TechSpot

I think my computer is infected (farbar log)

By Andit
Jan 1, 2016
  1. I believe my computer is infected. At night when no programs are running it makes a constant loading sound. I've tried disabling the antivirus/firewall and it still happens.

    ---------------

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
    Ran by Shane (administrator) on SHANE-PC (01-01-2016 17:54:25)
    Running from C:\Users\Shane\Desktop
    Loaded Profiles: Shane (Available Profiles: Shane & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Flux Software LLC) C:\Users\Shane\AppData\Local\FluxSoftware\Flux\flux.exe
    (AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-29] (Realtek Semiconductor)
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Run: [F.lux] => C:\Users\Shane\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\MountPoints2: E - E:\LaunchU3.exe
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\MountPoints2: {05c5c55e-0933-11e3-a5db-386077f9c999} - F:\Startme.exe
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Gateway.scr [456224 2010-07-29] ()
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2015-11-07]
    ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2014-01-27]
    ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
    Tcpip\..\Interfaces\{418F29EE-1A32-4B39-A0CC-6192F27453C6}: [DhcpNameServer] 192.168.1.254 75.153.176.1
    Tcpip\..\Interfaces\{E0DE04D8-E222-41AD-B804-2DA458D6E28E}: [NameServer] 192.168.48.1
    Tcpip\..\Interfaces\{E9BDF33F-EF9E-469E-B69F-E3278008A053}: [DhcpNameServer] 192.168.1.254 75.153.176.1

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {260AABCD-B44D-448B-8F50-F39136744CAE} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&q={searchTerms}&gu=cc6f61a963e247dfa9dd0f870fc4966e&tu=10G9z00B92C01g0&sku=&tstsId=&ver=&&r=128
    SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {C72B0970-5582-4BC4-9A76-EEEF741F680C} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-31] (Oracle Corporation)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-31] (Oracle Corporation)
    Toolbar: HKLM-x32 - No Name - {2B171655-A69C-5c18-B693-6CB5DC269D41} - No File
    Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx No File
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
    Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default
    FF DefaultSearchUrl: hxxps://ca.search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Homepage: hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
    FF Keyword.URL: hxxps://ca.search.yahoo.com/yhs/search
    FF NetworkProxy: "no_proxies_on", ""
    FF NetworkProxy: "socks", "127.0.0.1"
    FF NetworkProxy: "socks_port", 8282
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
    FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll [No File]
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-31] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-31] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1051381468-4094465459-3186913488-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1051381468-4094465459-3186913488-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-04-25] (Sony Network Entertainment International LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.)
    FF SearchPlugin: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\searchplugins\yahoo-avast.xml [2014-07-22]
    FF SearchPlugin: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\searchplugins\zonealarm.xml [2013-11-21]
    FF Extension: Fasterfox Lite - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\FasterFox_Lite@BigRedBrent [2015-06-02]
    FF Extension: 1-Click YouTube Video Downloader - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-06-02]
    FF Extension: FlashGot - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-02]
    FF Extension: LastPass - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\support@lastpass.com [2015-07-24]
    FF Extension: No Name - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-07-24] [not signed]
    FF Extension: YouTube mp3 - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\info@youtube-mp3.org.xpi [2015-06-02]
    FF Extension: Adblock Plus - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-20]
    FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker => not found
    FF HKLM-x32\...\Firefox\Extensions: [{9051303c-7e41-4311-a783-d6fe5ef2832d}] - C:\Program Files (x86)\FVD Suite\addons\Firefox => not found

    Chrome:
    =======
    CHR StartupUrls: Default -> "chrome://bookmarks/#2","hxxps://www.youtube.com/feed/subscriptions","hxxp://theinfounderground.com/smf/index.php?PHPSESSID=69ae330fbe9b585e2f7abf39dd61e83b&"
    CHR DefaultSearchURL: Default -> hxxps://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english
    CHR DefaultSearchKeyword: Default -> ixquick.com_
    CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Adblock Plus) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25]
    CHR Extension: (Video Downloader professional) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-07-01]
    CHR Extension: (RotoGrinders - FanDuel Tools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felhhccenjfgepphdanniaeclbjhklca [2015-12-09]
    CHR Extension: (Bookmarks Button) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2014-07-27]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-27]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
    CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
    S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 Connectify; no ImagePath
    S2 NIHardwareService; no ImagePath
    S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
    S2 YSearchUtilSvc; "C:\Program Files (x86)\Yahoo!\yset\{BA9EF3FE-892C-5447-891E-5BDBD92452F6}\YSearchUtilSvc.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
    R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2013-04-16] (Connectify)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
    R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
    R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
    R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
    R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
    R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
    R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
    R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
    R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
    R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-11-29] (CACE Technologies, Inc.)
    R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163576 2015-06-17] (Panda Security, S.L.)
    R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
    R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
    R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
    R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
    R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
    R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
    S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-08-19] ()
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
    R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-08-20] (Sony Ericsson Mobile Communications)
    S3 V0500Dev; C:\Windows\System32\DRIVERS\V0500Vid.sys [292064 2007-10-31] (Creative Technology Ltd.)
    S2 zntport; \??\C:\Windows\system32\zntport.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-01 17:49 - 2016-01-01 17:54 - 00024882 _____ C:\Users\Shane\Desktop\FRST.txt
    2016-01-01 17:49 - 2016-01-01 17:49 - 00000000 ____D C:\Users\Shane\Desktop\New folder
    2016-01-01 17:39 - 2016-01-01 17:54 - 00000000 ____D C:\FRST
    2016-01-01 17:27 - 2016-01-01 17:27 - 02370560 _____ (Farbar) C:\Users\Shane\Desktop\FRST64.exe
    2016-01-01 17:00 - 2016-01-01 17:00 - 00000825 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-01-01 17:00 - 2016-01-01 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-01-01 17:00 - 2016-01-01 17:00 - 00000000 ____D C:\Program Files\RogueKiller
    2016-01-01 16:40 - 2016-01-01 16:40 - 05198336 _____ (AVAST Software) C:\Users\Shane\Desktop\aswMBR.exe
    2016-01-01 12:00 - 2016-01-01 12:00 - 00000000 ____D C:\Users\Shane\AppData\Local\Steam
    2016-01-01 12:00 - 2016-01-01 12:00 - 00000000 ____D C:\Users\Shane\AppData\Local\CEF
    2016-01-01 06:12 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
    2016-01-01 05:38 - 2016-01-01 05:38 - 00000000 ____D C:\Users\Shane\Desktop\Process Explorer
    2016-01-01 05:13 - 2016-01-01 05:13 - 00001378 _____ C:\Users\Shane\Desktop\Temp.lnk
    2016-01-01 04:58 - 2016-01-01 04:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Shane\Desktop\HijackThis.exe
    2016-01-01 04:48 - 2016-01-01 05:41 - 00000000 ____D C:\Users\Shane\AppData\Roaming\FreeFixer
    2016-01-01 04:48 - 2016-01-01 04:57 - 00000000 ____D C:\Users\Shane\AppData\Local\FreeFixer
    2016-01-01 04:42 - 2016-01-01 04:42 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
    2016-01-01 04:42 - 2016-01-01 04:42 - 00000000 ____D C:\Program Files\FreeFixer
    2015-12-31 13:32 - 2015-12-31 13:32 - 00000089 _____ C:\Users\Shane\Desktop\Space Dandy S01E10.url
    2015-12-31 12:53 - 2015-12-31 12:53 - 00001684 _____ C:\Users\Shane\Desktop\Belarc.lnk
    2015-12-31 12:53 - 2015-12-31 12:53 - 00000000 ____D C:\Users\Shane\AppData\Local\YSearchUtil
    2015-12-31 12:53 - 2015-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2015-12-31 10:05 - 2015-07-22 16:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-12-31 10:05 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-12-31 10:05 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-12-31 10:05 - 2015-07-22 09:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-12-31 10:05 - 2015-07-22 09:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-12-31 10:05 - 2015-07-22 08:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-12-31 10:04 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-12-31 10:04 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-12-31 10:04 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-12-31 10:04 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-12-31 10:04 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-12-31 10:04 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-12-31 10:04 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-12-31 10:04 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-12-31 10:04 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-12-31 10:04 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-12-31 10:04 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation)
     
  2. Andit

    Andit TS Rookie Topic Starter Posts: 17

    [CONTINUED]

    C:\Windows\SysWOW64\jsproxy.dll
    2015-12-31 10:04 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-12-31 10:04 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-12-31 10:04 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-12-31 10:04 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-12-31 10:04 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-12-31 10:04 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-12-31 10:04 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-12-31 10:04 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-12-31 10:04 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-12-31 10:04 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-12-31 10:04 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-12-31 10:04 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-12-31 10:04 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-12-31 10:04 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-12-31 10:04 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-12-31 10:04 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-12-31 10:04 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-12-31 10:04 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-12-31 10:04 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-12-31 10:04 - 2015-06-25 02:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-12-31 10:04 - 2015-06-25 02:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-12-31 10:04 - 2015-06-25 02:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-12-31 10:04 - 2015-06-25 01:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-12-31 10:03 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-12-31 10:03 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-12-31 10:03 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-12-31 10:03 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-12-31 10:03 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-12-31 10:03 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-12-31 10:03 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-12-31 10:03 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-12-31 10:03 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-12-31 10:03 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-12-31 10:03 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-12-31 10:03 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-12-31 10:03 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-12-31 10:03 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-12-31 10:03 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-12-31 10:03 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-12-31 10:03 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-12-31 10:03 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-12-31 10:03 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-12-31 10:03 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-12-31 10:03 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-12-31 10:03 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-12-31 10:03 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-12-31 10:03 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-12-31 10:03 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-12-31 10:03 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-12-31 10:03 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-12-31 10:03 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-12-31 10:03 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-12-31 10:03 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-12-31 10:03 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-12-31 10:03 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-12-31 10:03 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-12-31 10:03 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-12-31 10:03 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-12-31 10:03 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-12-31 10:03 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-12-31 10:03 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-12-31 10:03 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-12-31 10:03 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-12-31 10:03 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-12-31 10:03 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-12-31 10:03 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-12-31 10:03 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-12-31 10:03 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-12-31 10:03 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-12-31 10:03 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-12-31 10:03 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-12-31 10:03 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-12-31 10:03 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-12-31 10:03 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-12-31 10:03 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-12-31 10:03 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-12-31 10:03 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-12-31 10:03 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-12-31 10:03 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-12-31 10:03 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-12-31 10:03 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-12-31 10:03 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-12-31 10:03 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-12-31 10:03 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-12-31 10:03 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-12-31 10:03 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-12-31 10:03 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-12-31 10:03 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-12-31 10:03 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-12-31 10:03 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-12-31 10:03 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2015-12-31 10:03 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2015-12-31 10:03 - 2015-08-27 10:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-12-31 10:03 - 2015-08-27 10:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-12-31 10:03 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2015-12-31 10:03 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-12-31 10:03 - 2015-08-27 09:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2015-12-31 10:03 - 2015-08-27 09:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-12-31 10:03 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2015-12-31 10:03 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-12-31 10:03 - 2015-07-09 09:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2015-12-31 10:03 - 2015-07-09 09:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2015-12-31 10:03 - 2015-07-09 09:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2015-12-31 10:03 - 2015-07-09 09:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-12-31 10:02 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-12-31 10:02 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-12-31 10:02 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-12-31 10:02 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-12-31 10:02 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-12-31 10:02 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-12-31 10:02 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-12-31 10:02 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-12-31 10:02 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-12-31 10:02 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-12-31 10:02 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-12-31 10:02 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-12-31 10:02 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-12-31 10:02 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-12-31 10:02 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-12-31 10:02 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-12-31 10:02 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-12-31 10:02 - 2015-10-08 15:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
    2015-12-31 10:02 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2015-12-31 10:02 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2015-12-31 10:02 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2015-12-31 10:02 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2015-12-31 10:02 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2015-12-31 10:02 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2015-12-31 10:02 - 2015-10-08 15:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
    2015-12-31 10:02 - 2015-10-08 11:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
    2015-12-31 10:02 - 2015-10-08 10:52 - 00419928 _____ C:\Windows\system32\locale.nls
    2015-12-31 10:02 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-12-31 10:02 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-12-31 10:02 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-12-31 10:02 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-12-31 10:02 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-12-31 10:02 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-12-31 10:02 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-12-31 10:02 - 2015-09-18 11:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-12-31 10:02 - 2015-09-18 11:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-12-31 10:02 - 2015-09-18 11:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-12-31 10:02 - 2015-09-18 11:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-12-31 10:02 - 2015-09-18 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-12-31 10:02 - 2015-09-18 11:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-12-31 10:02 - 2015-09-18 11:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-12-31 10:02 - 2015-08-06 10:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-12-31 10:02 - 2015-08-06 10:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-12-31 10:02 - 2015-08-06 09:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-12-31 10:02 - 2015-08-06 09:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-12-31 10:02 - 2015-08-05 09:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-12-31 10:01 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-12-31 10:01 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-12-31 10:01 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2015-12-31 10:01 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-12-31 10:01 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2015-12-31 10:01 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-12-31 10:01 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-12-31 10:01 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-12-31 10:01 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2015-12-31 10:01 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
    2015-12-31 10:01 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2015-12-31 10:01 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
    2015-12-31 09:59 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
    2015-12-31 09:59 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
    2015-12-31 09:59 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
    2015-12-31 09:58 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2015-12-31 09:58 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
    2015-12-31 09:58 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2015-12-31 09:58 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
    2015-12-31 09:52 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-12-31 09:52 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-12-31 09:52 - 2015-09-01 19:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-12-31 09:52 - 2015-09-01 19:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-12-31 09:52 - 2015-09-01 19:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-12-31 09:52 - 2015-09-01 19:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-12-31 09:52 - 2015-09-01 18:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-12-31 09:52 - 2015-09-01 18:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-12-31 09:52 - 2015-09-01 18:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-12-31 09:52 - 2015-09-01 18:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-12-31 09:52 - 2015-09-01 17:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-12-31 09:52 - 2015-09-01 17:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-12-29 08:29 - 2015-05-22 00:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
    2015-12-17 20:13 - 2015-12-17 20:13 - 00029231 _____ C:\Users\Shane\Desktop\BusC75.pdf
    2015-12-17 20:13 - 2015-12-17 20:13 - 00029160 _____ C:\Users\Shane\Desktop\Bus364.pdf
    2015-12-16 06:26 - 2015-12-16 06:26 - 00000076 _____ C:\Users\Shane\Desktop\Nomadic Fanatic - YouTube.url
    2015-12-16 06:12 - 2015-12-16 06:12 - 00000089 _____ C:\Users\Shane\Desktop\Cornelius Vango - YouTube.url
    2015-12-16 00:02 - 2015-12-16 00:02 - 00000000 _____ C:\Windows\SysWOW64\sho2EFC.tmp
    2015-12-15 19:42 - 2015-12-15 19:42 - 01752306 _____ C:\Users\Shane\AppData\Local\soulseek-client.dat.1450237367898
    2015-12-15 19:04 - 2015-12-15 19:04 - 01752039 _____ C:\Users\Shane\AppData\Local\soulseek-client.dat.1450235072030
    2015-12-15 18:04 - 2015-12-15 18:04 - 01752039 _____ C:\Users\Shane\AppData\Local\soulseek-client.dat.1450231472021
    2015-12-15 03:23 - 2015-12-31 13:16 - 00000000 ____D C:\Users\Shane\Desktop\Bookz
    2015-12-13 03:37 - 2015-12-31 09:43 - 00000000 ____D C:\Users\Shane\Desktop\PROMODJ
    2015-12-10 01:39 - 2015-12-28 19:53 - 00000000 ____D C:\Users\Shane\Desktop\lol

