
FirewallRules: [{D2A9E642-10B5-4199-9464-6C88A9587C5A}] => (Block) C:\program files\mysql\mysql server 5.7\bin\mysqld.exe
FirewallRules: [{4124B3D3-4EDE-4DB1-B559-5C7592E55D49}] => (Block) C:\program files\mysql\mysql server 5.7\bin\mysqld.exe
FirewallRules: [{AC887706-FA7F-467A-BACC-38CCE76B95B0}] => (Allow) LPort=33060
FirewallRules: [{3D482534-2B87-4C16-8D81-0AADC924B0EA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{6E7C0D71-C053-4AD3-B067-4B08F645DA91}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DB1AB564-BEA6-4949-B1D3-ADED3BC0B034}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5BF6842F-6BA4-45BA-A453-8B6B6C5BDB26}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{78A7460F-A522-4878-AD6A-6CED773BA2EA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{A0466E91-3BCA-47C2-BB3C-3FC434F3B2C3}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [{B086264B-F2D0-4369-A363-9680EDEA8D3F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [{1FECD6DD-98F1-409F-8B50-2B00994945AD}] => (Allow) LPort=3306
FirewallRules: [{08EFE1C6-886F-4BD8-A631-D4C0889167D2}] => (Allow) LPort=33060
FirewallRules: [{1201666E-461B-4126-A793-41C0B999AA6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D45D6BC1-E2F1-4238-9EC5-8EBF64496C3B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3C4935AF-E59A-4821-A374-30662A130236}C:\program files (x86)\yacreader\yacreaderlibrary.exe] => (Allow) C:\program files (x86)\yacreader\yacreaderlibrary.exe
FirewallRules: [UDP Query User{F33D8D3B-A5FF-403B-927F-46E92ABE7E1D}C:\program files (x86)\yacreader\yacreaderlibrary.exe] => (Allow) C:\program files (x86)\yacreader\yacreaderlibrary.exe
FirewallRules: [{FB4C855A-ABC6-4E33-ABC1-3F1B86E9E0C7}] => (Block) C:\program files (x86)\yacreader\yacreaderlibrary.exe
FirewallRules: [{41CAC06A-C886-42EF-BA10-7DE742538451}] => (Block) C:\program files (x86)\yacreader\yacreaderlibrary.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

20-09-2016 10:17:02 JRT Pre-Junkware Removal
20-09-2016 10:28:37 09202016
22-09-2016 11:13:05 JRT Pre-Junkware Removal
23-09-2016 11:50:53 Installed Sophos Virus Removal Tool.
24-09-2016 12:19:42 09242016
24-09-2016 17:14:17 Avira System Speedup 2.6.5
24-09-2016 17:24:19 Avira System Speedup Optimization
24-09-2016 18:55:37 JRT Pre-Junkware Removal
25-09-2016 08:24:23 Revo Uninstaller's restore point - Free Window Registry Repair
25-09-2016 08:27:10 Revo Uninstaller's restore point - ESET Online Scanner v3
25-09-2016 08:31:16 Revo Uninstaller's restore point - Dashlane
25-09-2016 08:32:18 Revo Uninstaller's restore point - Diskeeper 2011 
25-09-2016 08:32:38 Removed Diskeeper 2011 .
25-09-2016 08:33:27 Revo Uninstaller's restore point - COMODO Antivirus
25-09-2016 08:34:44 Revo Uninstaller's restore point - Free Window Registry Repair
25-09-2016 08:35:52 Revo Uninstaller's restore point - Malware Hunter 1.18.0.32
25-09-2016 08:37:01 Revo Uninstaller's restore point - Free Window Registry Repair
25-09-2016 09:21:42 Revo Uninstaller's restore point - Greenshot 1.2.8.12
25-09-2016 09:23:20 Revo Uninstaller's restore point - TC2000 Version 7
25-09-2016 16:07:03 Avira System Speedup Optimization
25-09-2016 16:08:45 Avira System Speedup Optimization
25-09-2016 17:05:20 Revo Uninstaller's restore point - Mozilla Firefox 43.0.4 (x86 en-US)
26-09-2016 13:37:31 Avira System Speedup Optimization
28-09-2016 22:23:16 Avira System Speedup Optimization

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2016 11:37:16 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5396) Instance: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb00002.log.

Error: (09/30/2016 09:57:20 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\portable\1 compBACK\1 1desktop\1 1LEFT\! antivirus\ESET\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (09/30/2016 09:05:33 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (09/30/2016 09:04:38 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (09/30/2016 09:02:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000002364BD0

Error: (09/29/2016 10:29:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\T\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (09/29/2016 10:29:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\T\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (09/29/2016 10:29:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\T\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (09/29/2016 10:29:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\T\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (09/29/2016 10:28:12 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error


System errors:
=============
Error: (10/01/2016 10:01:39 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer T-L855AWAY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D06DB0AC-FF3D-4349-B6DB-F25A12C4A39A}.
The master browser is stopping or an election is being forced.

Error: (09/30/2016 10:43:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/30/2016 11:11:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys

Error: (09/30/2016 11:08:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira System Speedup service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/30/2016 09:56:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/30/2016 09:18:36 AM) (Source: DCOM) (EventID: 10016) (User: troy-Home)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user troy-Home\T SID (S-1-5-21-2934600066-496943794-4240687687-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/30/2016 09:08:14 AM) (Source: DCOM) (EventID: 10016) (User: troy-Home)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user troy-Home\T SID (S-1-5-21-2934600066-496943794-4240687687-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/30/2016 09:08:14 AM) (Source: DCOM) (EventID: 10016) (User: troy-Home)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user troy-Home\T SID (S-1-5-21-2934600066-496943794-4240687687-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/30/2016 09:08:14 AM) (Source: DCOM) (EventID: 10016) (User: troy-Home)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user troy-Home\T SID (S-1-5-21-2934600066-496943794-4240687687-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/30/2016 09:08:13 AM) (Source: DCOM) (EventID: 10016) (User: troy-Home)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user troy-Home\T SID (S-1-5-21-2934600066-496943794-4240687687-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 36%
Total physical RAM: 15554.14 MB
Available physical RAM: 9808.24 MB
Total Virtual: 17026.14 MB
Available Virtual: 11593.63 MB

==================== Drives ================================

Drive c: (susie home) (Fixed) (Total:1863.02 GB) (Free:515.55 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