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-01 17:50 - 2007-07-11 17:48 - 00000000 ____D C:\Windows
    2016-01-01 17:47 - 2013-11-13 16:44 - 00000000 ___RD C:\Users\Shane\Desktop\Program Shortcuts
    2016-01-01 17:42 - 2015-05-24 13:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-01-01 17:37 - 2014-02-04 23:00 - 00000000 ____D C:\Users\Shane\Desktop\DLs
    2016-01-01 17:26 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-01-01 17:26 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-01-01 17:17 - 2009-07-13 21:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-01-01 17:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
    2016-01-01 17:12 - 2013-08-20 13:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-01 17:11 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-01-01 17:01 - 2013-08-20 13:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-01 16:34 - 2012-02-25 16:32 - 00000000 ____D C:\Users\Shane\Desktop\Security
    2016-01-01 16:12 - 2012-02-27 03:45 - 00000193 _____ C:\Windows\WORDPAD.INI
    2016-01-01 16:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2016-01-01 14:26 - 2012-02-22 21:37 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-01 13:23 - 2012-02-23 21:49 - 00000000 ____D C:\Users\Shane\AppData\Roaming\vlc
    2016-01-01 13:19 - 2015-10-08 14:22 - 00000000 ____D C:\Users\Shane\Desktop\jish
    2016-01-01 13:01 - 2012-02-25 16:19 - 00000000 ____D C:\Users\Shane\Desktop\MISC
    2016-01-01 11:29 - 2012-02-22 20:44 - 00000000 ____D C:\Users\Shane\AppData\Roaming\uTorrent
    2016-01-01 06:04 - 2015-06-08 18:49 - 00000000 ____D C:\ProgramData\Mach5 Mailer
    2016-01-01 05:47 - 2011-10-27 02:53 - 00000000 ____D C:\ProgramData\Temp
    2016-01-01 05:41 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
    2016-01-01 05:41 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-01-01 05:41 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
    2016-01-01 05:41 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
    2016-01-01 05:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2016-01-01 05:36 - 2012-02-25 14:39 - 00000000 ____D C:\Users\Shane\AppData\Local\CrashDumps
    2015-12-31 13:30 - 2012-02-25 16:37 - 00000000 ____D C:\Users\Shane\Desktop\Torrents
    2015-12-31 13:12 - 2014-07-22 01:27 - 00000000 ____D C:\Users\Shane\Desktop\sort desktop
    2015-12-31 13:02 - 2015-02-12 01:10 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-12-31 13:01 - 2015-02-12 01:08 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-12-31 12:55 - 2013-10-01 12:13 - 00000000 ____D C:\ProgramData\Oracle
    2015-12-31 12:52 - 2014-11-03 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-12-31 12:52 - 2013-10-01 12:10 - 00000000 ____D C:\Program Files (x86)\Java
    2015-12-31 12:50 - 2015-08-18 23:27 - 00000000 ____D C:\Users\Shane\.oracle_jre_usage
    2015-12-31 12:50 - 2014-11-03 12:05 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-12-31 11:22 - 2015-06-28 20:28 - 00000000 ____D C:\Users\Shane\AppData\Local\AdFender
    2015-12-31 11:20 - 2015-04-07 12:56 - 00000000 ___SD C:\Windows\system32\GWX
    2015-12-31 11:15 - 2012-05-18 15:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-12-31 11:15 - 2012-05-18 15:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-12-31 11:15 - 2009-07-13 20:45 - 00343544 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-12-31 11:12 - 2015-04-07 12:56 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-12-31 11:12 - 2014-12-12 10:07 - 00000000 ____D C:\Windows\system32\appraiser
    2015-12-31 11:12 - 2014-04-30 23:41 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-12-31 10:34 - 2012-05-18 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-12-31 10:24 - 2013-08-20 15:14 - 00000000 ____D C:\Windows\system32\MRT
    2015-12-31 10:12 - 2012-02-26 16:07 - 00775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-12-30 18:28 - 2015-07-17 14:58 - 00000000 ____D C:\Users\Shane\Documents\My Kindle Content
    2015-12-30 18:27 - 2015-07-17 14:57 - 00000000 ____D C:\Program Files (x86)\Amazon
    2015-12-29 22:39 - 2015-03-27 17:28 - 00000000 ____D C:\Users\Shane\Desktop\WATCH READ LISTEN
    2015-12-29 10:42 - 2015-05-24 13:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-12-29 10:42 - 2014-09-09 19:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-12-29 10:42 - 2014-09-09 19:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-28 20:00 - 2012-10-07 21:44 - 00000320 _____ C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    2015-12-17 01:01 - 2012-05-19 21:50 - 00000000 ____D C:\Users\Shane\Desktop\!
    2015-12-15 01:37 - 2015-05-24 21:52 - 00487945 _____ C:\Users\Shane\Desktop\Now Playing - All Albums.m3u
    2015-12-14 05:00 - 2012-10-07 21:47 - 00000326 _____ C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    2015-12-12 21:55 - 2012-02-23 22:44 - 00000000 ____D C:\Users\Shane\Desktop\!VIDEOS
    2015-12-10 22:05 - 2014-11-15 02:07 - 00000000 ____D C:\Users\Shane\Desktop\Soulseek - Sort Albums
    2015-12-10 01:06 - 2009-07-13 21:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-12-06 19:59 - 2012-04-04 11:20 - 00000000 ____D C:\Users\Shane\AppData\Local\ElevatedDiagnostics
    2015-12-04 21:27 - 2015-11-30 16:40 - 00000000 ____D C:\Users\Shane\Desktop\INTEL-Info NOTES
    2015-12-03 17:56 - 2013-08-20 13:51 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-03 17:56 - 2013-08-20 13:51 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-12-02 13:18 - 2010-11-20 19:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2013-12-18 20:02 - 2013-12-18 20:02 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2013-01-27 19:01 - 2013-01-27 19:01 - 0000576 _____ () C:\Users\Shane\AppData\Roaming\All CPU MeterV3_Settings.ini
    2012-04-26 23:20 - 2015-03-19 20:02 - 0004608 _____ () C:\Users\Shane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-08-24 10:23 - 2013-08-24 10:23 - 0000218 _____ () C:\Users\Shane\AppData\Local\recently-used.xbel
    2015-01-06 12:46 - 2015-01-06 12:46 - 0007607 _____ () C:\Users\Shane\AppData\Local\Resmon.ResmonCfg
    2015-12-15 18:04 - 2015-12-15 18:04 - 1752039 _____ () C:\Users\Shane\AppData\Local\soulseek-client.dat.1450231472021
    2015-12-15 19:04 - 2015-12-15 19:04 - 1752039 _____ () C:\Users\Shane\AppData\Local\soulseek-client.dat.1450235072030
    2015-12-15 19:42 - 2015-12-15 19:42 - 1752306 _____ () C:\Users\Shane\AppData\Local\soulseek-client.dat.1450237367898
    2015-09-23 13:49 - 2015-09-23 13:49 - 0000000 _____ () C:\Users\Shane\AppData\Local\{30CE770F-C62D-40BB-A162-8D9EC7CEFF45}
    2015-06-30 16:38 - 2015-06-21 02:57 - 12543841 _____ () C:\ProgramData\usertray.exe

    Files to move or delete:
    ====================
    C:\ProgramData\usertray.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-31 17:00

    ==================== End of FRST.txt ============================
     
  3. Andit

    Andit TS Rookie Topic Starter Posts: 17

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
    Ran by Shane (2016-01-01 17:54:45)
    Running from C:\Users\Shane\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2012-02-23 03:31:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1051381468-4094465459-3186913488-500 - Administrator - Disabled)
    Guest (S-1-5-21-1051381468-4094465459-3186913488-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-1051381468-4094465459-3186913488-1041 - Limited - Enabled)
    Shane (S-1-5-21-1051381468-4094465459-3186913488-1000 - Administrator - Enabled) => C:\Users\Shane

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Panda Free Antivirus (Disabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
    AS: Panda Free Antivirus (Disabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    AdFender (HKLM-x32\...\AdFender) (Version: 2.01 - AdFender, Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
    AMD APP SDK 2.9 (HKLM\...\{B192EDAC-25C7-408D-99A0-A23455F50E27}) (Version: 2.9.233.167 - Advanced Micro Devices, Inc.)
    AnalogX NetStat Live (HKLM-x32\...\AnalogX NetStat Live) (Version: - AnalogX)
    Any Video Converter Ultimate 5.5.9 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
    Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: - )
    AutoRun Disable by Endpoint Protector (HKLM-x32\...\{9B656DDD-F576-44DC-8B4D-6B4BAF9E7DD8}) (Version: 1.0.10 - CoSoSys Ltd.)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
    BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.4.91 - BitTorrent Inc.)
    Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bulk Mailer (HKLM-x32\...\Bulk Mailer) (Version: 8.2 - Live Software Inc)
    Bulk Mailer (x32 Version: 8.2 - Live Software Inc) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Collab (HKLM-x32\...\Collab) (Version: - Image-Line bvba)
    Connectify (HKLM\...\Connectify) (Version: 4.1.0.25941 - Connectify)
    Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
    CPUID CPU-Z 1.66 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CraigsCrawl 2.0 (HKLM-x32\...\{10DC4819-1135-4E9E-95FF-7D45F950C3EB}) (Version: 2.0 - Damon86.com)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Deep Remove (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\ccef69bf6a7f0755) (Version: 1.0.26.58 - JPJSM)
    DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.25.3+4.9 - DjVuZone)
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dropbox (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
    Dynex 1.3MP Webcam Driver (1.00.03.0000) (HKLM\...\Dynex VF0500) (Version: - )
    Dynex Webcam User's Guide (HKLM-x32\...\Dynex Webcam User's Guide) (Version: - )
    Easy GIF Animator 5.2 (HKLM-x32\...\Easy GIF Animator Cracked by zoo_is1) (Version: Easy GIF Animator 5.0 - )
    Electric Sheep 2.7b34 (HKLM-x32\...\Electric Sheep) (Version: 2.7b34 - Electricsheep)
    Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
    Exif Tag Remover 5.01 (HKLM-x32\...\Exif Tag Remover_is1) (Version: - RL Vision)
    f.lux (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Flux) (Version: - )
    Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FL Studio 8 (HKLM-x32\...\FL Studio 8) (Version: - Image-Line bvba)
    Free and Easy Biorhythm Calculator version 3.02 (HKLM-x32\...\Free and Easy Biorhythm Calculator_is1) (Version: - White Stranger Group)
    Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
    Free WAV to MP3 Converter 7.5.9 (HKLM-x32\...\7A8557C6-547D-42CC-B72E-F42F60F0B686_is1) (Version: - Accmeware Corporation)
    FreeFixer (HKLM-x32\...\FreeFixer1.13) (Version: 1.13 - Kephyr)
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Gateway Incorporated)
    Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
    Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
    Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Gateway Incorporated)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
    herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
    Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)
    Icecream Ebook Reader version 1.41 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 1.41 - Icecream Apps)
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line bvba)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
    IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.60 - IVONA Software Sp. z o.o.)
    Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    Litecoin (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Litecoin) (Version: 0.8.6.1 - Litecoin project)
    Live 8.2.8 (HKLM-x32\...\Live 8.2.8) (Version: - )
    Live! Cam Center (HKLM-x32\...\Live! Cam Center) (Version: - )
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
    Microsoft Research Mesh Virtual WIFI (HKLM-x32\...\{034A32D5-699E-4AED-A2EB-2CCB6E7F37F1}) (Version: 1.0.000 - Microsoft Research)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    MP3 Splitter Joiner Pro v4.2 build 2612 (HKLM-x32\...\{F88C04C9-9CDC-4830-A533-CC5E3D69F2A1}_is1) (Version: - Hoo Technologies)
    MP3 to YouTube Converter 1.0 (HKLM-x32\...\MP3 to YouTube Converter_is1) (Version: - FreeMusicConverter.net)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - )
    MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
    Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
    Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
    Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version: - Native Instruments)
    Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10800.8.100 - Nero AG)
    Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
    Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
    Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
    Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10100 - Nero AG)
    Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
    Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
    Network Security Task Manager 1.5 (HKLM-x32\...\Network Security Task Manager) (Version: 1.5 - Neuber GmbH)
    Nightly 13.0a1 (x64 en-US) (HKLM\...\Nightly 13.0a1 (x64 en-US)) (Version: 13.0a1 - Mozilla)
    Nmap 6.25 (HKLM-x32\...\Nmap) (Version: - )
    Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
    OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
    Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
    Palringo Beta (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\{palringo beta}}_is1) (Version: 0.31 - Palringo)
    Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
    Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
    Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0006 - Panda Security)
    Panda Free Antivirus (Version: 7.84.00.0000 - Panda Security) Hidden
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )
    PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
    PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line bvba)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power Exchange version 0.1 (HKLM-x32\...\{D2BA6EA8-3760-430D-95C2-9FA3FA04C675}_is1) (Version: 0.1 - SEO Power Bots)
    QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
    reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
    Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
    RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
    Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
    Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
    SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version: - )
    SEO PowerSuite Final 1.00 (HKLM-x32\...\SEO PowerSuite Final 1.00) (Version: 1.00 - SEO PowerSuite Final 2014)
    Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
    Smart Guardian (HKLM-x32\...\{417E7710-C77B-4CB9-839A-D586A12C64E2}) (Version: 2.0 - ITE)
    Sony Mobile Emma (HKLM-x32\...\Emma) (Version: 2.13.4.20 - Sony Mobile Communications AB)
    Sony Mobile Update Service (HKLM-x32\...\Update Service) (Version: 2.13.9.201308081522 - Sony Mobile Communications AB)
    Sony PC Companion 2.10.236 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
    SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version: - )
    SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: - NCH Software)
    Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
    Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
    Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
    SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
    Speed Video Splitter 4.3.47 (HKLM-x32\...\Speed Video Splitter_is1) (Version: - Flyers software, Inc.)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spotify (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
    SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    StudioTax 2014 (HKLM-x32\...\{B66FF49A-22D0-40C2-9E64-00325689850D}) (Version: 10.0.10.3 - BHOK IT Consulting)
    TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
    Toastify (HKLM-x32\...\Toastify) (Version: 1.6 - Jesper Palm)
    Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version: - Image-Line bvba)
    Ultra Video Splitter 5.1.0713 (HKLM-x32\...\Ultra Video Splitter_is1) (Version: - Aone Software)
    Unified Remote (HKLM-x32\...\{71A521AE-CCAE-43B0-8439-369AC1615B34}) (Version: 2.14.3.0 - Unified Remote)
    Unity Web Player (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Waterfox 39.0 (x64 en-US) (HKLM\...\Waterfox 39.0 (x64 en-US)) (Version: 39.0 - Mozilla)
    Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)
    WildTangent Games App (Gateway Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
    Winamp (HKLM-x32\...\Winamp) (Version: 5.581 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    WinHTTrack Website Copier 3.47-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.22 - HTTrack)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
    Wondershare Video Editor(Build 4.8.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
    Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
    Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)
    YouTube To MP3 V1.5.0 (HKLM-x32\...\{52A73D55-93BC-41A9-B4C0-C5A6E6DA0E26}_is1) (Version: 1.5.0 - Apowersoft)
    ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
    Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {025A2307-3CD5-4C0A-AA34-538407160A65} - System32\Tasks\herdProtectScan => C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe [2014-09-29] (Reason Software Company Inc.)
    Task: {0446FD56-C2BE-48A2-BB59-1847FC189B2A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {13E1E845-916B-4536-8748-F3C8C1F16C72} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {13EF663D-9D89-4E79-9B75-9D3358EBCE82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
    Task: {14018F38-7497-43FC-939B-79AAED78BFA0} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-06-21] (Nero AG)
    Task: {4B2877E7-5AD0-4477-B93C-217AC9FE1857} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {57F9CCEA-2ECF-429F-8D10-C50DE7A4FEEC} - \{F86B61FD-AD4D-4037-9EF7-90FD4318C267} -> No File <==== ATTENTION
    Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {648B4228-C046-4757-B989-C8ED15DEA49D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {875B3D9E-8B32-4851-BB29-317DDEC0CE61} - \Spybot - Search & Destroy - Scheduled Task -> No File <==== ATTENTION
    Task: {9A453458-2656-4C33-84E0-8A6666967BF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {CAC532C5-A0A8-475C-B36A-339ED34641D0} - System32\Tasks\Opera scheduled Autoupdate 1424728335 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
    Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
    Task: {DDAA8077-850C-437A-BD13-7BD5DE1401EE} - \Spybot - Search & Destroy Updater - Scheduled Task -> No File <==== ATTENTION
    Task: {E7D97A68-51BC-4238-BAAC-ADD12F11E180} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {ED1D5A59-2CA0-41B5-B116-1067773E45DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {F97AD7BF-3A15-4990-A1F8-59453DD14293} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Shane\Desktop\Program Shortcuts\µpdater.lnk -> C:\Users\Shane\AppData\Roaming\uTorrent\IP filter µpdater.bat ()
    Shortcut: C:\Users\Shane\Desktop\desktop\µpdater.lnk -> C:\Users\Shane\AppData\Roaming\uTorrent\IP filter µpdater.bat ()

    ==================== Loaded Modules (Whitelisted) ==============

    2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-02-26 14:11 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
    2011-10-27 03:24 - 2011-04-04 18:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
    2015-12-16 22:02 - 2015-12-10 19:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
    2015-12-16 22:02 - 2015-12-10 19:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
    2014-10-14 15:07 - 2014-10-14 15:07 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
    2011-10-27 02:34 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2015-12-27 23:59 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Shane\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:1CE11B51

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7750 more sites.

    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\123simsen.com -> www.123simsen.com

    There are 7750 more sites.
     
  4. Andit

    Andit TS Rookie Topic Starter Posts: 17

    [CONTINUED]


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2012-05-08 16:46 - 00442850 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 www.123fporn.info
    127.0.0.1 123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123moviedownload.com
    127.0.0.1 123moviedownload.com

    There are 15206 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254 - 75.153.176.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: fdPHost => 3
    MSCONFIG\Services: FDResPub => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Shane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Shane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
    MSCONFIG\startupreg: BitTorrent Sync => "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Connectify => C:\Program Files (x86)\Connectify\Connectify.exe
    MSCONFIG\startupreg: GlassWire => "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide
    MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: V0500Mon.exe => C:\Windows\V0500Mon.exe
    MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{B229786B-94BF-4C10-89DA-CB47996FCB2E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{14DA3937-780D-4A52-A450-BD5353BF82AC}] => (Allow) LPort=2869
    FirewallRules: [{ECC03155-D8E3-424C-8EFA-EFAF0F53AC93}] => (Allow) LPort=1900
    FirewallRules: [{7D25F6F3-4890-4FE9-9CC7-674F177CC25A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{509EE2D8-1C07-4499-90DD-C8C2E83636AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{EBA21F78-625A-40EB-914F-19E97AB6010E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1665A1EE-5BE5-4C70-B7AC-FC9AF4DD6A61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\shomac5k\counter-strike source\hl2.exe
    FirewallRules: [{420D5E74-1045-4765-B3EF-CCECFC06893D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\shomac5k\counter-strike source\hl2.exe
    FirewallRules: [{CCA6F9DF-9C3D-484B-B2FD-EE169AE25BE2}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
    FirewallRules: [{956A0256-8714-4D0D-BCFF-25BF956B9CC8}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B2189865-95E1-4DDC-B5C6-9D30F3E4C553}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{2C3612CB-5F75-4F39-A7BA-42F7CFDF9DB3}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{A2C4ABC5-5536-495D-9B80-502754AEBFA2}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0D8AD227-A196-4873-A5D1-B76B6231727A}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{8E5AD324-101F-4BF6-8E25-610967B79DD4}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9FDAD3B9-C8B4-4541-9F66-67BA51EFD811}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0EAFC281-3E1C-42C6-A483-06D9C765D765}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{5269A70D-0B12-45CD-A799-74A649AD4101}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{61B5F975-FD6C-4F3F-A2C6-A62D6AEBCA70}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{261CCDD8-FF5D-4AA1-BAFE-78DB5E5C701B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{F9BA02E0-2C59-4948-980B-F6A6128BA854}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{4CE4C010-DB4B-4BC0-8461-435359DCC8E1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{4FB3E012-14EA-4700-8307-248FD3CC9C59}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B55624C3-7CFF-4F02-B889-91A30BD405F1}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{E0725020-D3C9-4437-BBC8-B621232BBE6B}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{6DE31FE2-D636-4349-ACAF-F3880254293E}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{DD215597-4D34-4669-9E0A-59E55E5CF5E0}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B26397B6-8336-4313-A2E9-29765D2E6F36}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{1FF5E321-C14D-4703-B618-33E23FA552AF}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{ED1F5C8D-0F7D-4DE2-B797-A200F809602B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{39850DC7-4049-4083-B4F9-78B877DEF6E5}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{138B1D37-9DD7-4F24-B873-66BE12C79578}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{A8B5EF05-6686-4C61-B603-56FF758E68F9}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{4EC1CC8A-DFE3-4A6F-A945-13FDBCDA72BA}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{45946F23-0BF6-4048-A53F-53D97ABBC564}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{6036D077-CD87-44C8-86C6-AC476F172931}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{D5DFD925-DADF-4A15-A192-AB7B6A1D32CB}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{BCC9CFD2-5D59-425B-9269-4BCE81D61572}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{4A86A797-5A90-40AF-A2EB-100BD4F3B6B8}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{DB92D041-8C27-4190-BE13-8E2269CD19EA}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{36E7C44F-90D1-451D-B370-37BAF6994AE1}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{7FA39DA7-97C7-48BC-85EB-35CA3469BA91}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{A9505875-855D-40D9-8607-725A64417300}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9D3081BA-6E8E-41FF-ACA1-0047B7A89E27}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{384CBF6F-F316-42FD-98B3-5365B00904B2}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{01309D2B-67DA-409A-9A67-587074B93A6A}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{FBCABD87-0068-41B0-A42A-086B6BF4A1DA}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{765C20F4-E6C8-474D-A949-23FE127F6F4D}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{8E0BA25D-01CE-4778-B0E3-51CE049F4F4E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{7B5FE134-DFE8-47A2-B3A5-6EE9EE565B2D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{703A4EE8-4AE3-4DA5-93CF-7151B61D5091}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{BCC76929-348B-4204-ACA7-8B5CB8D85F4A}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{25BD39AF-2BC0-4737-B31E-8B68B4FFCC90}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{3DA34065-7596-489F-8589-B8146CE3BB24}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0B1115B0-7602-483F-8D74-7B2B6C6ECF93}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B52B6DEE-0744-4398-A6B8-2A9F27ACB2D3}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{8C9FFAD9-975E-426B-B363-EF8BD6F9A6E1}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{4317ABD1-2C16-4464-B068-08DF884AB6D7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{31A67241-61E3-44F0-AD0F-F01F1FC07F11}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{43003A2A-25C7-4BDE-9DD7-B49E1414C0F7}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{6E7AE34A-BF70-4965-9907-491F5313DE24}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{48E59547-0299-4B7C-8A3D-3E9C31E56F28}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{E3D874AF-B969-4953-A45C-4F70679C6723}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{233BEE55-026E-4824-8942-8EC3468D5342}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{CAD96344-59C7-4FCF-87CE-E0B643CC3B1F}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{859769C1-0BA7-4884-848D-45281ACFDE32}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Service\Update Service.exe
    FirewallRules: [{FD297AE7-5AC9-4254-AF19-73CB2EF33367}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Service\Update Service.exe
    FirewallRules: [{B7ECB282-A7A5-4BED-8B67-9B4BD3D4FD9A}] => (Allow) C:\Program Files (x86)\Sony Mobile\Emma\Emma.exe
    FirewallRules: [{D5756174-B8AB-4A1B-9D50-62B84A7E73C6}] => (Allow) C:\Program Files (x86)\Sony Mobile\Emma\Emma.exe
    FirewallRules: [{C7569CE2-4E9A-4C83-ADCD-88D841C7FD80}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{6344EB68-C11D-40C8-8B8A-3492665A26E7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{279FA07F-60D0-4BE6-85D6-761F6F746A19}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{99C41CDF-DEF7-4F5C-B4C5-835B1A718BCC}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{361F953E-66F6-4604-8C39-263F56DBDB04}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{8ECD23AE-14C8-4CA1-AA9F-8F7DDE47D810}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{FE9CD425-2E32-46AE-A761-8D17327D6047}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{BBE40230-B995-418C-98CA-A6D508D40A84}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{187ED747-09F9-4BC8-9E47-9F6921AC735D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0DE48B65-D297-4FD1-A8EA-5BBD87F343B0}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{24117230-3F26-4F39-A886-2892C575EC0C}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{2437AF52-FBC7-4E34-86CC-964B05131B26}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{E718E124-8F91-4338-BFF3-2C9D29398181}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{6B276873-4174-4896-A6DE-9293FE04D8C7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B2F6E8BE-CE9B-4676-A360-84F777698709}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{18C8DD87-815C-4DE9-A85C-B1AEF4A174CC}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{FEEC6718-CEF9-48CA-A231-948B937A485F}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{EF769BC7-D9F8-4D2A-B4B1-AAF3A89D2F39}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{80BEA4CE-F637-42D0-9055-85E55DF06BC4}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{064DA803-4BA5-440C-BF67-C0A9346D8AB3}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{2BA72F52-C9D8-4BEB-BF55-507A9B769825}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{91A965EA-3353-4C3D-8406-86A08B1CB848}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{6DB65C2D-4B07-492B-8610-6DDB2050AF41}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{51A2780E-EB64-48AE-B8D5-20339F327D94}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{DF3713F9-6B6F-4B6E-B4F1-BEBDC5ACB24E}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{61F700A6-166A-4015-BBC1-6B736FF5FFE1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{DAD9862D-78C2-429A-9FE4-720B6B635055}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{C9C217F3-ED78-45E6-843E-AC2187F58667}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{4875ACA7-99EC-4212-825C-31E86746ACA1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{68F96CC6-4914-48F5-95C2-DA88222DDBDC}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{88ABA2C6-C868-4561-805C-63C66060B84A}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{D8C0F05D-A60F-4579-B260-EE52B2D22272}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{66EAAEA2-E045-4C04-9CB9-791E097EBC91}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{2C3637EB-A085-4046-B0F2-874DA29AA848}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{5C66071A-DCF4-4A6B-B3EC-38F0DA386844}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{D78F4818-3F8C-454C-A96C-2E30E20F4797}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{881688F7-6A20-425E-A1A0-9621DD46C8DD}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9C3E84C4-8C54-49C0-A237-5F841850A235}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0D037AA5-8172-4BFD-A8C1-C6C08CD6DF0C}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{96477870-CDCA-4768-A612-F6528FF1150E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{CDE21A02-8F6D-4021-B6A7-AC662D3C184C}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{F77AE76C-B031-4D21-BA2B-23C92FBDF0BF}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{15059492-727F-4EE1-8EE5-B9931D12A77E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{F5CB5D34-DEA1-49AC-9B30-AC441ACB2E1E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{565676F7-FFB9-4E5E-A829-0EED9C6EA8A7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{818CCE71-71A7-4ECA-BA94-492A5998B4A1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{EC951D26-7D1B-466E-A191-58477DCACC12}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{5FD90036-BF1A-4465-BFCB-F1291F789F60}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{509E933D-9F7A-48DB-938E-4C864C93C3B2}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{7AB53C8C-3957-4A21-9A36-CF00F902AAAC}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{8CB3383D-AAB3-4FB0-8364-EFC649FC2CF5}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{7AB809CA-EBBE-4ACC-9EB3-4655C4741729}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{02487671-80FA-4D4E-A571-B7BBF38F4CB0}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9080C1A6-A331-42BE-A35F-C3A6116E4972}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9E2EC42E-F009-4A79-A07E-F7837F6448A2}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{038AA883-FD9E-40A6-8DAF-DB2C6F00DFD3}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{AE113813-492B-41D8-AAF7-54D6BC6F9F9C}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{72072B4A-ED1B-43B5-9F97-6FEB1526921E}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{E94F093B-D56D-4415-9B40-D2CBC416A873}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{1BDA3DB5-22FE-4649-BFA6-4341CFF6C2A9}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{5EDFBDF5-C669-4065-AED1-6BC3B8F9CD88}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{C8830996-D0A7-440D-BA1B-01CC1EA0DC8F}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9A3906B6-7EAE-4EC5-A4B3-1D417C953BC9}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{A7C8F1CF-A4CE-4F98-B5BE-FF2D374C01DD}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{C7322353-6273-4E4F-84FA-9701D637D771}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{86A0DCD5-C5B1-47F1-BF5B-041CAD6FB854}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{10405DA4-868D-44C8-90CB-6CE170BAA373}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{E3F83204-96AA-46A7-821B-3FCACE395E05}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{DCF1A5F1-AF75-4623-B2F3-A63199E1BD80}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{D4B8DBF8-DF4E-4578-9A4D-B0D419482D22}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9CBCB423-6341-4A2E-9435-F9A56A35C910}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{793665CA-9277-47A0-AE40-CECD4652F121}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{CC367D70-4F23-4A76-B097-6231F28181D9}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0FDC208F-5160-41F2-8BDD-116D1FC9551D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9BFD2E59-1E58-4B38-B0D2-DC8368FA5C41}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{9AC60221-B017-4DF7-82AA-BD188A219C77}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{D0DC7047-5384-4076-A8D7-A422A6C4201B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{FC31EE35-D42F-44B6-B699-E9B3552E7FB6}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{F79F9A36-628F-420E-988B-AF49F266BDB3}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{30921E49-38D4-42AC-B83E-C19B86DB472C}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{CC2EBA4B-4B59-416B-B781-0437C1367A49}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{6A7FA5ED-B31B-4A23-901D-3EF3F2F825F1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{83F4EE1B-18ED-4345-A5B2-0B907843EFC6}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{6B601D9E-DD6D-4B05-A697-2DB723C50F59}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{9A932428-4782-40EF-8E92-0B7FC6CC3EE9}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{360D2CB5-A0AD-4E32-8169-E8076255DB71}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{19EABD30-B3EF-4459-B610-C8B2C1C9F4AE}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{8D24997F-B2BD-48F8-BF0F-253D4299172E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{3CAAD0B0-FB39-43D3-9228-5316C3990E8B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{44EF28FD-1510-4F9D-89B6-14B7001EED5F}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{A05031A6-723B-4793-9527-ABA2BB1A3EB8}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{99B4B4B4-DE80-4310-B8F2-7F1B67DF1CF8}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{300F7D37-94FE-4128-BE5F-453BB8D7DCB4}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B4167570-6188-4F24-A40D-51ADD1E336F5}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{22D91610-EC79-4A26-A3F7-85DA5C779B40}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{419FC887-AEED-4E32-B0AC-2C9CC84DBF87}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [TCP