is this it:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016
Ran by Troy (administrator) on TROY-HOME (01-10-2016 11:39:11)
Running from C:\Users\T\Desktop
Loaded Profiles: T & Troy (Available Profiles: T & Troy)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.62\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.62\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.62\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.62\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.62\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.62\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.62\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.62\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\40.0.2308.62\opera.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2016-01-30] (Realtek Semiconductor)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Seagate)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [18536 2016-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382568 2015-03-12] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2934600066-496943794-4240687687-1001\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-2934600066-496943794-4240687687-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\Webshots\3.1.5.7619\Webshots.scr [3474848 2010-07-27] (Webshots.com)
HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-08-19] (Glarysoft Ltd)
HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\RunOnce: [HDMLauncher] => C:\Program Files\Paragon Software\Drive Copy 14 Professional\program\launcher.exe [524040 2013-12-09] (Paragon Software Group)
HKU\S-1-5-21-2934600066-496943794-4240687687-1003\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2934600066-496943794-4240687687-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} =>  No File
Startup: C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2016-09-25]
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{A7E2022A-90E8-4812-AF51-ECB9E229A8FA}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{D06DB0AC-FF3D-4349-B6DB-F25A12C4A39A}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{F5FB75B4-C459-462C-987A-5D207E2A416E}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2934600066-496943794-4240687687-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com
HKU\S-1-5-21-2934600066-496943794-4240687687-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2934600066-496943794-4240687687-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {3A1405E9-6900-4da2-A6FF-859098571985} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKLM-x32 -> {764B0EA0-5AAA-46d0-95AF-7842AE6B9CAE} URL = hxxp://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
SearchScopes: HKU\S-1-5-21-2934600066-496943794-4240687687-1001 -> {F6B74FAF-EDA7-4610-90C6-10923E842010} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-08-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-17] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-27] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-17] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-17] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\id0tdt7j.default-1470508564941
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-31] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-31] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-04-17] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: Soda PDF 8 -> C:\Program Files (x86)\Soda PDF 8\np-previewer.dll [2015-10-10] (LULU SOFTWARE LIMITED)
FF Plugin HKU\S-1-5-21-2934600066-496943794-4240687687-1001: @citrixonline.com/appdetectorplugin -> C:\Users\T\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-2934600066-496943794-4240687687-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2016-09-28] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2934600066-496943794-4240687687-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2016-09-28] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2934600066-496943794-4240687687-1003: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2016-09-28] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2934600066-496943794-4240687687-1003: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2016-09-28] (TD Ameritrade)
FF HKLM\...\Firefox\Extensions: [soda_pdf_8_conv@sodapdf.com] - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension
FF Extension: (Soda PDF 8 Creator) - C:\Program Files\Soda PDF 8\resources\sodapdf8firefoxextension [2015-12-06] [not signed]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Disconnect) - C:\Users\Troy\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2016-04-21]
OPR Extension: (DotVPN - Free and Secure VPN) - C:\Users\Troy\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2016-09-30]
OPR Extension: (Download YouTube Videos as MP4) - C:\Users\Troy\AppData\Roaming\Opera Software\Opera Stable\Extensions\maeombkgfpjdnjkhohbjachnnmpbipol [2016-09-30]
OPR Extension: (Security Plus) - C:\Users\Troy\AppData\Roaming\Opera Software\Opera Stable\Extensions\nehfgadllkddpmpbcmelkoaibekdgodk [2016-07-27]
StartMenuInternet: (HKU\S-1-5-21-2934600066-496943794-4240687687-1001) OperaStable - "C:\Program Files (x86)\Opera\Launcher.exe"
StartMenuInternet: (HKU\S-1-5-21-2934600066-496943794-4240687687-1003) OperaStable - "C:\Program Files (x86)\Opera\Launcher.exe"