Query User{9A65F1C8-98C2-4B5F-9332-1F31EA26C13B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [UDP Query User{F579EFA6-1061-4A0F-9914-14B0F6DA143B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [{8C68E386-811C-45D8-86F1-35E826B664BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{FCA9240F-3C4B-4DB6-82A0-4A9C7C822EAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [TCP Query User{D2634CFA-7569-489F-B5D6-FE921A563C2D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{7AF4E901-7DC8-4793-88AD-90F0C9F91B53}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [TCP Query User{04E1E54F-4064-4A16-B601-7C885A54F6A7}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [UDP Query User{8707BFAD-E6A2-40DC-9140-C6EA6BFA4F13}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [TCP Query User{3DC61758-14A1-4E8B-BF32-52D589452433}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [UDP Query User{34E741F9-36B3-4886-B16C-CBCFC58D8B2B}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [TCP Query User{52884A0A-B8B6-4338-BE11-46E662D396EF}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [UDP Query User{BB39B84A-7255-4000-B527-976449FFCC38}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [{6F0C4BF8-F979-47CB-828E-73D34F3676AC}] => (Block) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [{DE33561F-F7DA-459C-82E0-1F15E7D909FB}] => (Block) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [TCP Query User{7DF542EA-46BC-4EF0-B799-66FE5AAB25C2}C:\program files\winhttrack\winhttrack.exe] => (Block) C:\program files\winhttrack\winhttrack.exe
    FirewallRules: [UDP Query User{2EB8A408-72E1-4D11-878E-7F5425B227D5}C:\program files\winhttrack\winhttrack.exe] => (Block) C:\program files\winhttrack\winhttrack.exe
    FirewallRules: [{AA0FC55C-C0D7-46DE-B921-10DC417A2742}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{7BDC804B-0D34-4FA8-9971-F1C8477BDD8A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{02F1D4DB-4D4B-43DE-89AB-F61D722F09FD}] => (Allow) C:\Users\Shane\AppData\Local\Temp\uttB474.tmp.exe
    FirewallRules: [{98000A27-476C-442F-900F-970292471F92}] => (Allow) C:\Users\Shane\AppData\Local\Temp\uttB474.tmp.exe
    FirewallRules: [{A2F33A39-36AD-4E5D-A946-20C38311149D}] => (Allow) C:\Users\Shane\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{254772D6-5E5F-4441-AF05-A89D77307BC8}] => (Allow) C:\Users\Shane\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{2F31BBC0-972A-43EC-AE72-80F8891FC29E}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [UDP Query User{87316062-4605-430D-91BD-0D99BEACFD33}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [TCP Query User{307F5BB6-711D-442B-830E-89C55E2732CE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{4A1A27C6-7DCE-4E91-A211-35481D41B6BB}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [{5ABA8C29-2306-4E25-B59C-BC737C953D7C}] => (Allow) C:\Users\Shane\AppData\Roaming\Spotify\spotify.exe
    FirewallRules: [{40F1D1AF-AAC5-42CE-8554-DDB2014EEDA5}] => (Allow) C:\Users\Shane\AppData\Roaming\Spotify\spotify.exe
    FirewallRules: [{261B9E1E-B674-4598-B194-B8CB3D782DC4}] => (Allow) C:\Users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{51B7E2A6-292B-430C-A793-7E0E4012B353}] => (Allow) C:\Users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{408839D2-4BC9-4F1E-BDF9-4C512CFD192C}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
    FirewallRules: [{EAE9DED0-7553-4516-845E-371343302E39}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
    FirewallRules: [{CCBDF491-C56D-4266-9B02-FC95503DA3CC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    FirewallRules: [{DEBE1F31-9726-422A-9371-CBF26B90004E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    FirewallRules: [{358A31A0-6165-41A1-A36D-81EB0CF3BE77}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    FirewallRules: [{F27B0050-931F-4F66-BA2E-B7B240ED65EE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    FirewallRules: [{6FD0ED70-E2DA-4382-8408-6A6226620387}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{488BDD71-9B3C-4B78-805C-CF4C84CE2858}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{5C6CED81-BBEB-4EFF-AAE1-8EADF013CFD5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{5C22FD9A-F9C1-4CA6-9D7D-A969531FF6D3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{A1C63AAB-1994-4ADA-84DF-7AD84B53A98A}] => (Allow) C:\Users\Shane\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{4F45BB91-62F3-4C00-B91E-CF2646839E99}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4102B0EC-3AB7-46C5-BCB0-2F6FABBC92CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1784D1A4-3519-4555-A73F-A670F98CCB40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A9865554-D06C-47B7-BD66-C47E13FA5AD7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{A51365D2-F508-4126-BBED-5FBBE0B2B3A7}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [UDP Query User{F8BD21F6-C977-4486-AF83-02ECDE6F1524}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [TCP Query User{2C8C4F6C-DC49-4651-AAE5-C01BA6D70360}C:\program files (x86)\aether\aether.exe] => (Allow) C:\program files (x86)\aether\aether.exe
    FirewallRules: [UDP Query User{296F6E5E-47D6-47E8-A585-08876235E593}C:\program files (x86)\aether\aether.exe] => (Allow) C:\program files (x86)\aether\aether.exe
    FirewallRules: [TCP Query User{50B96EEA-416A-4B92-81BF-54901F63C6A1}C:\Program Files (x86)\Aether\networking_daemon\aether_networking_process.exe] => (Allow) C:\Program Files (x86)\Aether\networking_daemon\aether_networking_process.exe
    FirewallRules: [UDP Query User{9BB8ABD8-7471-404B-89EF-835A3F988F4F}C:\Program Files (x86)\Aether\networking_daemon\aether_networking_process.exe] => (Allow) C:\Program Files (x86)\Aether\networking_daemon\aether_networking_process.exe
    FirewallRules: [{01F0B1E7-BB4C-4206-8184-841C40EAAF18}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
    FirewallRules: [{45E0C584-0DFD-41C2-BF35-86B03732D4CF}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
    FirewallRules: [{A0BC7131-1A77-446A-94F6-CAF99264B9B8}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
    FirewallRules: [{1B227616-3BF2-4637-B9AB-4A453715A763}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
    FirewallRules: [{90B11D7B-2119-4FBB-860E-99C912BAAC69}] => (Block) c:\program files (x86)\opera\30.0.1835.88\opera_autoupdate.exe
    FirewallRules: [{89353EFD-2312-4B19-8D94-E5EC46312854}] => (Block) c:\program files (x86)\opera\30.0.1835.88\opera_autoupdate.exe
    FirewallRules: [{2AD59A09-71BE-4527-8162-54CBBE67F33E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{54A9A02B-2525-4372-924B-94A19C9EA667}] => (Block) c:\program files\windows media player\wmpnetwk.exe
    FirewallRules: [{E56366AA-8D7D-4687-B8AA-1F5ED1F1075C}] => (Block) c:\program files\windows media player\wmpnetwk.exe
    FirewallRules: [{E1DE2C9A-C0C1-4C2D-953B-472852CBB4E1}] => (Block) c:\program files (x86)\splashtop\splashtop software updater\ssuservice.exe
    FirewallRules: [{777D0CF2-FCE8-451E-AB0C-EF2D1B67C0CF}] => (Block) c:\program files (x86)\splashtop\splashtop software updater\ssuservice.exe
    FirewallRules: [{244577A1-FAEF-4D08-93DE-AE9B315AF402}] => (Block) c:\users\shane\desktop\superantispyware.exe
    FirewallRules: [{4D8F69BE-F45E-4B3C-9335-DED01D310BD4}] => (Block) c:\users\shane\desktop\superantispyware.exe
    FirewallRules: [{8DAE81C9-6D33-4112-A315-D85EB7FFDDCA}] => (Block) c:\program files\superantispyware\superantispyware.exe
    FirewallRules: [{620A5E3E-2F0C-4400-9FB1-36DDFE427D4E}] => (Block) c:\program files\superantispyware\superantispyware.exe
    FirewallRules: [{38F87D37-D687-48E7-9FAB-9F317FF19EBA}] => (Block) c:\program files\bonjour\mdnsresponder.exe
    FirewallRules: [{6F93D456-1165-40E6-8AE5-B3F240139758}] => (Block) c:\program files\bonjour\mdnsresponder.exe
    FirewallRules: [{3DF08DA2-65D6-4BEE-83E2-3ADDBC0BD7EE}] => (Block) c:\program files\windows defender\mpcmdrun.exe
    FirewallRules: [{7E7844CD-542B-459A-8D80-5D779514B44F}] => (Block) c:\program files\windows defender\mpcmdrun.exe
    FirewallRules: [{87717839-6298-42F2-9FF4-0BD0B2C33850}] => (Allow) C:\Users\Shane\AppData\Local\Temp\Rar$EXb0.458\ipts.exe
    FirewallRules: [{8CCF9593-ED84-4B4A-9B41-619D6D9FE21D}] => (Allow) C:\Users\Shane\AppData\Local\Temp\Rar$EXb0.458\ipts.exe
    FirewallRules: [{2EABDA7E-6820-4098-A874-FD0DD7FC05FA}] => (Allow) C:\Users\Shane\Desktop\ipts.exe
    FirewallRules: [{03ABC5E4-E440-4963-9E24-5D10F98D1C92}] => (Allow) C:\Users\Shane\Desktop\ipts.exe
    FirewallRules: [{BEF2249C-37B6-40BF-8425-D627289C60F8}] => (Block) c:\users\shane\desktop\ipts.exe
    FirewallRules: [{F7AC2001-0BA6-4C87-8B3C-A21AA66F55A3}] => (Block) c:\users\shane\desktop\ipts.exe
    FirewallRules: [{ACFFB498-B48E-4320-B326-2511A663B930}] => (Block) c:\users\shane\desktop\email scraper\emailscraperwizard.exe
    FirewallRules: [{1A413D10-8DAE-4D6E-B15B-35F867BADBD4}] => (Block) c:\users\shane\desktop\email scraper\emailscraperwizard.exe
    FirewallRules: [{0314D253-0478-4D56-905A-5B44BC6A2EF8}] => (Block) c:\users\shane\appdata\local\temp\rar$exb0.458\ipts.exe
    FirewallRules: [{356DBC82-A276-429D-B027-4AC366A677B9}] => (Block) c:\users\shane\appdata\local\temp\rar$exb0.458\ipts.exe
    FirewallRules: [{61345875-AF9B-4958-99AC-3326A3B89050}] => (Block) c:\program files (x86)\power exchange\spz1.exe
    FirewallRules: [{F788C1C5-707A-4690-ABC1-3D703EB26543}] => (Block) c:\program files (x86)\power exchange\spz1.exe
    FirewallRules: [{57D43AEB-7154-4731-927C-51E2FE8F0081}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdcleaner.exe
    FirewallRules: [{DF1D940F-B340-47BB-BF48-9597FD6F7B65}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdcleaner.exe
    FirewallRules: [{35BB8941-8D17-4820-9332-3B92E64DAFC6}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
    FirewallRules: [{918B3DF7-90F8-40DB-8558-76D2D99EB8D3}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
    FirewallRules: [{76E63D52-9182-4483-B6AB-86959F844D70}] => (Block) c:\program files (x86)\wondershare\video editor\wsresdownloader.exe
    FirewallRules: [{2F334C85-3D59-4981-A385-5FB4897F189C}] => (Block) c:\program files (x86)\wondershare\video editor\wsresdownloader.exe
    FirewallRules: [{18EC4DFE-50AB-4008-A668-4F21B31EF56E}] => (Block) c:\users\shane\appdata\local\palringo beta\palringo beta.exe
    FirewallRules: [{1ECBB5F8-9FE6-4BC8-8F5A-572CCDC7D6DB}] => (Block) c:\users\shane\appdata\local\palringo beta\palringo beta.exe
    FirewallRules: [{63915654-63DE-4A64-82F2-EE9E8218C3EE}] => (Block) c:\program files (x86)\common files\wondershare\wondershare helper compact\wshelper.exe
    FirewallRules: [{6D136362-8A62-4D22-8071-8B6D39256710}] => (Block) c:\program files (x86)\common files\wondershare\wondershare helper compact\wshelper.exe
    FirewallRules: [{F4DEF2D4-D318-4A65-BA58-F4C464F81496}] => (Block) c:\program files (x86)\wondershare\video editor\videoeditor.exe
    FirewallRules: [{00B1A555-71FF-4D4D-8C85-6D90F95AA838}] => (Block) c:\program files (x86)\wondershare\video editor\videoeditor.exe
    FirewallRules: [{5256E0B9-FFD8-490A-9CC2-E4DD434A0F3F}] => (Block) c:\program files (x86)\openoffice.org 3\program\soffice.bin
    FirewallRules: [{B9CAC069-AE6E-455C-AF11-023B69E11051}] => (Block) c:\program files (x86)\openoffice.org 3\program\soffice.bin
    FirewallRules: [{5B2BEC33-2ABA-4EC5-B6E0-BB32668B7D4C}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdimmunize.exe
    FirewallRules: [{F3ED5603-5AB1-4185-ADBA-C534BA23AB78}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdimmunize.exe
    FirewallRules: [{4055B1F8-B578-49B4-B871-F31D87DD3564}] => (Block) c:\windows\temp\{87488285-99e7-4d6a-9889-98448064feed}\installflashplayer.exe
    FirewallRules: [{0CEAFCE6-047B-4481-89AA-6CA02E87CCC1}] => (Block) c:\windows\temp\{87488285-99e7-4d6a-9889-98448064feed}\installflashplayer.exe
    FirewallRules: [{B871B439-3CF3-4ED2-851F-8452106872EE}] => (Block) c:\windows\temp\{6e767649-a1e8-49c2-949d-c9feca5a8d40}\installflashplayer.exe
    FirewallRules: [{652C203D-2CD3-4E8B-91B6-AD2E628C8475}] => (Block) c:\windows\temp\{6e767649-a1e8-49c2-949d-c9feca5a8d40}\installflashplayer.exe
    FirewallRules: [{6181C8EF-A895-465A-896B-F677A4E5F0E8}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
    FirewallRules: [{1EC66931-A6BA-41A4-A7ED-1C3BB168EFF5}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
    FirewallRules: [{8BC652BB-A2B9-4A84-B0A8-5DAA6764EEB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{5940FDD8-4587-4565-9F1F-B0441A5DAE52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [TCP Query User{491CF5CE-2A9F-488B-9C5B-38F6A7791CAF}C:\users\shane\desktop\qtox.exe] => (Allow) C:\users\shane\desktop\qtox.exe
    FirewallRules: [UDP Query User{CC9F3D66-D64E-4B64-A2A1-C3789EB7316F}C:\users\shane\desktop\qtox.exe] => (Allow) C:\users\shane\desktop\qtox.exe
    FirewallRules: [{C947E96E-A546-44A6-AC5A-10D5EA105286}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D4B3D27B-F0F4-4824-8DE4-53E365054FAD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{CF676682-8CAC-4198-84FE-76586C234FD1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{9BDA595D-1686-4802-8A4B-FD632482C3DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{9C202E5C-CD45-49BD-8557-DDA558193E1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