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AcrSch2Svc; C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [1128544 2013-10-30] (Seagate)
S3 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
S3 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
S3 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2013-08-16] (Microsoft Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [346928 2016-08-24] (Avira Operations GmbH & Co. KG)
S3 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd)
S4 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-03-02] ()
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
S3 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-09-25] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-05-30] (Intel Corporation)
S3 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
S3 MYSQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [39695360 2016-03-28] () [File not signed]
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1817704 2012-11-22] (Microsoft Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-08-11] (Paramount Software UK Ltd)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [254232 2016-08-22] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [90392 2016-03-29] (Reason Software Company Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [15552 2012-11-08] (Seagate Technology LLC)
S3 Soda PDF 8; C:\Program Files\Soda PDF 8\ws.exe [2242840 2015-10-10] (LULU SOFTWARE LIMITED)
S3 Soda PDF 8 CrashHandler; C:\Program Files\Soda PDF 8\crash-handler-ws.exe [920344 2015-10-10] (LULU SOFTWARE LIMITED)
S3 Soda PDF 8 Creator; C:\Program Files\Soda PDF 8\creator-ws.exe [733464 2015-10-10] (LULU SOFTWARE LIMITED)
S2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [26632 2016-09-05] (Avira Operations GmbH & Co. KG)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 WPSService20; C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2015-08-04] (Glarysoft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-07] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-10-10] (Glarysoft Ltd)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-03-06] (REALiX(tm))
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-10-16] (Corel Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
S3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Resplendence Software Projects Sp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-03-06] (Synaptics Incorporated)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-09-27] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-09-27] (Acronis)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-30] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2013-12-09] ()
R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2013-12-09] ()
R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700680 2013-12-09] ()
S2 VBoxAswDrv; no ImagePath
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-09-29] (Acronis International GmbH)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2016-05-11] (WinISO.com)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [305664 2016-03-06] (VIA Technologies, Inc.)
S1 ihallakd; \??\C:\Windows\system32\drivers\ihallakd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys A460C3AF3755A2A79A3C8EFE72E147B5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys FE14D249D39368CA62D8DA6BC94AC694
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\system32\DRIVERS\asyncmac.sys 3DB7721F06BC2FEDB25029EA23AB27DA
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\System32\DRIVERS\avc3.sys AAE1DAE483DD57D0E267FCA42FCB5133
C:\Windows\System32\DRIVERS\avckf.sys 8183B715BD56561C27BEBB68B1192B7A
C:\Windows\system32\DRIVERS\ax88772.sys 943B743BEA5AE4EEA43250FFCC99C522
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys C0247341C1BCD7FF2742821D0AD7AFBC
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\drivers\BootDefragDriver.sys 0A7F269E6D58A8814105150B4F7F5021
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\Windows\System32\drivers\bthhfenum.sys 272A62B660A48AEF366F8A1836CED19F
C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\Windows\System32\drivers\bthmodem.sys 07E33226AD218A2A162662A05CAFB52F
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\Windows\System32\drivers\CLFS.sys 8EB7E70C2D348FE2476A2E3F2D585E3D
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 5CBF8B3E27D824D2AA2A34AFB406F1D0
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\drivers\dam.sys 389C998C64319CD97625B0550E52ECFA
C:\Windows\System32\Drivers\dfsc.sys 5408A71E47FF21E357192FD4126B3002
C:\Windows\System32\drivers\disk.sys 8B1E62881D5AC68E673CD94B136B34AC
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94
C:\Windows\System32\drivers\dxgkrnl.sys F74B839FA0F4E6060CA1DA6B8DA17941
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\DRIVERS\EsgScanner.sys 3B32CAA07D672F8A2E0DF5CB3A873F45
C:\Windows\System32\drivers\eubakup.sys 83EF0C33B56360761AE2DDB86E47B2E8
C:\Windows\System32\drivers\EUBKMON.sys CCF2072C27B5F84447A0829014C43760
C:\Windows\system32\drivers\eudskacs.sys 44A0838432C8A31A5D6CBE0BF348CED6
C:\Windows\system32\drivers\EuFdDisk.sys D05585505CB20235E7C665158464551D
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A
C:\Windows\System32\DRIVERS\fltsrv.sys C06AF3D1E7CA6868A6A3064CE6907C4A
C:\Windows\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\DRIVERS\fvevol.sys D4AB6EE3D715BC44C00277FD934FAACF
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\drivers\gfiark.sys 4EA5458FCA8518344686C543749365B1
C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\Windows\System32\drivers\GUBootStartup.sys C06C3D6C5A0805B314E3E940632C97CB
C:\Windows\System32\DRIVERS\gzflt.sys 408B664926675C270D911160F1631D6B
C:\Windows\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593
C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidbth.sys 42F88B57CAE42FC10059C887B3FCFCEA
C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\Windows\System32\drivers\hidusb.sys 49676FEC898AB2A11B157F848269A56E
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\system32\DRIVERS\hssdrv6.sys 0063ACEBB5BBE8C563A6ADB09155E644
C:\Windows\System32\drivers\HTTP.sys E87A6D3B8FECD5B93BC0CFBB48C27970
C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS EF558A02D734A1403583E95CCEEC2487
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\Windows\System32\drivers\iaStorA.sys 5F6CA62BE8ECC4D0E1F5D4D4A02B456B
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\system32\DRIVERS\igdkmd64.sys 4FF82F969789F5F87937F304958AD536
C:\Windows\system32\drivers\intelaud.sys 41CD73C13FCAEA4942F0CF7608B7530F
C:\Windows\system32\drivers\RTKVHD64.sys 39200ECEFB50612B13B5D16545BEB201
C:\Windows\system32\DRIVERS\IntcDAud.sys 8AEEE0F4D210B61F917CFEA9653973C4
C:\Windows\system32\DRIVERS\IntelHaxm.sys C02FD35184CEA3A65DEE7DE278699BBC
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelpep.sys 7AA01AB1C110916825E6E1389F1B9AF2
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys C800DCD904016B2BF6AB541083770A3A
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E
C:\Windows\System32\drivers\iwdbus.sys 48B904D31F2369D7B0122617038D3F5B
C:\Windows\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE
C:\Windows\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys 304DA394D958BC3B62AF6DF514005B01
C:\Windows\System32\Drivers\ksecpkg.sys 3D4AE520CD6F6FFE549DD195C1F515BE
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\TeeDriverW8x64.sys 84178491109A97D0A0CFF0840A644CD9
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930
C:\Windows\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA
C:\Windows\System32\drivers\mountmgr.sys 24DABC0A77FAFDC0E379AB3B30F61BB6
C:\Windows\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC
C:\Windows\system32\drivers\mrxdav.sys D2AC8F07995CE6CD18848C129435B481
C:\Windows\System32\DRIVERS\mrxsmb.sys 3AF30CEB99E581E2FADA0B5FC4B551D8
C:\Windows\System32\DRIVERS\mrxsmb10.sys 15D7AF1A26CCEBA32DF21A8E2098F463
C:\Windows\System32\DRIVERS\mrxsmb20.sys 0790EEB1EC199F8BE8259E47B373ED23
C:\Windows\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\Windows\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113
C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 438EA7A2D8D4F9B8AFB64748ACA70BA8
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\system32\DRIVERS\nwifi.sys 008F7CED69FD5B30CBDE1E03C6F36A27
C:\Windows\System32\drivers\ndis.sys 97DC5967F65503213FD1F1B3E4A6F983
C:\Windows\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322
C:\Windows\system32\DRIVERS\ndistapi.sys DC1D9F692C2AD84C214584C28501C1F7
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\Windows\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE
C:\Windows\System32\Drivers\NDProxy.sys B8F36CBC72FC5C8B8A30AD850165EA8E
C:\Windows\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B
C:\Windows\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A
C:\Windows\System32\DRIVERS\netbt.sys 9DC17B7D9D84C37C102D379FCC7D4942
C:\Windows\System32\drivers\netvsc63.sys 3C9C11DFF7C8C4384D22972ED75398D6
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541
C:\Windows\System32\Drivers\Ntfs.sys 9980B262DBE439AE6BDC91AA985F19EE
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 57DCE4FB0467986AE78E1C6FC5240D32
C:\Windows\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4
C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys ED54A75050211DC77F9B98C41E026858
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\system32\DRIVERS\raspptp.sys E075CC071022BD4E9BE7C024717C0E0A
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5
C:\Windows\System32\DRIVERS\PSKMAD.sys D271C14EE0EEEA27359CD9E14E49F0DE
C:\Windows\System32\pwdrvio.sys C32ECB99AD25E9A04F01C8665DF29EF8
C:\Windows\system32\pwdspio.sys D619356B955EEFA642F5FF72755E8B3C
C:\Windows\System32\drivers\PxHlpa64.sys 07D57B890DD5693A6AB660CBAE8F91B4
C:\Windows\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1
C:\Windows\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F
C:\Windows\system32\DRIVERS\AgileVpn.sys D5ECE7E7F349EB3C4B152AFF3577280D
C:\Windows\system32\DRIVERS\rasl2tp.sys 235624C147E3CB4C288D5D3D8E8D64A2
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\system32\DRIVERS\rassstp.sys 41F631007A158FEBB67F0E2AD1601BBA
C:\Windows\system32\drivers\rawdsk3.sys BF8E07F564BFEF9F99F16AC0A2A127D0
C:\Windows\System32\DRIVERS\rdbss.sys D67ED4AB59D1EF66B05AD1A81AC28B26
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64
C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys 615DFD97DEA56CE1C3A52185A3038FF8
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\System32\DRIVERS\rspSanity64.sys 68F242EA45FF2AAC1012A9765A97DC7D
C:\Windows\system32\DRIVERS\Rt630x64.sys E678EDBCBAEDFDA0B114DBAAF5970DC5
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Program Files\Sandboxie\SbieDrv.sys ECADB026023BF6E200A552E4EA700F47
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys 13BEA6C882D4D877A5A85CA149C86BC1
C:\Windows\System32\drivers\sdbus.sys C54B6B2170BF628FD42F799A66956D75
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 1F0135949A6AD6025F363F80FE268251
C:\Windows\System32\drivers\serial.sys 81633C87B42B63BA484A6177179AC750
C:\Windows\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 306B85DED59949398718220157856A42
C:\Windows\System32\DRIVERS\snapman.sys E3E56CAF0472163871B922FC7CBC9654
C:\Windows\System32\drivers\spaceport.sys B312191DCBECE3C07DF9A99DE433B126
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 36B082C7A764A34FB1DC72D975870B61
C:\Windows\System32\DRIVERS\srv2.sys F5849909D4B29B4E3D4445F943E5C7E3
C:\Windows\System32\DRIVERS\srvnet.sys FABC49666708EA562549E78E6FBF3191
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34
C:\Windows\System32\drivers\stornvme.sys 0EDD1F4D470C775740625B06A60C9DD5
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43
C:\Windows\system32\DRIVERS\taphss6.sys DA0780D55E8CF724CF3EF7CCF0F0DB67
C:\Windows\System32\drivers\tcpip.sys 1C8560E3A37A9D4F25B7769C3E3D4163
C:\Windows\system32\DRIVERS\tcpip.sys 1C8560E3A37A9D4F25B7769C3E3D4163
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdrpman.sys AC28A6FCA485821499FF018695CEDE16
C:\Windows\system32\DRIVERS\tdx.sys E0BD2D83875464FEEEB242CBA8B7E073
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\System32\DRIVERS\tib.sys DE604462206F7D8C203F767F425FCA8D
C:\Windows\System32\DRIVERS\tib_mounter.sys 8C750FE6DE38AF13506B99EC2F519F79
C:\Windows\system32\drivers\tpm.sys 80A2FC1A089A71F2DBE5D8394FFB009F
C:\Windows\System32\drivers\TrueSight.sys 0D5A09B08568760AE85A801FCBC0F83D
C:\Windows\System32\DRIVERS\trufos.sys 132C0E39AF0312E6B9611E2E1B344D41
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99
C:\Windows\system32\DRIVERS\tunnel.sys E85916632CD3B9E9B546968DB950BF42
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49
C:\Windows\System32\DRIVERS\udfs.sys C61EAF8E1E4B2F62BA4FDF457440B2C6
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\UimBus.sys 5E3047453D4E66E40323E8417D069D29
C:\Windows\System32\drivers\uim_devim.sys 9EB99A4381677FB7A913DD69A691F8A6
C:\Windows\System32\drivers\uim_im.sys 8D9D8AC772613302D2CC54847E943DBB
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\system32\drivers\usbaudio.sys DF355EB0199198728027962DCFCDE5FB
C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\Windows\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40
C:\Windows\System32\drivers\usbehci.sys C996CBEF922B5653A01E3F50DDCE2F86
C:\Windows\System32\drivers\usbhub.sys CD81683F4553677B9BF5163A922153EB
C:\Windows\System32\drivers\UsbHub3.sys 5C90D5379B53590FBB24BBAD4FA682EE
C:\Windows\System32\drivers\usbohci.sys A0F0484C97D6441ED6A75D7426ECCC9E
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\usbscan.sys 0F030491BA4A27BD46F8B8ACEEE83F1A
C:\Windows\System32\drivers\USBSTOR.SYS 9D168BFA334D47BE404367EB58D4E130
C:\Windows\System32\drivers\usbuhci.sys FC974B03C8B87455F44F734C8F31A3C8
C:\Windows\System32\drivers\USBXHCI.SYS 44603DA5A87FB491EF59C889EBBB4DDB
C:\Windows\system32\DRIVERS\VBoxDrv.sys CDA796F41C2B64CEEC143B3A86904CFB
C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 8CD776EB77695524CCE594AAC3A71569
C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 39D80811EB7E87CD7F682A3124693CBA
C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 248C6ADD9467AF319D1882A5E8B12966
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys 5DB4AFA10A488EC4DDB3DA09B0425BE5
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\DRIVERS\vididr.sys 35E8A18D1C558D5C2FF2FFED2FD396F6
C:\Windows\System32\DRIVERS\vidsflt.sys 0DCD5C8F2E0B3650C4A29F6569C074FD
C:\Windows\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\volmgr.sys 436E1A724E7E683F6B612D3D58F04241
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 17F7B0F2298D97F4B6C7A69511033D3D
C:\Windows\System32\drivers\vpci.sys DAC438FB5FF85A9E72806E2341D5D732
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\ViaHub3.sys 19AD122244A1C8E16B3427A5CAE473A1
C:\Windows\System32\drivers\vwifibus.sys 71066FF95C487327E44C8AF1B72EBE8B
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\DRIVERS\wanarp.sys 23006D660C0E54BF1CE8253E15F5E995
C:\Windows\system32\DRIVERS\wanarp.sys 23006D660C0E54BF1CE8253E15F5E995
C:\Windows\system32\drivers\WdBoot.sys 81285DDC994F03379DB46419300B2DCB
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\system32\drivers\WdFilter.sys 26B8FED3F3B85F5F0C4BD03FD00B9941
C:\Windows\System32\Drivers\WdNisDrv.sys CE67080F00E0AF32755096CEA6430ABA
C:\Windows\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5
C:\Windows\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620
C:\Windows\System32\drivers\WinisoCDBus.sys BC67C1E4B36063968E54C3B2E4DB8978
C:\Windows\System32\drivers\WinUsb.sys 3AF1FA17F1C4ACBDB660D8F98B1A9C13
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\Windows\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845
C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\xhcdrv.sys 95B57143459F70DBE79D9E6E389C3F33

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-01 11:39 - 2016-10-01 11:40 - 00051927 _____ C:\Users\T\Desktop\FRST.txt
2016-10-01 11:37 - 2016-10-01 11:38 - 02404352 _____ (Farbar) C:\Users\T\Desktop\FRST64.exe
2016-10-01 11:36 - 2016-10-01 11:36 - 00001054 _____ C:\Users\T\Desktop\MB results 10012016.txt
2016-10-01 10:50 - 2016-10-01 10:50 - 00000348 _____ C:\Users\T\Desktop\TGO.url
2016-10-01 10:33 - 2016-10-01 10:33 - 00000088 ____H C:\Users\T\Desktop\.~lock.Questions for Corey.txt#
2016-10-01 09:59 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-01 09:59 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-01 09:59 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-01 09:58 - 2016-10-01 09:58 - 00003792 _____ C:\Users\T\Desktop\Rkill_10012016.txt
2016-10-01 09:57 - 2016-10-01 09:57 - 00003792 _____ C:\Users\Troy\Desktop\Rkill_10012016.txt
2016-10-01 09:56 - 2016-10-01 09:56 - 00003792 _____ C:\Users\Troy\Desktop\Rkill10012016.txt
2016-10-01 09:49 - 2016-10-01 09:57 - 00003792 _____ C:\Users\Troy\Desktop\Rkill.txt
2016-10-01 09:30 - 2016-10-01 09:30 - 00002481 _____ C:\Users\T\Desktop\Revolutionary Indicators Reveal Tops & Bottoms.mp4 - Shortcut.lnk
2016-10-01 09:30 - 2016-10-01 09:30 - 00002201 _____ C:\Users\T\Desktop\The Next Big Short.mp4 - Shortcut.lnk
2016-10-01 00:05 - 2016-10-01 11:05 - 00001106 _____ C:\Windows\ntbtlog.txt
2016-09-30 11:53 - 2016-09-30 11:53 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-09-30 11:11 - 2015-01-29 19:21 - 00050320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-09-30 10:59 - 2016-10-01 09:43 - 00000191 _____ C:\Users\T\Desktop\MB forum.url
2016-09-30 10:33 - 2016-09-30 10:33 - 00000183 _____ C:\Users\T\Desktop\Matt Steele.url
2016-09-30 10:29 - 2016-09-30 10:09 - 00251535 _____ C:\Users\T\Desktop\BEM Financials 8.2016.pdf
2016-09-30 10:06 - 2016-10-01 10:33 - 00004094 _____ C:\Users\T\Desktop\Questions for Corey.txt
2016-09-29 22:29 - 2016-09-29 22:29 - 00000000 ____D C:\Program Files (x86)\ESET
2016-09-29 11:15 - 2016-09-29 11:15 - 00000200 _____ C:\Users\T\Desktop\Bit2.url
2016-09-29 11:08 - 2016-09-29 11:09 - 00000188 _____ C:\Users\T\Desktop\Bit.url
2016-09-29 10:13 - 2016-09-29 10:13 - 00000150 _____ C:\Users\T\Desktop\energy.url
2016-09-29 08:57 - 2016-09-29 08:57 - 00001586 _____ C:\Users\T\Desktop\! computer2.lnk
2016-09-28 12:23 - 2016-09-28 12:28 - 00041426 _____ C:\Windows\SysWOW64\Defrag.debuglog
2016-09-28 12:19 - 2016-09-28 12:20 - 11974783 _____ C:\Users\T\Desktop\learn_enough_html.pdf
2016-09-28 09:01 - 2016-09-20 10:09 - 00448512 _____ (OldTimer Tools) C:\Users\T\Desktop\TFC.exe
2016-09-27 12:03 - 2016-09-27 12:03 - 00000193 _____ C:\Users\T\Desktop\beds.url
2016-09-26 21:00 - 2016-09-26 21:01 - 00000156 _____ C:\Users\T\Desktop\Ca screener.url
2016-09-26 16:20 - 2016-09-26 16:20 - 00110987 _____ C:\Users\T\Desktop\Money Press 3rd Qtr 2016.xlsx
2016-09-26 14:48 - 2016-09-26 14:48 - 00002338 _____ C:\Users\T\Desktop\Simpler Trading- Game Changer Webinar.mp4 - Shortcut.lnk
2016-09-26 12:57 - 2016-09-26 12:57 - 00000148 _____ C:\Users\T\Desktop\MPP.url
2016-09-25 19:20 - 2016-09-25 19:20 - 00010476 _____ C:\Users\Troy\Documents\cc_20160925_192012.reg
2016-09-25 16:00 - 2016-09-25 16:00 - 76312576 _____ C:\Windows\system32\config\PuranRegCCOM.pur
2016-09-25 16:00 - 2016-09-25 16:00 - 34660352 _____ C:\Windows\system32\config\PuranRegCSys.pur
2016-09-25 16:00 - 2016-09-25 16:00 - 150945792 _____ C:\Windows\system32\config\PuranRegCSoft.pur
2016-09-25 16:00 - 2016-09-25 16:00 - 06295552 _____ C:\Windows\system32\config\PuranRegCDefault.pur
2016-09-25 16:00 - 2016-09-25 16:00 - 05992448 _____ C:\Windows\system32\config\PuranRegCUser.pur
2016-09-25 16:00 - 2016-09-25 16:00 - 05369856 _____ C:\Windows\system32\config\PuranRegCUserClass.pur
2016-09-25 16:00 - 2016-09-25 16:00 - 00196608 _____ C:\Windows\system32\config\PuranRegCNetwork.pur
2016-09-25 16:00 - 2016-09-25 16:00 - 00143360 _____ C:\Windows\system32\config\PuranRegCLocal.pur
2016-09-25 16:00 - 2016-09-25 16:00 - 00094208 _____ C:\Windows\system32\config\PuranRegCSam.pur
2016-09-25 16:00 - 2016-09-25 16:00 - 00024576 _____ C:\Windows\system32\config\PuranRegCBCD.pur
2016-09-25 08:19 - 2016-09-25 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-09-25 08:19 - 2016-09-25 08:19 - 00000000 ____D C:\Program Files\VS Revo Group
2016-09-24 17:59 - 2016-09-24 17:59 - 00017850 _____ C:\Users\Troy\Documents\cc_20160924_175915.reg
2016-09-24 17:13 - 2016-09-30 09:05 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-09-24 09:10 - 2016-09-24 09:10 - 00000339 _____ C:\Users\T\Desktop\THEO_indicator.txt
2016-09-23 22:29 - 2016-09-25 09:30 - 177520640 _____ C:\Windows\system32\config\BPuranRegSoft.pur
2016-09-23 22:29 - 2016-09-25 09:30 - 06705152 _____ C:\Windows\system32\config\BPuranRegDefault.pur
2016-09-23 22:29 - 2016-09-25 09:30 - 00225280 _____ C:\Windows\system32\config\BPuranRegNetwork.pur
2016-09-23 22:29 - 2016-09-25 09:30 - 00155648 _____ C:\Windows\system32\config\BPuranRegLocal.pur
2016-09-23 22:29 - 2016-09-25 09:30 - 00102400 _____ C:\Windows\system32\config\BPuranRegSam.pur
2016-09-23 22:29 - 2016-09-25 09:27 - 12582912 _____ C:\Windows\system32\config\BPuranRegUserClass.pur
2016-09-23 22:29 - 2016-09-25 09:27 - 06815744 _____ C:\Windows\system32\config\BPuranRegUser.pur
2016-09-23 11:56 - 2016-09-23 11:56 - 00000000 ____D C:\ProgramData\Sophos
2016-09-22 22:36 - 2016-09-22 22:36 - 00000157 _____ C:\Users\T\Desktop\Cuba.url
2016-09-22 11:33 - 2016-09-22 11:33 - 00001555 _____ C:\Users\T\Desktop\Bowser.lnk
2016-09-22 09:35 - 2016-09-22 09:35 - 00435023 _____ C:\Users\T\Desktop\Power_Profit_Trades_-_How_To_Double_Your_Money.pdf
2016-09-22 09:32 - 2016-09-22 09:32 - 00001157 _____ C:\Users\T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-21 09:28 - 2016-09-21 09:28 - 00001742 _____ C:\Users\T\Desktop\BM List2.xls - Shortcut.lnk
2016-09-21 07:48 - 2016-09-21 07:48 - 00000235 _____ C:\Users\T\Desktop\Nasdaq most.url
2016-09-20 23:14 - 2016-09-20 23:14 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-09-20 23:14 - 2016-09-20 23:14 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-09-20 23:14 - 2016-09-20 23:14 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-09-20 23:14 - 2016-09-20 23:14 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-09-20 23:14 - 2016-09-20 23:14 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-09-20 23:14 - 2016-09-20 23:14 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-09-20 23:02 - 2016-09-20 23:02 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-09-20 23:02 - 2016-09-20 23:02 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-09-20 23:02 - 2016-09-20 23:02 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml
2016-09-20 23:02 - 2016-09-20 23:02 - 00420184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-09-20 23:02 - 2016-09-20 23:02 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2016-09-20 23:02 - 2016-09-20 23:02 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
2016-09-20 23:02 - 2016-09-20 23:02 - 00162850 _____ C:\Windows\system32\C_932.NLS
2016-09-20 23:02 - 2016-09-20 23:02 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
2016-09-20 23:02 - 2016-09-20 23:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-09-20 23:02 - 2016-09-20 23:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2016-09-20 23:02 - 2016-09-20 23:02 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2016-09-20 23:02 - 2016-09-20 23:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
2016-09-20 23:02 - 2016-09-20 23:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