    ==================== Restore Points =========================

    22-12-2015 19:18:08 Scheduled Checkpoint
    24-12-2015 04:09:59 Windows Update
    31-12-2015 10:05:50 Windows Update
    31-12-2015 13:00:10 Removed iTunes
    01-01-2016 05:28:07 Windows Modules Installer
    01-01-2016 06:02:45 Removed Mach5 Mailer

    ==================== Faulty Device Manager Devices =============

    Name: Realtek PCIe GBE Family Controller
    Description: Realtek PCIe GBE Family Controller
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: RTL8167
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/01/2016 05:21:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

    Error: (01/01/2016 05:11:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2016 11:29:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 18484137

    Error: (01/01/2016 11:29:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 18484137

    Error: (01/01/2016 11:29:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/01/2016 11:29:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 18481626

    Error: (01/01/2016 11:29:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 18481626

    Error: (01/01/2016 11:29:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (01/01/2016 11:29:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 18479130

    Error: (01/01/2016 11:29:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 18479130


    System errors:
    =============
    Error: (01/01/2016 05:11:24 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5

    Error: (01/01/2016 05:11:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NTPort Library Driver service failed to start due to the following error:
    %%2

    Error: (01/01/2016 05:11:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The YSearchUtilSvc service failed to start due to the following error:
    %%2

    Error: (01/01/2016 05:11:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NIHardwareService service failed to start due to the following error:
    %%3

    Error: (01/01/2016 05:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Connectify service failed to start due to the following error:
    %%3

    Error: (01/01/2016 06:18:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The YSearchUtilSvc service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/01/2016 05:43:46 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5

    Error: (01/01/2016 05:43:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NTPort Library Driver service failed to start due to the following error:
    %%2

    Error: (01/01/2016 05:43:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NIHardwareService service failed to start due to the following error:
    %%3

    Error: (01/01/2016 05:43:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Connectify service failed to start due to the following error:
    %%3


    CodeIntegrity:
    ===================================
    Date: 2013-11-24 14:01:30.727
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-24 14:01:30.725
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-24 14:01:30.723
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-24 14:01:29.336
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-24 14:01:29.334
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-24 14:01:29.332
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-08-19 16:15:58.418
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Shane\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-08-19 16:15:58.403
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Shane\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-08-19 16:15:58.144
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Shane\Desktop\everest\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-08-19 16:15:58.129
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Shane\Desktop\everest\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
    Percentage of memory in use: 58%
    Total physical RAM: 4000.28 MB
    Available physical RAM: 1647.2 MB
    Total Virtual: 7998.76 MB
    Available Virtual: 5235.36 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:917.41 GB) (Free:131.23 GB) NTFS
    Drive l: (TRAVELDRIVE) (Removable) (Total:0.94 GB) (Free:0.81 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8F078F48)
    Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=917.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 958.2 MB) (Disk ID: 6CE37E6D)
    Partition 1: (Active) - (Size=958 MB) - (Type=06)

    ==================== End of Addition.txt ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
    Andit likes this.
  6. Andit

    Andit TS Rookie Topic Starter Posts: 17

    RogueKiller V11.0.5.0 (x64) [Dec 28 2015] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Shane [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 01/02/2016 11:48:01

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 15 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\YSearchUtilSvc ("C:\Program Files (x86)\Yahoo!\yset\{BA9EF3FE-892C-5447-891E-5BDBD92452F6}\YSearchUtilSvc.exe") -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\YSearchUtilSvc ("C:\Program Files (x86)\Yahoo!\yset\{BA9EF3FE-892C-5447-891E-5BDBD92452F6}\YSearchUtilSvc.exe") -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\YSearchUtilSvc ("C:\Program Files (x86)\Yahoo!\yset\{BA9EF3FE-892C-5447-891E-5BDBD92452F6}\YSearchUtilSvc.exe") -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 ([-][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 ([-][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 75.153.176.1 ([-][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{418F29EE-1A32-4B39-A0CC-6192F27453C6} | DhcpNameServer : 192.168.1.254 75.153.176.1 ([-][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E9BDF33F-EF9E-469E-B69F-E3278008A053} | DhcpNameServer : 192.168.1.254 75.153.176.1 ([-][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{418F29EE-1A32-4B39-A0CC-6192F27453C6} | DhcpNameServer : 192.168.1.254 75.153.176.1 ([-][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E9BDF33F-EF9E-469E-B69F-E3278008A053} | DhcpNameServer : 192.168.1.254 75.153.176.1 ([-][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{418F29EE-1A32-4B39-A0CC-6192F27453C6} | DhcpNameServer : 192.168.1.254 75.153.176.1 ([-][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E9BDF33F-EF9E-469E-B69F-E3278008A053} | DhcpNameServer : 192.168.1.254 75.153.176.1 ([-][X]) -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 5 ¤¤¤
    [PUP][Folder] C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151} -> Deleted
    [PUP][File] C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\Controller Editor Setup PC.dat -> Deleted
    [PUP][File] C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\Controller Editor Setup PC.exe -> Deleted
    [PUP][File] C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\Controller Editor Setup PC.msi -> Deleted
    [PUP][File] C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\Controller Editor Setup PC.par -> Deleted
    [PUP][File] C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\Controller Editor Setup PC.res -> Deleted
    [PUP][File] C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\instance.dat -> Deleted
    [PUP][File] C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\mia.lib -> Deleted
    [PUP][Folder] C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A} -> Deleted
    [PUP][File] C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\instance.dat -> Deleted
    [PUP][File] C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\mia.lib -> Deleted
    [PUP][File] C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\Traktor Setup PC.dat -> Deleted
    [PUP][File] C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\Traktor Setup PC.exe -> Deleted
    [PUP][File] C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\Traktor Setup PC.msi -> Deleted
    [PUP][File] C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\Traktor Setup PC.par -> Deleted
    [PUP][File] C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\Traktor Setup PC.res -> Deleted
    [PUP][Folder] C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} -> Deleted
    [PUP][File] C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\instance.dat -> Deleted
    [PUP][File] C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\mia.lib -> Deleted
    [PUP][File] C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.dat -> Deleted
    [PUP][File] C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe -> Deleted
    [PUP][File] C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.msi -> Deleted
    [PUP][File] C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.par -> Deleted
    [PUP][File] C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.res -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A} -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\instance.dat -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\mia.lib -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\6A383B6E\ContactLists.mdb -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\6A383B6E\Log.mdb -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\6A383B6E\SendingResults.mdb -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\6A383B6E\Tracking.mdb -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\6A383B6E -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\D1482367\additionalbuttons.txt -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\D1482367\additionalfields.txt -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\D1482367\additionalhiddenfield.txt -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\D1482367\additionalscript.txt -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\D1482367\signin.txt -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328\D1482367 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF328 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF329\A02978A6\AxInterop.SHDocVw.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF329\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF329 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF330\A02978A6\Common.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF330\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF330 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF331\A02978A6\ICSharpCode.SharpZipLib.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF331\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF331 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF332\A02978A6\Interop.Excel.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF332\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF332 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF333\A02978A6\Interop.Microsoft.Office.Core.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF333\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF333 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF334\A02978A6\Interop.MSDASC.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF334\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF334 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF335\A02978A6\Interop.MSScriptControl.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF335\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF335 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF336\A02978A6\Interop.Outlook.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF336\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF336 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF337\A02978A6\Interop.SHDocVw.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF337\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF337 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF338\A02978A6\Lists.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF338\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF338 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF339\A02978A6\Mailer.exe -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF339\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF339 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF340\A02978A6\Network.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF340\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF340 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF341\A02978A6\Office.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF341\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF341 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF342\A02978A6\SourceGrid2.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF342\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF342 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF343\A02978A6\WABHelper.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF343\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF343 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF344\D991067D\Microsoft.mshtml.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF344\D991067D -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF344 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF345\D991067D\JRO.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF345\D991067D -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF345 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF346\A852DFD3\BounceEmailProcessor.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF346\A852DFD3\Common.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF346\A852DFD3\Lists.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF346\A852DFD3\Mailer.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF346\A852DFD3\Network.resources.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF346\A852DFD3 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF346 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF347\5DE9D1A4\BounceEmailProcessor.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF347\5DE9D1A4\Common.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF347\5DE9D1A4\Lists.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF347\5DE9D1A4\Mailer.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF347\5DE9D1A4\Network.resources.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF347\5DE9D1A4 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF347 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF348\A02978A6\BounceEmailProcessor.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF348\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF348 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF349\97012198\adodb.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF349\97012198 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF349 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\1386B4BB\Preview.JPG -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\1386B4BB -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\15D0D5F\Preview.JPG -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\15D0D5F -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3247EA44\jd_emb002_02.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3247EA44\jd_emb002_04.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3247EA44\jd_emb002_07.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3247EA44\jd_emb002_10.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3247EA44\mainpic.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3247EA44\Message.htm -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3247EA44\more_info.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3247EA44\spacer.gif -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3247EA44 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3F1A2E3C\basecurve-left.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3F1A2E3C\basecurve-right.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3F1A2E3C\logo.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3F1A2E3C\mainpic2.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3F1A2E3C\Message.htm -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3F1A2E3C\mftico.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3F1A2E3C\spacer.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3F1A2E3C\toptreatment.gif -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\3F1A2E3C -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\5803B21A\Preview.JPG -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\5803B21A -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\67385181\User Image.JPG -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\67385181 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\7BF78FBD\mainpic.jpg -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\7BF78FBD\Message.htm -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\7BF78FBD\sidetop2.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\7BF78FBD\spacer.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\7BF78FBD\toplogo3.gif -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\7BF78FBD -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\89836BA2\leftbg3.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\89836BA2\mainbg3.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\89836BA2\Message.htm -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\89836BA2\rightbg3.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\89836BA2\topbar.gif -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\89836BA2 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\997C75DF\Preview.JPG -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\997C75DF -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\A377A5CF\Preview.JPG -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\A377A5CF -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\B9925CD\Preview.JPG -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\B9925CD -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\C012AD5A\jd_emb036_02.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\C012AD5A\mainpic5.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\C012AD5A\mainpictop.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\C012AD5A\Message.htm -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\C012AD5A -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\C1C01A3A\Preview.JPG -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\C1C01A3A -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\D5A8265B\mainpic7.jpg -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\D5A8265B\Message.htm -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\D5A8265B\sidetop3.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\D5A8265B\spacer.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\D5A8265B\toplogo4.gif -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\D5A8265B -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\E72374F0\mainpic6.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\E72374F0\Message.htm -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\E72374F0\sidetop.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\E72374F0\spacer.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\E72374F0\toplogo2.gif -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\E72374F0 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FB58F88D\Preview.JPG -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FB58F88D -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F\basebg.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F\btn_websitelink.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F\leftbg4.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F\leftinnerblue.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F\main1.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F\main2.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F\Message.htm -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F\rightbg4.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F\rightinnerblue.gif -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F\specialoffer.gif -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350\FED7A12F -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF350 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF351\CC89FBED\en-US.dic -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF351\CC89FBED -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF351 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF352\A02978A6\NetSpell.SpellChecker.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF352\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF352 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF353\CC89FBED\de-DE.dic -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF353\CC89FBED -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF353 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF354\CC89FBED\fr-FR.dic -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF354\CC89FBED -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF354 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF356\BBAA5B20\BounceEmailProcessor.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF356\BBAA5B20\Common.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF356\BBAA5B20\Lists.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF356\BBAA5B20\Mailer.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF356\BBAA5B20\Network.resources.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF356\BBAA5B20 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF356 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF357\E215ABA4\BounceEmailProcessor.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF357\E215ABA4\Common.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF357\E215ABA4\Lists.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF357\E215ABA4\Mailer.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF357\E215ABA4\Network.resources.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF357\E215ABA4 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF357 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF358\A8AC68A4\BounceEmailProcessor.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF358\A8AC68A4\Common.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF358\A8AC68A4\Lists.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF358\A8AC68A4\Mailer.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF358\A8AC68A4\Network.resources.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF358\A8AC68A4 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF358 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF359\463A7F91\BounceEmailProcessor.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF359\463A7F91\Common.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF359\463A7F91\Lists.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF359\463A7F91\Mailer.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF359\463A7F91\Network.resources.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF359\463A7F91 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF359 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF360\CC89FBED\es-ES.dic -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF360\CC89FBED -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF360 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF361\CC89FBED\en-AU.dic -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF361\CC89FBED -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF361 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF362\CC89FBED\en-CA.dic -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF362\CC89FBED -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF362 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF363\CC89FBED\es-MX.dic -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF363\CC89FBED -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF363 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF364\78D51FE1\BounceEmailProcessor.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF364\78D51FE1\Common.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF364\78D51FE1\Lists.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF364\78D51FE1\Mailer.resources.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF364\78D51FE1\Network.resources.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF364\78D51FE1 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF364 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF365\A02978A6\DevExpress.BonusSkins.v11.1.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF365\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF365 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF366\A02978A6\DevExpress.Charts.v11.1.Core.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF366\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF366 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF367\A02978A6\DevExpress.Data.v11.1.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF367\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF367 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF368\A02978A6\DevExpress.OfficeSkins.v11.1.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF368\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF368 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF369\A02978A6\DevExpress.Printing.v11.1.Core.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF369\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF369 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF370\A02978A6\DevExpress.Utils.v11.1.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF370\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF370 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF371\A02978A6\DevExpress.XtraBars.v11.1.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF371\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF371 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF372\A02978A6\DevExpress.XtraCharts.v11.1.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF372\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF372 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF373\A02978A6\DevExpress.XtraCharts.v11.1.UI.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF373\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF373 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF374\A02978A6\DevExpress.XtraEditors.v11.1.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF374\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF374 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF375\A02978A6\DevExpress.XtraGrid.v11.1.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF375\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF375 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF376\A02978A6\DevExpress.XtraLayout.v11.1.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF376\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF376 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF377\A02978A6\DevExpress.XtraNavBar.v11.1.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF377\A02978A6 -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\IF377 -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\mDotNet.dll\mDotNetExec.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\mDotNet.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\mMDACRun.dll\mMDACExec.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\mMDACRun.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\mMSI.dll\mMSIExec.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\mMSI.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\mWinRun.dll\mWinRunExec.dll -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\mWinRun.dll -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A} -> Deleted
    [PUP][Folder] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\OFFLINE -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\setup.dat -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\setup.exe -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\setup.lnk -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\setup.msi -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\setup.par -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\setup.res -> Deleted
    [PUP][File] C:\ProgramData\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\{C6070A97-1744-404B-BD47-981A22CDEB3C} -> Deleted
    [PUP][Folder] C:\Program Files\FreeFixer -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\definitions\readme.txt -> Deleted
    [PUP][Folder] C:\Program Files\FreeFixer\definitions -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\freefixer.exe -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\system\donate.gif -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\system\gradient.gif -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\system\logo.gif -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\system\shellicons\bat.ico -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\system\shellicons\dll.ico -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\system\shellicons\exe.ico -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\system\shellicons\freefixer.ico -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\system\shellicons\msdos.ico -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\system\shellicons\new.png -> Deleted
    [PUP][Folder] C:\Program Files\FreeFixer\system\shellicons -> Deleted
    [PUP][Folder] C:\Program Files\FreeFixer\system -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\tools\ffnd\disable-logging.bat -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\tools\ffnd\disable-logging.reg -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\tools\ffnd\enable-logging.bat -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\tools\ffnd\enable-logging.reg -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\tools\ffnd\ffnd.exe -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\tools\ffnd\readme.txt -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\tools\ffnd\uninstall.bat -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\tools\ffnd\uninstall.reg -> Deleted
    [PUP][Folder] C:\Program Files\FreeFixer\tools\ffnd -> Deleted
    [PUP][Folder] C:\Program Files\FreeFixer\tools -> Deleted
    [PUP][File] C:\Program Files\FreeFixer\Uninstall.exe -> Deleted

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++
    --- User ---
    [MBR] 6070969c463388636cdd8377182d8705
    [BSP] 8fe1f7d26e8005a4cf559f3e77a47d63 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29362176 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29566976 | Size: 939431 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Memorex Mini TravelDrive USB Device +++++
    --- User ---
    [MBR] a7426cbf5d4c3387f0dbf88db02f6451
    [BSP] 4558bd3aed35c471295e655007ee04ac : Windows XP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 8 | Size: 958 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive6: Generic Mini SD Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  7. Andit

    Andit TS Rookie Topic Starter Posts: 17

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 02/01/2016
    Scan Time: 11:50 AM
    Logfile:
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2016.01.02.06
    Rootkit Database: v2015.12.26.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Shane

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 402205
    Time Elapsed: 21 min, 8 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  8. Andit

    Andit TS Rookie Topic Starter Posts: 17

    # AdwCleaner v5.027 - Logfile created 02/01/2016 at 12:25:14
    # Updated 30/12/2015 by Xplode
    # Database : 2015-12-30.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Shane - SHANE-PC
    # Running from : C:\Users\Shane\Desktop\adwcleaner_5.027.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service Deleted : YSearchUtilSvc

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\ProgramData\SecTaskMan
    [-] Folder Deleted : C:\Users\Guest\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
    [-] Folder Deleted : C:\Users\Shane\AppData\Local\PackageAware
    [-] Folder Deleted : C:\Users\Shane\AppData\Local\YSearchUtil
    [-] Folder Deleted : C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
    [-] Folder Deleted : C:\Users\Shane\AppData\LocalLow\Check Point Software Technologies LTD
    [-] Folder Deleted : C:\Users\Shane\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
    [-] Folder Deleted : C:\Users\Shane\Documents\mipony
    [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
    [-] File Deleted : C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\searchplugins\zonealarm.xml

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
    [-] Key Deleted : HKLM\SOFTWARE\Classes\FVDToolbar.CTBShow
    [-] Key Deleted : HKLM\SOFTWARE\Classes\FVDToolbar.CTBShow.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\FVDToolbar.CToolbarShower
    [-] Key Deleted : HKLM\SOFTWARE\Classes\FVDToolbar.CToolbarShower.1
    [-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    [-] Key Deleted : HKCU\Software\APN PIP
    [-] Key Deleted : HKCU\Software\Conduit
    [-] Key Deleted : HKCU\Software\Softonic
    [-] Key Deleted : HKLM\SOFTWARE\Conduit
    [-] Key Deleted : HKLM\SOFTWARE\PIP
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{260AABCD-B44D-448B-8F50-F39136744CAE}

    ***** [ Web browsers ] *****

    [-] [C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\prefs.js] [Preference] Deleted : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=cc6f61a963e247dfa9dd0f870fc4966e&tu=10GXz009d2B0CO0&sku=&tstsId=&ver=&");
    [-] [C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\prefs.js] [Preference] Deleted : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&gu=cc6f61a963e247dfa9dd0f870fc4966e&tu=10G9z00B92C01g0&sku=&tstsId=&ver=&&q=");
    [-] [C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\prefs.js] [Preference] Deleted : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=en&gu=cc6f61a963e247dfa9dd0f870fc4966e&tu=10GXz009d2B0CO0&sku=&tstsId=&ver=&");
    [-] [C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\prefs.js] [Preference] Deleted : user_pref("extensions.zonealarm.srchPrvdr", "Search By ZoneAlarm");
    [-] [C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\prefs.js] [Preference] Deleted : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=goughGA&Lan={dfltLng}&gu=cc6f61a963e247dfa9dd0f870fc4966e&tu=10G9z00B92C01g0&sku=&tstsId=&ver=&&q=");
    [-] [C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\prefs.js] [Preference] Deleted : user_pref("fvd.last_browser_search_engine", "Web Search");
    [-] [C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : check point software technologies ltd
    [-] [C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ixquick.com_
    [-] [C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ixquick.com
    [-] [C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxps://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=english
    [-] [C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6475 bytes] ##########
     
  9. Andit

    Andit TS Rookie Topic Starter Posts: 17

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.1 (11.24.2015)
    Operating System: Windows 7 Home Premium x64
    Ran by Shane (Administrator) on 02/01/2016 at 12:32:22.32
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 31

    Successfully deleted: C:\Users\Shane\AppData\Local\{0969CBED-4067-4F4E-9373-AE717225C625} (Empty Folder)
    Successfully deleted: C:\Users\Shane\AppData\Local\{1012133D-AF87-4D7E-ABFF-FEF29050140E} (Empty Folder)
    Successfully deleted: C:\Users\Shane\AppData\Local\{1F8C2B1E-B22A-410C-BF9F-5DC518C11767} (Empty Folder)
    Successfully deleted: C:\Users\Shane\AppData\Local\{2CF50B3A-0701-432F-A63D-24EEF70EC515} (Empty Folder)
    Successfully deleted: C:\Users\Shane\AppData\Local\{395B2CD1-02C6-4DEC-A190-F1222A14D385} (Empty Folder)
    Successfully deleted: C:\Users\Shane\AppData\Local\{947F73B9-27C9-413B-A1BD-6AB12EE71DCF} (Empty Folder)
    Successfully deleted: C:\Users\Shane\AppData\Local\{AAA3B1B8-19A3-4BD0-98A9-AE4B3E34D48D} (Empty Folder)
    Successfully deleted: C:\Users\Shane\AppData\Local\{D2CA52D6-94F5-43B7-A38A-0DACFC5F2282} (Empty Folder)
    Successfully deleted: C:\Windows\wininit.ini (File)
    Successfully deleted: C:\Windows\SysWOW64\sho1287.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho140A.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho2EFC.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho33B9.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho3BC7.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho6F67.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho71B4.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho72ED.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho75F9.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho7BE3.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho7C2B.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho82B6.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\sho8ACF.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\shoA2FF.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\shoAE95.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\shoB116.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\shoBCD1.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\shoCD66.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\shoCF2E.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\shoD015.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\shoE703.tmp (File)
    Successfully deleted: C:\Windows\SysWOW64\shoF4D3.tmp (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 02/01/2016 at 12:37:12.74
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
    Andit likes this.
  11. Andit

    Andit TS Rookie Topic Starter Posts: 17

    ComboFix 16-01-01.01 - Shane 02/01/2016 13:44:01.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2519 [GMT -8:00]
    Running from: c:\users\Shane\Desktop\ComboFix.exe
    AV: Panda Free Antivirus *Disabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
    FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
    SP: Panda Free Antivirus *Disabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Shane\AppData\Roaming\poclbm
    c:\users\Shane\AppData\Roaming\poclbm\poclbm_scrypt.ini
    c:\windows\es.exe
    c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini
    c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2
    c:\windows\SysWow64\DEBUG.log
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    C:\Windows6.1-KB2496820-x64.msu
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_npf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-12-02 to 2016-01-02 )))))))))))))))))))))))))))))))
    .
    .
    2016-01-02 21:51 . 2016-01-02 21:53 -------- d-----w- c:\users\Shane\AppData\Local\temp
    2016-01-02 21:51 . 2016-01-02 21:51 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2016-01-02 21:51 . 2016-01-02 21:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2016-01-02 20:18 . 2016-01-02 20:25 -------- d-----w- C:\AdwCleaner
    2016-01-02 19:07 . 2016-01-02 19:08 36608 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-01-02 19:07 . 2016-01-02 19:08 -------- d-----w- c:\programdata\RogueKiller
    2016-01-02 01:39 . 2016-01-02 01:55 -------- d-----w- C:\FRST
    2016-01-02 01:00 . 2016-01-02 01:00 -------- d-----w- c:\program files\RogueKiller
    2016-01-01 20:00 . 2016-01-01 20:00 -------- d-----w- c:\users\Shane\AppData\Local\CEF
    2016-01-01 20:00 . 2016-01-01 20:00 -------- d-----w- c:\users\Shane\AppData\Local\Steam
    2016-01-01 14:12 . 2010-03-08 10:10 13824 ----a-w- c:\windows\system32\ffnd.exe
    2016-01-01 13:59 . 2016-01-01 13:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E818F4F2-C67E-4204-B1E3-0366AB886280}\offreg.676.dll
    2016-01-01 13:47 . 2016-01-01 13:47 -------- d-----w- c:\programdata\Licenses
    2016-01-01 12:48 . 2016-01-01 13:41 -------- d-----w- c:\users\Shane\AppData\Roaming\FreeFixer
    2016-01-01 12:48 . 2016-01-01 12:57 -------- d-----w- c:\users\Shane\AppData\Local\FreeFixer
    2016-01-01 12:21 . 2016-01-01 12:21 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E818F4F2-C67E-4204-B1E3-0366AB886280}\offreg.252.dll
    2016-01-01 12:19 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E818F4F2-C67E-4204-B1E3-0366AB886280}\mpengine.dll
    2015-12-31 20:53 . 2015-12-31 20:53 -------- d-----w- c:\program files (x86)\Yahoo!
    2015-12-31 20:50 . 2015-12-31 20:50 -------- d-----w- c:\program files (x86)\Common Files\Java
    2015-12-31 18:04 . 2015-06-25 10:01 1941504 ----a-w- c:\windows\system32\authui.dll
    2015-12-31 18:02 . 2015-10-01 18:06 692672 ----a-w- c:\windows\system32\winload.efi
    2015-12-31 18:01 . 2015-11-05 19:02 2048 ----a-w- c:\windows\system32\tzres.dll
    2015-12-31 18:01 . 2015-11-05 19:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2015-12-31 18:01 . 2015-11-03 19:04 802304 ----a-w- c:\windows\system32\usp10.dll
    2015-12-31 18:01 . 2015-11-03 18:56 627712 ----a-w- c:\windows\SysWow64\usp10.dll
    2015-12-31 18:01 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
    2015-12-31 18:01 . 2015-11-03 18:55 179712 ----a-w- c:\windows\SysWow64\els.dll
    2015-12-31 18:01 . 2015-11-10 18:55 1648128 ----a-w- c:\windows\system32\DWrite.dll
    2015-12-31 18:01 . 2015-11-10 18:55 1180160 ----a-w- c:\windows\system32\FntCache.dll
    2015-12-31 18:01 . 2015-11-10 17:47 3211264 ----a-w- c:\windows\system32\win32k.sys
    2015-12-31 18:01 . 2015-11-10 18:55 1008640 ----a-w- c:\windows\system32\user32.dll
    2015-12-31 18:01 . 2015-11-10 18:39 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
    2015-12-31 18:01 . 2015-11-10 18:37 833024 ----a-w- c:\windows\SysWow64\user32.dll
    2015-12-31 17:59 . 2015-11-05 09:53 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
    2015-12-31 17:59 . 2015-11-05 19:05 17408 ----a-w- c:\windows\system32\wshrm.dll
    2015-12-31 17:59 . 2015-11-05 19:02 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
    2015-12-31 17:58 . 2015-11-11 18:53 1735680 ----a-w- c:\windows\system32\comsvcs.dll
    2015-12-31 17:58 . 2015-11-11 18:53 525312 ----a-w- c:\windows\system32\catsrvut.dll
    2015-12-31 17:58 . 2015-11-11 18:39 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
    2015-12-31 17:58 . 2015-11-11 18:39 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
    2015-12-29 16:29 . 2015-05-22 08:45 61712 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-01-02 19:49 . 2015-06-01 02:02 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-12-31 20:50 . 2014-11-03 20:05 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-12-29 18:42 . 2014-09-10 03:32 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-12-29 18:42 . 2014-09-10 03:32 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-12-02 21:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
    2015-11-24 03:10 . 2012-02-26 19:19 140158008 ----a-w- c:\windows\system32\MRT.exe
    2015-10-29 17:50 . 2015-12-31 18:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2015-10-29 17:50 . 2015-12-31 18:02 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2015-10-29 17:50 . 2015-12-31 18:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2015-10-29 17:50 . 2015-12-31 18:02 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2015-10-29 17:49 . 2015-12-31 18:02 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
    2015-10-29 17:49 . 2015-12-31 18:02 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
    2015-10-29 17:49 . 2015-12-31 18:02 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2015-10-29 17:49 . 2015-12-31 18:02 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2015-10-29 17:39 . 2015-12-31 18:02 2560 ----a-w- c:\windows\apppatch\AcRes.dll
    2015-10-20 00:45 . 2015-12-31 18:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2015-10-13 09:29 . 2015-10-13 09:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
    2015-10-13 09:22 . 2015-10-13 09:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2013-12-19 04:02 . 2013-12-19 04:02 13024768 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-11-29 06:18 223432 ----a-w- c:\users\Shane\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-11-29 06:18 223432 ----a-w- c:\users\Shane\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-11-29 06:18 223432 ----a-w- c:\users\Shane\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 152544 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 152544 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 152544 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 152544 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 152544 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 152544 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 152544 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 152544 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F.lux"="c:\users\Shane\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-26 40184]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-11-09 596528]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Uninstall LastPass RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -x -name=LastPass -ffuuid support@lastpass.com [2013-12-18 13024768]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AdFender.lnk - c:\program files (x86)\AdFender\AdFender.exe -autostart [2015-11-3 3427376]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 Connectify;Connectify; [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 NIHardwareService;NIHardwareService; [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys;c:\windows\SYSNATIVE\Drivers\UsbFltr.sys [x]
    R3 V0500Dev;Dynex 1.3MP Webcam Driver;c:\windows\system32\DRIVERS\V0500Vid.sys;c:\windows\SYSNATIVE\DRIVERS\V0500Vid.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy2.sys [x]
    S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
    S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
    S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
    S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
    S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
    S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
    S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
    S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
    S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
    S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
    S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
    S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
    S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
    S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
    S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
    S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
    S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
    S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
    S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
    S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
    S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
    S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
    S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-12-17 06:02 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10 18:42]
    .
    2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-20 04:42]
    .
    2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-20 04:42]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-11-29 06:18 262344 ----a-w- c:\users\Shane\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-11-29 06:18 262344 ----a-w- c:\users\Shane\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-11-29 06:18 262344 ----a-w- c:\users\Shane\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-03-04 22:27 185824 ----a-w- c:\users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://ca.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    mSearch Bar = https://ca.yahoo.com?fr=hp-avast&type=avastbcl
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
    TCP: Interfaces\{E0DE04D8-E222-41AD-B804-2DA458D6E28E}: NameServer = 192.168.48.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    AddRemove-Bulk Mailer - c:\programdata\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\setup.exe
    AddRemove-FreeFixer1.13 - c:\program files\FreeFixer\uninstall.exe
    AddRemove-MultiBit 0.5.14 - c:\program files (x86)\Java\jre7\bin\javaw.exe
    AddRemove-MultiBit 0.5.18 - c:\program files (x86)\Java\jre1.8.0_25\bin\javaw.exe
    AddRemove-Native Instruments Controller Editor - c:\programdata\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\Controller Editor Setup PC.exe
    AddRemove-Native Instruments Service Center - c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe
    AddRemove-Native Instruments Traktor - c:\programdata\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\Traktor Setup PC.exe
    AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}\Controller Editor Setup PC.exe
    AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe
    AddRemove-{2AAC4085-DCBF-417B-AEBD-182197839240} - c:\programdata\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}\Traktor Setup PC.exe
    AddRemove-{C6070A97-1744-404B-BD47-981A22CDEB3C} - c:\programdata\{DAF8AA24-CF50-4D29-A5DC-E8AC5CDA395A}\setup.exe
    AddRemove-UnityWebPlayer - c:\users\Shane\AppData\Local\Unity\WebPlayer\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*2*0*&*%*¢Ùò>\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_267_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_267_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_267_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_267_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_267.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.20"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_267.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_267.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_267.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2016-01-02 13:59:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2016-01-02 21:59
    .
    Pre-Run: 141,804,085,248 bytes free
    Post-Run: 141,322,625,024 bytes free
    .
    - - End Of File - - C618E4B22E58788F2939B8EC4ED1FBB5
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  13. Andit