2016-09-20 22:57 - 2016-09-20 22:57 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-09-20 22:57 - 2016-09-20 22:57 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-09-20 22:57 - 2016-09-20 22:57 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-09-20 22:57 - 2016-09-20 22:57 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-09-20 22:57 - 2016-09-20 22:57 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-09-20 22:57 - 2016-09-20 22:57 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-20 22:57 - 2016-09-20 22:57 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-09-20 22:57 - 2016-09-20 22:57 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-20 22:57 - 2016-09-20 22:57 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-09-20 22:57 - 2016-09-20 22:57 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-09-20 22:57 - 2016-09-20 22:57 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2016-09-20 22:57 - 2016-09-20 22:57 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2016-09-20 22:23 - 2016-09-20 22:23 - 00000217 _____ C:\Users\T\Desktop\Total Theo.url
2016-09-20 22:15 - 2016-09-20 22:15 - 00001053 _____ C:\MB09202016.txt
2016-09-20 11:42 - 2016-09-20 11:42 - 00000349 _____ C:\Users\T\Desktop\bar keeper.url
2016-09-20 10:01 - 2016-09-20 10:01 - 00001966 _____ C:\Users\T\Desktop\BEM accounting questions.doc - Shortcut.lnk
2016-09-20 08:36 - 2016-09-20 08:36 - 00001699 _____ C:\Users\T\Desktop\! data - Shortcut.lnk
2016-09-20 08:36 - 2016-09-20 08:36 - 00001617 _____ C:\Users\T\Desktop\More data stuff - Shortcut.lnk
2016-09-20 08:36 - 2016-09-20 08:36 - 00001566 _____ C:\Users\T\Desktop\BC2.lnk
2016-09-20 08:35 - 2016-09-20 08:35 - 00001606 _____ C:\Users\T\Desktop\Trade reading - Shortcut.lnk
2016-09-20 08:35 - 2016-09-20 08:35 - 00001546 _____ C:\Users\T\Desktop\! rails - Shortcut.lnk
2016-09-20 08:35 - 2016-09-20 08:35 - 00001526 _____ C:\Users\T\Desktop\Trade - Shortcut.lnk
2016-09-20 08:34 - 2016-09-20 08:34 - 00001404 _____ C:\Users\T\Desktop\Ho.lnk
2016-09-19 11:48 - 2016-09-19 11:48 - 00001402 _____ C:\Users\T\Desktop\Trade course.lnk
2016-09-19 11:47 - 2016-09-19 11:47 - 00001524 _____ C:\Users\T\Desktop\! TOS - Shortcut.lnk
2016-09-19 11:46 - 2016-09-19 11:46 - 00001347 _____ C:\Users\T\Desktop\! Extra Stuff - Shortcut.lnk
2016-09-19 05:17 - 2016-10-01 10:44 - 00000558 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2934600066-496943794-4240687687-1001.job
2016-09-19 05:17 - 2016-10-01 09:47 - 00000654 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2934600066-496943794-4240687687-1001.job
2016-09-17 08:46 - 2016-09-17 12:26 - 00000157 _____ C:\Users\T\Desktop\Theo.url
2016-09-16 21:27 - 2016-09-16 21:28 - 00000118 _____ C:\Users\T\Desktop\TRv.url
2016-09-16 09:22 - 2016-09-16 09:23 - 00000155 _____ C:\Users\T\Desktop\WsW.url
2016-09-13 23:22 - 2016-09-13 23:11 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 23:22 - 2016-09-13 23:11 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 23:22 - 2016-03-15 15:31 - 00403390 __RSH C:\bootmgr
2016-09-13 23:22 - 2013-06-18 05:18 - 00000001 ___SH C:\BOOTNXT
2016-09-13 23:11 - 2016-09-13 23:11 - 00443224 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-13 23:11 - 2016-09-13 23:11 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-13 23:11 - 2016-09-13 23:11 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-13 23:11 - 2016-09-13 23:11 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-13 23:11 - 2016-09-13 23:11 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-13 23:10 - 2016-09-13 23:10 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-13 23:10 - 2016-09-13 23:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-13 23:10 - 2016-09-13 23:10 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-13 23:08 - 2016-09-13 23:08 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-13 23:08 - 2016-09-13 23:08 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-09-13 23:08 - 2016-09-13 23:08 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-09-13 23:08 - 2016-09-13 23:08 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-13 23:08 - 2016-09-13 23:08 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-09-13 23:08 - 2016-09-13 23:08 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-13 23:08 - 2016-09-13 23:08 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-13 23:08 - 2016-09-13 23:08 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-09-13 23:08 - 2016-09-13 23:08 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-13 23:08 - 2016-09-13 23:08 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-09-13 23:08 - 2016-09-13 23:08 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-13 23:08 - 2016-09-13 23:08 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-13 23:07 - 2016-09-13 23:07 - 07445848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-13 23:07 - 2016-09-13 23:07 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-13 23:07 - 2016-09-13 23:07 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-13 23:07 - 2016-09-13 23:07 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-13 23:07 - 2016-09-13 23:07 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-13 23:07 - 2016-09-13 23:07 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-13 23:07 - 2016-09-13 23:07 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-09-13 23:07 - 2016-09-13 23:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-13 23:07 - 2016-09-13 23:07 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-13 23:07 - 2016-09-13 23:07 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-13 23:07 - 2016-09-13 23:07 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-13 23:07 - 2016-09-13 23:07 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-13 23:07 - 2016-09-13 23:07 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-13 23:07 - 2016-09-13 23:07 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-13 23:07 - 2016-09-13 23:07 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-12 22:35 - 2016-09-12 22:35 - 00000000 ____D C:\Users\Troy\AppData\Roaming\PDF Architect 4
2016-09-12 11:34 - 2016-09-12 11:34 - 00000000 ____D C:\Windows\system32\DBBK
2016-09-10 20:52 - 2016-09-10 20:52 - 00001085 _____ C:\Users\Troy\Desktop\! software - Shortcut.lnk
2016-09-08 11:57 - 2016-09-08 11:57 - 01462560 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tdrpman.sys
2016-09-08 10:17 - 2016-09-08 11:32 - 00087032 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-09-08 10:17 - 2016-09-08 10:19 - 00048971 _____ C:\Windows\ZAM.krnl.trace
2016-09-08 09:58 - 2016-09-08 09:58 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-09-08 09:44 - 2016-09-08 09:44 - 00000000 ____D C:\Users\Troy\AppData\Roaming\DraftSight
2016-09-08 09:44 - 2016-09-08 09:44 - 00000000 ____D C:\Users\Troy\AppData\Local\Dassault Systemes
2016-09-08 09:44 - 2016-09-08 09:44 - 00000000 ____D C:\Program Files\Dassault Systemes
2016-09-05 17:52 - 2016-09-05 17:52 - 00000292 _____ C:\Users\T\Desktop\B scan.url
2016-09-01 22:24 - 2016-09-01 22:24 - 00001695 _____ C:\Users\T\Desktop\DOCS.docx - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-01 11:39 - 2016-08-11 12:17 - 00000000 ____D C:\FRST
2016-10-01 11:17 - 2015-12-10 04:28 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-01 10:04 - 2014-05-08 17:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2934600066-496943794-4240687687-1001
2016-10-01 10:01 - 2016-08-06 22:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-01 09:59 - 2016-08-14 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-01 09:59 - 2016-08-14 22:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-30 22:42 - 2015-10-10 08:03 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-09-30 11:53 - 2016-01-18 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-09-30 11:53 - 2016-01-18 16:28 - 00000000 ____D C:\Program Files\RogueKiller
2016-09-30 09:06 - 2016-08-19 09:18 - 00000000 ____D C:\ProgramData\Foxit Software
2016-09-30 09:06 - 2014-05-08 21:51 - 00000000 ____D C:\Users\T\AppData\Local\Adobe
2016-09-30 09:05 - 2015-01-22 18:19 - 00000000 __SHD C:\Users\T\IntelGraphicsProfiles
2016-09-30 09:03 - 2015-05-29 16:14 - 00000091 _____ C:\HaxLogs.txt
2016-09-30 09:03 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-30 09:02 - 2015-01-04 11:25 - 00002564 _____ C:\Windows\Sandboxie.ini
2016-09-29 11:23 - 2014-05-20 08:54 - 00000000 _RSHD C:\acroldr
2016-09-29 11:00 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-09-28 22:23 - 2014-05-09 18:14 - 00000000 ____D C:\Program Files\thinkorswim
2016-09-28 11:25 - 2014-05-19 06:11 - 00000000 ____D C:\Users\Troy\.thinkorswim
2016-09-28 09:36 - 2014-09-13 05:34 - 00000000 _____ C:\Users\T\AppData\LocalLow\ChangeTaskbarRect
2016-09-27 11:03 - 2015-09-05 14:20 - 00000000 ____D C:\Users\Troy\.oracle_jre_usage
2016-09-27 09:40 - 2014-05-08 21:30 - 00000000 ____D C:\Users\T\Documents\1 1condo
2016-09-26 16:20 - 2014-05-19 17:46 - 00000000 ____D C:\Users\T\AppData\Local\Citrix
2016-09-26 14:54 - 2016-04-22 03:50 - 00000000 ____D C:\Program Files\Puran Utilities
2016-09-25 18:33 - 2014-05-08 22:01 - 00000000 ____D C:\Users\T\AppData\Roaming\vlc
2016-09-25 16:07 - 2016-01-16 10:59 - 00000000 ____D C:\AdwCleaner
2016-09-25 16:00 - 2016-04-22 15:32 - 00000009 _____ C:\Windows\system32\config\PuranBackupTime.pur
2016-09-25 15:59 - 2016-08-06 11:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-25 15:59 - 2014-05-08 17:18 - 00000000 ____D C:\Users\T
2016-09-25 09:31 - 2016-06-28 12:35 - 00513904 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-25 09:30 - 2014-11-17 04:54 - 00040960 ___SH C:\Windows\system32\config\BPuranRegBCD.pur
2016-09-25 09:30 - 2013-08-22 06:25 - 34865152 _____ C:\Windows\system32\config\BPuranRegSys.pur
2016-09-25 08:42 - 2015-10-10 08:02 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2016-09-25 08:36 - 2015-12-20 14:06 - 00000000 ____D C:\ProgramData\GlarySoft
2016-09-25 08:36 - 2015-10-10 08:02 - 00000000 ____D C:\Users\Troy\AppData\Roaming\GlarySoft
2016-09-25 08:31 - 2016-05-28 07:37 - 00000000 ____D C:\Program Files (x86)\Dashlane
2016-09-24 20:18 - 2014-05-08 19:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-24 18:58 - 2016-01-31 08:53 - 00000767 _____ C:\Users\Troy\Desktop\JRT.txt
2016-09-24 17:58 - 2016-01-21 17:18 - 00000000 ____D C:\Users\T\AppData\Local\CrashDumps
2016-09-24 17:25 - 2014-06-01 07:30 - 00000000 ____D C:\ProgramData\launcher
2016-09-24 17:15 - 2014-12-14 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-24 17:09 - 2014-08-17 18:38 - 00000000 __RDO C:\Users\T\OneDrive
2016-09-24 17:09 - 2014-05-08 19:01 - 00000000 ____D C:\Program Files (x86)\IObit
2016-09-23 23:27 - 2016-03-02 18:14 - 00000000 ____D C:\Users\Troy\AppData\Local\CrashDumps
2016-09-23 22:55 - 2016-02-24 17:07 - 75759616 _____ C:\Windows\system32\config\BPuranRegCOM.pur
2016-09-23 22:29 - 2016-08-01 23:35 - 177520640 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2016-09-23 22:29 - 2016-08-01 23:35 - 06705152 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2016-09-23 22:29 - 2016-08-01 23:35 - 00102400 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2016-09-23 22:29 - 2016-08-01 23:35 - 00028672 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2016-09-23 11:49 - 2014-09-21 05:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-22 09:32 - 2014-05-08 19:02 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-21 22:53 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf
2016-09-21 11:26 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2016-09-20 23:14 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2016-09-19 09:58 - 2016-03-13 09:53 - 00000510 _____ C:\Users\T\.bash_history
2016-09-19 05:17 - 2015-09-15 16:37 - 00003648 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2934600066-496943794-4240687687-1001
2016-09-19 05:17 - 2015-04-23 16:32 - 00003552 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2934600066-496943794-4240687687-1001
2016-09-17 17:05 - 2015-10-10 08:03 - 00000000 ____D C:\Users\Troy\AppData\Roaming\DiskDefrag
2016-09-16 21:20 - 2014-10-02 03:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-09-16 21:19 - 2014-05-08 21:48 - 00000000 ____D C:\Users\T\Documents\Webshots2
2016-09-16 09:13 - 2016-08-08 06:35 - 00000000 ____D C:\Program Files\HitmanPro
2016-09-15 09:02 - 2014-05-08 17:20 - 00339900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-14 10:30 - 2015-01-28 18:15 - 00000000 __SHD C:\Users\Troy\IntelGraphicsProfiles
2016-09-14 10:30 - 2014-11-06 17:18 - 00000000 _____ C:\Users\Troy\AppData\LocalLow\ChangeTaskbarRect
2016-09-14 09:34 - 2014-05-09 14:43 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 09:28 - 2014-05-09 14:43 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-13 23:19 - 2014-11-22 17:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-13 23:19 - 2014-11-22 17:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-13 23:06 - 2014-11-22 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-12 22:37 - 2016-04-08 15:52 - 00000000 ____D C:\ProgramData\PDF Architect 4
2016-09-11 10:39 - 2015-06-14 04:36 - 00000000 ____D C:\ProgramData\IObit
2016-09-11 10:39 - 2014-06-07 06:58 - 00000000 ____D C:\Users\T\AppData\Roaming\ProductData
2016-09-11 10:39 - 2014-05-08 21:58 - 00000000 ____D C:\Users\T\AppData\Roaming\IObit
2016-09-11 10:39 - 2014-05-08 21:28 - 00000000 ____D C:\Users\T\Documents\1 1 ToDo
2016-09-11 10:39 - 2014-05-08 21:24 - 00000000 ____D C:\Users\T\Documents\1 1 internet
2016-09-11 10:39 - 2014-05-08 21:24 - 00000000 ____D C:\Users\T\Documents\1 1 health
2016-09-11 10:39 - 2014-05-08 21:18 - 00000000 ____D C:\Users\T\Documents\1 1 applications
2016-09-11 10:39 - 2014-05-08 18:59 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-11 10:38 - 2015-11-08 14:07 - 00000000 ____D C:\Users\Troy\Documents\! software
2016-09-11 10:38 - 2014-06-07 06:57 - 00000000 ____D C:\Users\Troy\AppData\LocalLow\IObit
2016-09-11 10:38 - 2014-06-07 06:56 - 00000000 ____D C:\Users\Troy\AppData\Roaming\IObit
2016-09-11 10:38 - 2014-05-08 21:51 - 00000000 ____D C:\Users\T\Documents\World Mysteries - Strange Artifacts - Antikythera Mechanism_files
2016-09-11 10:38 - 2014-05-08 21:46 - 00000000 ____D C:\Users\T\Documents\weather
2016-09-11 10:38 - 2014-05-08 21:46 - 00000000 ____D C:\Users\T\Documents\Visual Studio 2010
2016-09-11 10:38 - 2014-05-08 21:44 - 00000000 ____D C:\Users\T\Documents\strainpaint_files
2016-09-11 10:38 - 2014-05-08 21:36 - 00000000 ____D C:\Users\T\Documents\software
2016-09-11 10:38 - 2014-05-08 21:34 - 00000000 ___RD C:\Users\T\Documents\My Stationery
2016-09-11 10:38 - 2014-05-08 21:34 - 00000000 ____D C:\Users\T\Documents\PhysOrg First Single-Chip Solution for both Autonomous and Host-Based GPS Applications_files
2016-09-11 10:38 - 2014-05-08 21:34 - 00000000 ____D C:\Users\T\Documents\news1650_files
2016-09-11 10:38 - 2014-05-08 21:34 - 00000000 ____D C:\Users\T\Documents\My Albums
2016-09-11 10:38 - 2014-05-08 21:34 - 00000000 ____D C:\Users\T\Documents\IISExpress
2016-09-11 10:38 - 2014-05-08 21:32 - 00000000 ____D C:\Users\T\Documents\1 privacy
2016-09-11 10:38 - 2014-05-08 21:32 - 00000000 ____D C:\Users\T\Documents\1 judge
2016-09-11 10:38 - 2014-05-08 21:31 - 00000000 ____D C:\Users\T\Documents\1 excel
2016-09-11 10:38 - 2014-05-08 21:31 - 00000000 ____D C:\Users\T\Documents\1 desktop
2016-09-11 10:38 - 2014-05-08 21:31 - 00000000 ____D C:\Users\T\Documents\1 asp
2016-09-11 10:38 - 2014-05-08 21:30 - 00000000 ____D C:\Users\T\Documents\1 1 value
2016-09-11 10:38 - 2014-05-08 21:28 - 00000000 ____D C:\Users\T\Documents\1 1 TOOLS
2016-09-11 10:38 - 2014-05-08 21:10 - 00000000 ____D C:\Users\T\Documents\1
2016-09-11 10:38 - 2014-05-08 21:08 - 00000000 ____D C:\Users\T\Documents\PPV_mobile
2016-09-11 10:38 - 2014-05-08 18:54 - 00000000 ___RD C:\Users\T\Documents\Scanned Documents
2016-09-11 10:28 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\registration
2016-09-10 20:52 - 2014-05-10 09:31 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2934600066-496943794-4240687687-1003
2016-09-10 07:20 - 2014-05-10 09:25 - 00000000 ____D C:\Users\Troy
2016-09-08 23:32 - 2016-08-08 12:27 - 06090752 _____ C:\Windows\system32\config\drivers.iodefrag.bak
2016-09-08 11:58 - 2014-06-22 18:05 - 00000000 ____D C:\ProgramData\Seagate
2016-09-08 11:33 - 2016-08-17 11:20 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-08 10:56 - 2014-05-28 08:41 - 00000000 ____D C:\Users\T\.idlerc
2016-09-08 10:56 - 2014-05-08 22:00 - 00000000 ____D C:\Users\T\AppData\Roaming\Skype
2016-09-08 10:30 - 2014-12-14 10:00 - 00000000 ____D C:\Program Files (x86)\Avira
2016-09-08 10:22 - 2016-04-17 09:36 - 00000000 ____D C:\Users\Troy\Documents\Visual Studio 2012