    Andit TS Rookie Topic Starter Posts: 17

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
    Ran by Shane (administrator) on SHANE-PC (02-01-2016 15:59:06)
    Running from C:\Users\Shane\Desktop
    Loaded Profiles: Shane (Available Profiles: Shane & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Flux Software LLC) C:\Users\Shane\AppData\Local\FluxSoftware\Flux\flux.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    (BitTorrent Inc.) C:\Users\Shane\AppData\Roaming\uTorrent\uTorrent.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-29] (Realtek Semiconductor)
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-26] (Panda Security, S.L.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Run: [F.lux] => C:\Users\Shane\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Gateway.scr [456224 2010-07-29] ()
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-04] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2015-11-07]
    ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
    Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2014-01-27]
    ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
    Tcpip\..\Interfaces\{418F29EE-1A32-4B39-A0CC-6192F27453C6}: [DhcpNameServer] 192.168.1.254 75.153.176.1
    Tcpip\..\Interfaces\{E0DE04D8-E222-41AD-B804-2DA458D6E28E}: [NameServer] 192.168.48.1
    Tcpip\..\Interfaces\{E9BDF33F-EF9E-469E-B69F-E3278008A053}: [DhcpNameServer] 192.168.1.254 75.153.176.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000 -> {C72B0970-5582-4BC4-9A76-EEEF741F680C} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-31] (Oracle Corporation)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-31] (Oracle Corporation)
    Toolbar: HKLM-x32 - No Name - {2B171655-A69C-5c18-B693-6CB5DC269D41} - No File
    Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx No File
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
    Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default
    FF DefaultSearchUrl: hxxps://ca.search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Homepage: hxxps://ca.yahoo.com?fr=hp-avast&type=avastbcl
    FF Keyword.URL: hxxps://ca.search.yahoo.com/yhs/search
    FF NetworkProxy: "no_proxies_on", ""
    FF NetworkProxy: "socks", "127.0.0.1"
    FF NetworkProxy: "socks_port", 8282
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-31] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-31] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1051381468-4094465459-3186913488-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1051381468-4094465459-3186913488-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-04-25] (Sony Network Entertainment International LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.)
    FF SearchPlugin: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\searchplugins\yahoo-avast.xml [2014-07-22]
    FF Extension: Fasterfox Lite - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\FasterFox_Lite@BigRedBrent [2015-06-02]
    FF Extension: 1-Click YouTube Video Downloader - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-06-02]
    FF Extension: FlashGot - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-06-02]
    FF Extension: LastPass - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\extensions\support@lastpass.com [2015-07-24]
    FF Extension: No Name - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-07-24] [not signed]
    FF Extension: YouTube mp3 - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\info@youtube-mp3.org.xpi [2015-06-02]
    FF Extension: Adblock Plus - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\2gydxfx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-20]
    FF HKLM-x32\...\Firefox\Extensions: [{9051303c-7e41-4311-a783-d6fe5ef2832d}] - C:\Program Files (x86)\FVD Suite\addons\Firefox => not found

    Chrome:
    =======
    CHR StartupUrls: Default -> "chrome://bookmarks/#2","hxxps://www.youtube.com/feed/subscriptions","hxxp://theinfounderground.com/smf/index.php?PHPSESSID=69ae330fbe9b585e2f7abf39dd61e83b&"
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
    CHR DefaultSearchKeyword: Default -> Yahoo
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
    CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Adblock Plus) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25]
    CHR Extension: (RotoGrinders - FanDuel Tools) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felhhccenjfgepphdanniaeclbjhklca [2015-12-09]
    CHR Extension: (Bookmarks Button) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2014-07-27]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-27]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
    CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-26] (Panda Security, S.L.)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-26] (Panda Security, S.L.)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
    S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 Connectify; no ImagePath
    S2 NIHardwareService; no ImagePath
    S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2013-04-16] (Connectify)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
    R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
    R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
    R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
    R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
    R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
    R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
    R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
    R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
    R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
    R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163576 2015-06-17] (Panda Security, S.L.)
    R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
    R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
    R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
    R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
    R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
    R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
    S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-08-19] ()
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
    R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2013-08-20] (Sony Ericsson Mobile Communications)
    S3 V0500Dev; C:\Windows\System32\DRIVERS\V0500Vid.sys [292064 2007-10-31] (Creative Technology Ltd.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 zntport; \??\C:\Windows\system32\zntport.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-02 15:59 - 2016-01-02 15:59 - 00024381 _____ C:\Users\Shane\Desktop\FRST.txt
    2016-01-02 15:58 - 2016-01-02 15:58 - 02370560 _____ (Farbar) C:\Users\Shane\Desktop\FRST64.exe
    2016-01-02 13:59 - 2016-01-02 13:59 - 00034718 _____ C:\ComboFix.txt
    2016-01-02 13:42 - 2016-01-02 13:59 - 00000000 ____D C:\ComboFix
    2016-01-02 13:42 - 2016-01-02 13:42 - 18506432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2016-01-02 13:42 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-01-02 13:42 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-01-02 13:42 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-01-02 13:42 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-01-02 13:42 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-01-02 13:42 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
    2016-01-02 13:42 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
    2016-01-02 13:42 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
    2016-01-02 13:41 - 2016-01-02 13:59 - 00000000 ____D C:\Qoobox
    2016-01-02 13:41 - 2016-01-02 13:58 - 00000000 ____D C:\Windows\erdnt
    2016-01-02 13:40 - 2016-01-02 13:40 - 00003443 _____ C:\Users\Shane\Desktop\WATCHING.xspf
    2016-01-02 13:37 - 2016-01-02 13:37 - 05643309 ____R (Swearware) C:\Users\Shane\Desktop\ComboFix.exe
    2016-01-02 12:37 - 2016-01-02 12:37 - 00002843 _____ C:\Users\Shane\Desktop\JRT.txt
    2016-01-02 12:27 - 2016-01-02 12:27 - 00006562 _____ C:\Users\Shane\Desktop\AdwCleaner[C1].txt
    2016-01-02 12:18 - 2016-01-02 12:25 - 00000000 ____D C:\AdwCleaner
    2016-01-02 12:16 - 2016-01-02 12:16 - 01599336 _____ (Malwarebytes) C:\Users\Shane\Desktop\JRT.exe
    2016-01-02 12:14 - 2016-01-02 12:14 - 01745920 _____ C:\Users\Shane\Desktop\adwcleaner_5.027.exe
    2016-01-02 12:13 - 2016-01-02 12:14 - 00001043 _____ C:\Users\Shane\Desktop\MalwarebytesLOG.txt
    2016-01-02 11:48 - 2016-01-02 11:48 - 00080178 _____ C:\Users\Shane\Desktop\RogueKillerLog.txt
    2016-01-02 11:07 - 2016-01-02 11:08 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-01-02 11:07 - 2016-01-02 11:08 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-01-01 17:39 - 2016-01-02 15:59 - 00000000 ____D C:\FRST
    2016-01-01 17:00 - 2016-01-02 11:08 - 00000982 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-01-01 17:00 - 2016-01-01 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-01-01 17:00 - 2016-01-01 17:00 - 00000000 ____D C:\Program Files\RogueKiller
    2016-01-01 16:40 - 2016-01-01 16:40 - 05198336 _____ (AVAST Software) C:\Users\Shane\Desktop\aswMBR.exe
    2016-01-01 12:00 - 2016-01-01 12:00 - 00000000 ____D C:\Users\Shane\AppData\Local\Steam
    2016-01-01 12:00 - 2016-01-01 12:00 - 00000000 ____D C:\Users\Shane\AppData\Local\CEF
    2016-01-01 06:12 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
    2016-01-01 05:38 - 2016-01-01 05:38 - 00000000 ____D C:\Users\Shane\Desktop\Process Explorer
    2016-01-01 05:13 - 2016-01-01 05:13 - 00001378 _____ C:\Users\Shane\Desktop\Temp.lnk
    2016-01-01 04:58 - 2016-01-01 04:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Shane\Desktop\HijackThis.exe
    2016-01-01 04:48 - 2016-01-01 05:41 - 00000000 ____D C:\Users\Shane\AppData\Roaming\FreeFixer
    2016-01-01 04:48 - 2016-01-01 04:57 - 00000000 ____D C:\Users\Shane\AppData\Local\FreeFixer
    2016-01-01 04:42 - 2016-01-01 04:42 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
    2015-12-31 13:32 - 2015-12-31 13:32 - 00000089 _____ C:\Users\Shane\Desktop\Space Dandy S01E10.url
    2015-12-31 12:53 - 2015-12-31 12:53 - 00001684 _____ C:\Users\Shane\Desktop\Belarc.lnk
    2015-12-31 12:53 - 2015-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2015-12-31 10:05 - 2015-07-22 16:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-12-31 10:05 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-12-31 10:05 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-12-31 10:05 - 2015-07-22 09:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-12-31 10:05 - 2015-07-22 09:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-12-31 10:05 - 2015-07-22 08:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
     
  14. Andit

    Andit TS Rookie Topic Starter Posts: 17

    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-12-31 10:05 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-12-31 10:04 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-12-31 10:04 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-12-31 10:04 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-12-31 10:04 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-12-31 10:04 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-12-31 10:04 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-12-31 10:04 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-12-31 10:04 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-12-31 10:04 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-12-31 10:04 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-12-31 10:04 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-12-31 10:04 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-12-31 10:04 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-12-31 10:04 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-12-31 10:04 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-12-31 10:04 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-12-31 10:04 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-12-31 10:04 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-12-31 10:04 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-12-31 10:04 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-12-31 10:04 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-12-31 10:04 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-12-31 10:04 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-12-31 10:04 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-12-31 10:04 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-12-31 10:04 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-12-31 10:04 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-12-31 10:04 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-12-31 10:04 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-12-31 10:04 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-12-31 10:04 - 2015-06-25 02:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-12-31 10:04 - 2015-06-25 02:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-12-31 10:04 - 2015-06-25 02:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-12-31 10:04 - 2015-06-25 01:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-12-31 10:03 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-12-31 10:03 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-12-31 10:03 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-12-31 10:03 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-12-31 10:03 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-12-31 10:03 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-12-31 10:03 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-12-31 10:03 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-12-31 10:03 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-12-31 10:03 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-12-31 10:03 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-12-31 10:03 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-12-31 10:03 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-12-31 10:03 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-12-31 10:03 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-12-31 10:03 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-12-31 10:03 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-12-31 10:03 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-12-31 10:03 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-12-31 10:03 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-12-31 10:03 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-12-31 10:03 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-12-31 10:03 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-12-31 10:03 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-12-31 10:03 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-12-31 10:03 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-12-31 10:03 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-12-31 10:03 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-12-31 10:03 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-12-31 10:03 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-12-31 10:03 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-12-31 10:03 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-12-31 10:03 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-12-31 10:03 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-12-31 10:03 - 2015-10-19 17:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-12-31 10:03 - 2015-10-19 17:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-12-31 10:03 - 2015-10-19 17:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-12-31 10:03 - 2015-10-19 17:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-12-31 10:03 - 2015-10-19 17:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-12-31 10:03 - 2015-10-19 17:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-12-31 10:03 - 2015-10-19 17:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-12-31 10:03 - 2015-10-19 17:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-12-31 10:03 - 2015-10-19 17:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-12-31 10:03 - 2015-10-19 17:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-12-31 10:03 - 2015-10-19 17:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-12-31 10:03 - 2015-10-19 17:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-12-31 10:03 - 2015-10-19 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-12-31 10:03 - 2015-10-19 17:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-12-31 10:03 - 2015-10-19 17:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-12-31 10:03 - 2015-10-19 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-12-31 10:03 - 2015-10-19 16:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-12-31 10:03 - 2015-10-19 16:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-12-31 10:03 - 2015-10-19 16:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-12-31 10:03 - 2015-10-19 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-12-31 10:03 - 2015-10-19 16:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-12-31 10:03 - 2015-10-19 16:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-12-31 10:03 - 2015-10-19 16:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-12-31 10:03 - 2015-10-19 16:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-12-31 10:03 - 2015-10-19 16:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-12-31 10:03 - 2015-10-19 16:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-12-31 10:03 - 2015-10-19 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-12-31 10:03 - 2015-10-19 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 16:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 15:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-12-31 10:03 - 2015-10-19 15:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-12-31 10:03 - 2015-10-19 15:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-12-31 10:03 - 2015-10-19 15:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-12-31 10:03 - 2015-10-19 15:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-12-31 10:03 - 2015-10-19 15:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 15:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 15:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-19 15:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-12-31 10:03 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-12-31 10:03 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-12-31 10:03 - 2015-09-23 05:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-12-31 10:03 - 2015-09-23 05:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2015-12-31 10:03 - 2015-09-23 05:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2015-12-31 10:03 - 2015-08-27 10:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-12-31 10:03 - 2015-08-27 10:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-12-31 10:03 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2015-12-31 10:03 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-12-31 10:03 - 2015-08-27 09:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2015-12-31 10:03 - 2015-08-27 09:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-12-31 10:03 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2015-12-31 10:03 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-12-31 10:03 - 2015-07-09 09:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2015-12-31 10:03 - 2015-07-09 09:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2015-12-31 10:03 - 2015-07-09 09:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2015-12-31 10:03 - 2015-07-09 09:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-12-31 10:02 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-12-31 10:02 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-12-31 10:02 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-12-31 10:02 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-12-31 10:02 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-12-31 10:02 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-12-31 10:02 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-12-31 10:02 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-12-31 10:02 - 2015-10-29 09:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-12-31 10:02 - 2015-10-29 09:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-12-31 10:02 - 2015-10-29 09:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-12-31 10:02 - 2015-10-29 09:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-12-31 10:02 - 2015-10-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-12-31 10:02 - 2015-10-29 09:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-12-31 10:02 - 2015-10-29 09:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-12-31 10:02 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-12-31 10:02 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-12-31 10:02 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-12-31 10:02 - 2015-10-08 15:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
    2015-12-31 10:02 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2015-12-31 10:02 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2015-12-31 10:02 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2015-12-31 10:02 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2015-12-31 10:02 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2015-12-31 10:02 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2015-12-31 10:02 - 2015-10-08 15:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
    2015-12-31 10:02 - 2015-10-08 11:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
    2015-12-31 10:02 - 2015-10-08 10:52 - 00419928 _____ C:\Windows\system32\locale.nls
    2015-12-31 10:02 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-12-31 10:02 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-12-31 10:02 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-12-31 10:02 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-12-31 10:02 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-12-31 10:02 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-12-31 10:02 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-12-31 10:02 - 2015-09-18 11:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-12-31 10:02 - 2015-09-18 11:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-12-31 10:02 - 2015-09-18 11:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-12-31 10:02 - 2015-09-18 11:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-12-31 10:02 - 2015-09-18 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-12-31 10:02 - 2015-09-18 11:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-12-31 10:02 - 2015-09-18 11:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-12-31 10:02 - 2015-08-06 10:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-12-31 10:02 - 2015-08-06 10:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-12-31 10:02 - 2015-08-06 09:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-12-31 10:02 - 2015-08-06 09:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-12-31 10:02 - 2015-08-05 09:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-12-31 10:01 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-12-31 10:01 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-12-31 10:01 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2015-12-31 10:01 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-12-31 10:01 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2015-12-31 10:01 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-12-31 10:01 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-12-31 10:01 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-12-31 10:01 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2015-12-31 10:01 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
    2015-12-31 10:01 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2015-12-31 10:01 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
    2015-12-31 09:59 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
    2015-12-31 09:59 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
    2015-12-31 09:59 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
    2015-12-31 09:58 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2015-12-31 09:58 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
    2015-12-31 09:58 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2015-12-31 09:58 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
    2015-12-31 09:52 - 2015-10-01 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-12-31 09:52 - 2015-10-01 09:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-12-31 09:52 - 2015-09-01 19:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-12-31 09:52 - 2015-09-01 19:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-12-31 09:52 - 2015-09-01 19:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-12-31 09:52 - 2015-09-01 19:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-12-31 09:52 - 2015-09-01 18:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-12-31 09:52 - 2015-09-01 18:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-12-31 09:52 - 2015-09-01 18:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-12-31 09:52 - 2015-09-01 18:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-12-31 09:52 - 2015-09-01 17:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-12-31 09:52 - 2015-09-01 17:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-12-29 08:29 - 2015-05-22 00:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
    2015-12-17 20:13 - 2015-12-17 20:13 - 00029231 _____ C:\Users\Shane\Desktop\BusC75.pdf
    2015-12-17 20:13 - 2015-12-17 20:13 - 00029160 _____ C:\Users\Shane\Desktop\Bus364.pdf
    2015-12-16 06:26 - 2015-12-16 06:26 - 00000076 _____ C:\Users\Shane\Desktop\Nomadic Fanatic - YouTube.url
    2015-12-16 06:12 - 2015-12-16 06:12 - 00000089 _____ C:\Users\Shane\Desktop\Cornelius Vango - YouTube.url
    2015-12-15 19:42 - 2015-12-15 19:42 - 01752306 _____ C:\Users\Shane\AppData\Local\soulseek-client.dat.1450237367898
    2015-12-15 19:04 - 2015-12-15 19:04 - 01752039 _____ C:\Users\Shane\AppData\Local\soulseek-client.dat.1450235072030
    2015-12-15 18:04 - 2015-12-15 18:04 - 01752039 _____ C:\Users\Shane\AppData\Local\soulseek-client.dat.1450231472021
    2015-12-15 03:23 - 2016-01-02 12:12 - 00000000 ____D C:\Users\Shane\Desktop\Bookz
    2015-12-13 03:37 - 2015-12-31 09:43 - 00000000 ____D C:\Users\Shane\Desktop\PROMODJ
    2015-12-10 01:39 - 2015-12-28 19:53 - 00000000 ____D C:\Users\Shane\Desktop\lol