==================== Files in the root of some directories =======

2015-10-10 07:50 - 2015-10-10 08:02 - 0000115 _____ () C:\Users\Troy\AppData\Roaming\LogFile.txt
2014-06-16 07:08 - 2015-09-08 18:34 - 0007627 _____ () C:\Users\Troy\AppData\Local\Resmon.ResmonCfg
2015-01-04 08:39 - 2015-01-04 08:39 - 0001293 _____ () C:\Users\Troy\AppData\Local\Temp1.html
2015-01-04 08:39 - 2015-01-04 08:39 - 0008041 _____ () C:\Users\Troy\AppData\Local\Temp24.html
2014-09-29 15:55 - 2014-09-29 15:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-08-14 09:58 - 2010-08-14 10:02 - 0049771 _____ () C:\ProgramData\SOTM40Data.xml
2010-08-14 09:58 - 2010-08-14 09:58 - 18571341 _____ () C:\ProgramData\SOTM40Static.xml
2010-04-13 12:31 - 2016-02-14 09:30 - 0001534 _____ () C:\ProgramData\ss.ini

Files to move or delete:
====================
C:\Users\T\pcmoveria_en.exe
C:\Users\T\SetupNI.dll
C:\Users\Troy\en_res.dll
C:\Users\Troy\es_res.dll
C:\Users\Troy\fr_res.dll
C:\Users\Troy\grm_res.dll
C:\Users\Troy\it_res.dll
C:\Users\Troy\jp_res.dll
C:\Users\Troy\mfc80u.dll
C:\Users\Troy\msvcr80.dll
C:\Users\Troy\PCPE Setup.exe
C:\Users\Troy\pt_res.dll
C:\Users\Troy\ResourceReader.dll
C:\Users\Troy\ru_res.dll
C:\Users\Troy\zh_res.dll


Some files in TEMP:
====================
C:\Users\Troy\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {57b3538a-0b09-11e3-82ed-b80d438151ab}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 3
displaybootmenu         Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 8.1
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {57b3538c-0b09-11e3-82ed-b80d438151ab}
truncatememory          0x400000000
integrityservices       Enable
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {57b3538a-0b09-11e3-82ed-b80d438151ab}
nx                      OptIn
numproc                 4
bootmenupolicy          Standard
quietboot               Yes
usefirmwarepcisettings  No
bootlog                 Yes

Windows Boot Loader
-------------------
identifier              {57b3538c-0b09-11e3-82ed-b80d438151ab}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{57b3538d-0b09-11e3-82ed-b80d438151ab}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{57b3538d-0b09-11e3-82ed-b80d438151ab}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {57b3538a-0b09-11e3-82ed-b80d438151ab}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {57b3538c-0b09-11e3-82ed-b80d438151ab}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {57b3538d-0b09-11e3-82ed-b80d438151ab}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2015-12-13 09:01

==================== End of FRST.txt ============================

 

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin....

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Adcleaner:

# AdwCleaner v6.020 - Logfile created 05/10/2016 at 11:03:54
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-03.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Troy - TROY-HOME
# Running from : C:\Users\T\Desktop\adwcleaner_6.020.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

Shortcut infected:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate\Seagate DiscWizard\Tools and Utilities\Mount Image.lnk ( /mount_image )


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKU\S-1-5-21-2934600066-496943794-4240687687-1001\Software\GreenTree Applications
Key Found:  HKU\S-1-5-21-2934600066-496943794-4240687687-1003\Software\GreenTree Applications
Key Found:  HKCU\Software\GreenTree Applications
Key Found:  [x64] HKCU\Software\GreenTree Applications


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

\AdwCleaner\AdwCleaner[C0].txt - [1456 Bytes] - [17/08/2016 22:50:30]
\AdwCleaner\AdwCleaner[C2].txt - [1331 Bytes] - [20/09/2016 10:29:48]
\AdwCleaner\AdwCleaner[S0].txt - [1557 Bytes] - [17/08/2016 22:50:15]
\AdwCleaner\AdwCleaner[S1].txt - [1560 Bytes] - [05/10/2016 11:03:54]

########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [1631 Bytes] ##########

Fixitlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by T (05-10-2016 10:57:17) Run:2
Running from C:\Users\T\Desktop
Loaded Profiles: T (Available Profiles: T & Troy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Tcpip\..\Interfaces\{A7E2022A-90E8-4812-AF51-ECB9E229A8FA}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S2 VBoxAswDrv; no ImagePath
S1 ihallakd; \??\C:\Windows\system32\drivers\ihallakd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
2015-01-04 08:39 - 2015-01-04 08:39 - 0001293 _____ () C:\Users\Troy\AppData\Local\Temp1.html
2015-01-04 08:39 - 2015-01-04 08:39 - 0008041 _____ () C:\Users\Troy\AppData\Local\Temp24.html
C:\Users\T\pcmoveria_en.exe
C:\Users\T\SetupNI.dll
C:\Users\Troy\en_res.dll
C:\Users\Troy\es_res.dll
C:\Users\Troy\fr_res.dll
C:\Users\Troy\grm_res.dll
C:\Users\Troy\it_res.dll
C:\Users\Troy\jp_res.dll
C:\Users\Troy\mfc80u.dll
C:\Users\Troy\msvcr80.dll
C:\Users\Troy\PCPE Setup.exe
C:\Users\Troy\pt_res.dll
C:\Users\Troy\ResourceReader.dll
C:\Users\Troy\ru_res.dll
C:\Users\Troy\zh_res.dll
C:\Users\Troy\AppData\Local\Temp\dllnt_dump.dll
Hosts:
EmptyTemp:
end



*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.

"C:\Windows\system32\GroupPolicy\Machine" folder move:

Could not move "C:\Windows\system32\GroupPolicy\Machine" => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\Windows\SysWOW64\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Google => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A7E2022A-90E8-4812-AF51-ECB9E229A8FA}\\NameServer => value could not remove.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key could not remove. Access Denied.
VBoxAswDrv => service could not remove
ihallakd => service could not remove
ZAM => service could not remove
ZAM_Guard => service could not remove
C:\Users\Troy\AppData\Local\Temp1.html => moved successfully
C:\Users\Troy\AppData\Local\Temp24.html => moved successfully
C:\Users\T\pcmoveria_en.exe => moved successfully
C:\Users\T\SetupNI.dll => moved successfully
C:\Users\Troy\en_res.dll => moved successfully
C:\Users\Troy\es_res.dll => moved successfully
C:\Users\Troy\fr_res.dll => moved successfully
C:\Users\Troy\grm_res.dll => moved successfully
C:\Users\Troy\it_res.dll => moved successfully
C:\Users\Troy\jp_res.dll => moved successfully
C:\Users\Troy\mfc80u.dll => moved successfully
C:\Users\Troy\msvcr80.dll => moved successfully
C:\Users\Troy\PCPE Setup.exe => moved successfully
C:\Users\Troy\pt_res.dll => moved successfully
C:\Users\Troy\ResourceReader.dll => moved successfully
C:\Users\Troy\ru_res.dll => moved successfully
C:\Users\Troy\zh_res.dll => moved successfully
"C:\Users\Troy\AppData\Local\Temp\dllnt_dump.dll" => not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8248788 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 524288 B
Opera => 473735430 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
T => 8205568 B
Troy => 25636 B

RecycleBin => 6628936 B
EmptyTemp: => 474.3 MB temporary data Removed.

================================

Sophos found Zero

Link to post
Share on other sites

What is the current status of your system, do you have any remaining issues or concerns...? run the following and post produced log.

Please download Zemana AntiMalware and save it to your Desktop.

  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
  • After the short scan is finished, if threats are detected press Next to remove them.

    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.

  • Open Zemana AntiMalware again.

  • Click on 4zu6vb.jpg icon and double click the latest report.

  • Now click File > Save As and choose your Desktop before pressing Save.

  • Attach saved report in your next message.

Link to post
Share on other sites

see Zemana results:

emana AntiMalware 2.50.2.133 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/10/8
Operating System       : Windows 8.1 64-bit
Processor              : 4X Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 121507FFC4B4C7777D27D8
Scan Type              : Smart Scan
Duration               : 46m 7s
Scanned Objects        : 1125078
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

how do i test my virusscan installation.txt
Status             : Scanned
Object             : NE->c:\portable\1 compback\1 1desktop\! 1\! ha\1000 hacking tutorials - the best of (2008)\how do i test my virusscan installation.txt
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Virus:Test/Eicar!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

how do i test my virusscan installation.txt
Status             : Scanned
Object             : NE->c:\portable\1 compback\1 1desktop\downloads\1000 hacking tutorials - the best of (2008)\how do i test my virusscan installation.txt
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Virus:Test/Eicar!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

tmp00000002.1322101.gzquar
Status             : Scanned
Object             : NE->c:\windows\temp\tmp00003dab\tmp00000002.1322101.gzquar
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Virus:Test/Eicar!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0
 

Link to post
Share on other sites

Quote

Nope bitdefender still finds events, and makes temp files

 Can you show what is found, navigational address or a log if possible. You indicate bitdefender creates temp files, i`m not sure what you mean...

Run one more scan with Zemana, this time change "Smart Scan" to "Deep Scan" Post that log...

Link to post
Share on other sites

I have already run smart scan twice, and nothing shows up: zero/clean

deep scan won't run past one hour or so, then it says no internet connection

The temp folder/files are in C:\windows\temp

see this is one:   c:\windows\temp\tmp00003dab\tmp00000002.1322101.gzquar

seems to me every time bitdefender runs a real time scan it finds a file and quarantines it in the windows/temp directory with a random temp name

 

Link to post
Share on other sites

I`ve never used BitDefender so am not that sure of how it works, have a read at the following links regarding how BD quarantines and checks suspect files:

http://www.bdantivirus.com/bitdefender/antivirusplus/html/antivirus.quarantine.html

https://antivirusinsider.com/access-quarantine-bitdefender-2016/

I cannot find where the "Quarantine" folder is located, I would not expect that a temp folder to be ideal as they can be emptied very easily with 3rd party software, also windows own cleaner option....

How often is BitDefender finding problem files, is this a never ending problem... Scans we have used recently do not find much... Run one more scan:

user posted imageScan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:
 
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:
 
  • Select "Enable detection of potentially unwanted applications"
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable security software!

Thank you,

Kevin....

Link to post
Share on other sites

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!
Link to post
Share on other sites

RogueKiller V12.7.2.0 (x64) [Oct 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Troy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/16/2016 08:19:13 (Duration : 00:39:49)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-2934600066-496943794-4240687687-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce | Report : \AdwCleaner\AdwCleaner[C3].txt [-] -> Found
[VT.Unknown] (X86) HKEY_USERS\S-1-5-21-2934600066-496943794-4240687687-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce | Report : \AdwCleaner\AdwCleaner[C3].txt [-] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DX001-1CM164 +++++
--- User ---
[MBR] fc1d9466145d4f584ea851b1a5540447
[BSP] c2297582ae6be82979afd64013b9d0f6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907728 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.