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-02 15:59 - 2012-02-22 20:44 - 00000000 ____D C:\Users\Shane\AppData\Roaming\uTorrent
    2016-01-02 15:58 - 2014-02-04 23:00 - 00000000 ____D C:\Users\Shane\Desktop\DLs
    2016-01-02 15:42 - 2015-05-24 13:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-01-02 15:01 - 2013-08-20 13:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-02 14:34 - 2012-02-23 21:49 - 00000000 ____D C:\Users\Shane\AppData\Roaming\vlc
    2016-01-02 14:04 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-01-02 14:04 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-01-02 13:53 - 2013-08-20 13:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-02 13:53 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
    2016-01-02 13:53 - 2007-07-11 17:48 - 00000000 ____D C:\Windows
    2016-01-02 13:52 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-01-02 13:52 - 2009-07-13 18:34 - 91750400 _____ C:\Windows\system32\config\software.bak
    2016-01-02 13:52 - 2009-07-13 18:34 - 21495808 _____ C:\Windows\system32\config\system.bak
    2016-01-02 13:52 - 2009-07-13 18:34 - 05767168 _____ C:\Windows\system32\config\default.bak
    2016-01-02 13:52 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
    2016-01-02 13:52 - 2009-07-13 18:34 - 00028672 _____ C:\Windows\system32\config\security.bak
    2016-01-02 13:49 - 2011-10-27 02:53 - 00000000 ____D C:\ProgramData\Temp
    2016-01-02 13:40 - 2015-05-24 21:52 - 00483518 _____ C:\Users\Shane\Desktop\Now Playing - All Albums.m3u
    2016-01-02 13:30 - 2015-03-27 17:28 - 00000000 ____D C:\Users\Shane\Desktop\WATCH READ LISTEN
    2016-01-02 13:28 - 2012-02-25 16:37 - 00000000 ____D C:\Users\Shane\Desktop\Torrents
    2016-01-02 12:31 - 2009-07-13 21:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-01-02 12:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
    2016-01-02 12:25 - 2012-05-03 12:35 - 00000000 ____D C:\Users\Guest\AppData\Roaming\CheckPoint
    2016-01-02 12:25 - 2012-02-22 20:35 - 00000000 ____D C:\Users\Shane\AppData\Roaming\CheckPoint
    2016-01-02 12:15 - 2012-02-25 16:19 - 00000000 ____D C:\Users\Shane\Desktop\MISC
    2016-01-02 12:05 - 2015-11-30 16:40 - 00000000 ____D C:\Users\Shane\Desktop\INTEL-Info NOTES
    2016-01-02 11:49 - 2015-05-31 18:02 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-01-02 11:04 - 2012-02-25 16:32 - 00000000 ____D C:\Users\Shane\Desktop\Security
    2016-01-01 17:47 - 2013-11-13 16:44 - 00000000 ___RD C:\Users\Shane\Desktop\Program Shortcuts
    2016-01-01 16:12 - 2012-02-27 03:45 - 00000193 _____ C:\Windows\WORDPAD.INI
    2016-01-01 16:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2016-01-01 14:26 - 2012-02-22 21:37 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-01 13:19 - 2015-10-08 14:22 - 00000000 ____D C:\Users\Shane\Desktop\jish
    2016-01-01 06:04 - 2015-06-08 18:49 - 00000000 ____D C:\ProgramData\Mach5 Mailer
    2016-01-01 05:41 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
    2016-01-01 05:41 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-01-01 05:41 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
    2016-01-01 05:41 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
    2016-01-01 05:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2016-01-01 05:36 - 2012-02-25 14:39 - 00000000 ____D C:\Users\Shane\AppData\Local\CrashDumps
    2015-12-31 13:12 - 2014-07-22 01:27 - 00000000 ____D C:\Users\Shane\Desktop\sort desktop
    2015-12-31 13:02 - 2015-02-12 01:10 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-12-31 13:01 - 2015-02-12 01:08 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-12-31 12:55 - 2013-10-01 12:13 - 00000000 ____D C:\ProgramData\Oracle
    2015-12-31 12:52 - 2014-11-03 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-12-31 12:52 - 2013-10-01 12:10 - 00000000 ____D C:\Program Files (x86)\Java
    2015-12-31 12:50 - 2015-08-18 23:27 - 00000000 ____D C:\Users\Shane\.oracle_jre_usage
    2015-12-31 12:50 - 2014-11-03 12:05 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-12-31 11:22 - 2015-06-28 20:28 - 00000000 ____D C:\Users\Shane\AppData\Local\AdFender
    2015-12-31 11:20 - 2015-04-07 12:56 - 00000000 ___SD C:\Windows\system32\GWX
    2015-12-31 11:15 - 2012-05-18 15:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-12-31 11:15 - 2012-05-18 15:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-12-31 11:15 - 2009-07-13 20:45 - 00343544 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-12-31 11:12 - 2015-04-07 12:56 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-12-31 11:12 - 2014-12-12 10:07 - 00000000 ____D C:\Windows\system32\appraiser
    2015-12-31 11:12 - 2014-04-30 23:41 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-12-31 10:34 - 2012-05-18 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-12-31 10:24 - 2013-08-20 15:14 - 00000000 ____D C:\Windows\system32\MRT
    2015-12-31 10:12 - 2012-02-26 16:07 - 00775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-12-30 18:28 - 2015-07-17 14:58 - 00000000 ____D C:\Users\Shane\Documents\My Kindle Content
    2015-12-30 18:27 - 2015-07-17 14:57 - 00000000 ____D C:\Program Files (x86)\Amazon
    2015-12-29 10:42 - 2015-05-24 13:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-12-29 10:42 - 2014-09-09 19:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-12-29 10:42 - 2014-09-09 19:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-17 01:01 - 2012-05-19 21:50 - 00000000 ____D C:\Users\Shane\Desktop\!
    2015-12-12 21:55 - 2012-02-23 22:44 - 00000000 ____D C:\Users\Shane\Desktop\!VIDEOS
    2015-12-10 22:05 - 2014-11-15 02:07 - 00000000 ____D C:\Users\Shane\Desktop\Soulseek - Sort Albums
    2015-12-10 01:06 - 2009-07-13 21:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-12-06 19:59 - 2012-04-04 11:20 - 00000000 ____D C:\Users\Shane\AppData\Local\ElevatedDiagnostics
    2015-12-03 17:56 - 2013-08-20 13:51 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-03 17:56 - 2013-08-20 13:51 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    ==================== Files in the root of some directories =======

    2013-12-18 20:02 - 2013-12-18 20:02 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2013-01-27 19:01 - 2013-01-27 19:01 - 0000576 _____ () C:\Users\Shane\AppData\Roaming\All CPU MeterV3_Settings.ini
    2012-04-26 23:20 - 2015-03-19 20:02 - 0004608 _____ () C:\Users\Shane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-08-24 10:23 - 2013-08-24 10:23 - 0000218 _____ () C:\Users\Shane\AppData\Local\recently-used.xbel
    2015-01-06 12:46 - 2015-01-06 12:46 - 0007607 _____ () C:\Users\Shane\AppData\Local\Resmon.ResmonCfg
    2015-12-15 18:04 - 2015-12-15 18:04 - 1752039 _____ () C:\Users\Shane\AppData\Local\soulseek-client.dat.1450231472021
    2015-12-15 19:04 - 2015-12-15 19:04 - 1752039 _____ () C:\Users\Shane\AppData\Local\soulseek-client.dat.1450235072030
    2015-12-15 19:42 - 2015-12-15 19:42 - 1752306 _____ () C:\Users\Shane\AppData\Local\soulseek-client.dat.1450237367898
    2015-09-23 13:49 - 2015-09-23 13:49 - 0000000 _____ () C:\Users\Shane\AppData\Local\{30CE770F-C62D-40BB-A162-8D9EC7CEFF45}
    2015-06-30 16:38 - 2015-06-21 02:57 - 12543841 _____ () C:\ProgramData\usertray.exe

    Files to move or delete:
    ====================
    C:\ProgramData\usertray.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-31 17:00

    ==================== End of FRST.txt ============================
     
  15. Andit

    Andit TS Rookie Topic Starter Posts: 17

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
    Ran by Shane (2016-01-02 15:59:59)
    Running from C:\Users\Shane\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2012-02-23 03:31:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1051381468-4094465459-3186913488-500 - Administrator - Disabled)
    Guest (S-1-5-21-1051381468-4094465459-3186913488-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-1051381468-4094465459-3186913488-1041 - Limited - Enabled)
    Shane (S-1-5-21-1051381468-4094465459-3186913488-1000 - Administrator - Enabled) => C:\Users\Shane

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Panda Free Antivirus (Disabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
    AS: Panda Free Antivirus (Disabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    AdFender (HKLM-x32\...\AdFender) (Version: 2.01 - AdFender, Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
    AMD APP SDK 2.9 (HKLM\...\{B192EDAC-25C7-408D-99A0-A23455F50E27}) (Version: 2.9.233.167 - Advanced Micro Devices, Inc.)
    AnalogX NetStat Live (HKLM-x32\...\AnalogX NetStat Live) (Version: - AnalogX)
    Any Video Converter Ultimate 5.5.9 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
    Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: - )
    AutoRun Disable by Endpoint Protector (HKLM-x32\...\{9B656DDD-F576-44DC-8B4D-6B4BAF9E7DD8}) (Version: 1.0.10 - CoSoSys Ltd.)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
    BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.4.91 - BitTorrent Inc.)
    Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bulk Mailer (HKLM-x32\...\Bulk Mailer) (Version: 8.2 - Live Software Inc)
    Bulk Mailer (x32 Version: 8.2 - Live Software Inc) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Collab (HKLM-x32\...\Collab) (Version: - Image-Line bvba)
    Connectify (HKLM\...\Connectify) (Version: 4.1.0.25941 - Connectify)
    Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
    CPUID CPU-Z 1.66 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CraigsCrawl 2.0 (HKLM-x32\...\{10DC4819-1135-4E9E-95FF-7D45F950C3EB}) (Version: 2.0 - Damon86.com)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Deep Remove (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\ccef69bf6a7f0755) (Version: 1.0.26.58 - JPJSM)
    DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.25.3+4.9 - DjVuZone)
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dropbox (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
    Dynex 1.3MP Webcam Driver (1.00.03.0000) (HKLM\...\Dynex VF0500) (Version: - )
    Dynex Webcam User's Guide (HKLM-x32\...\Dynex Webcam User's Guide) (Version: - )
    Easy GIF Animator 5.2 (HKLM-x32\...\Easy GIF Animator Cracked by zoo_is1) (Version: Easy GIF Animator 5.0 - )
    Electric Sheep 2.7b34 (HKLM-x32\...\Electric Sheep) (Version: 2.7b34 - Electricsheep)
    Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
    Exif Tag Remover 5.01 (HKLM-x32\...\Exif Tag Remover_is1) (Version: - RL Vision)
    f.lux (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Flux) (Version: - )
    Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FL Studio 8 (HKLM-x32\...\FL Studio 8) (Version: - Image-Line bvba)
    Free and Easy Biorhythm Calculator version 3.02 (HKLM-x32\...\Free and Easy Biorhythm Calculator_is1) (Version: - White Stranger Group)
    Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
    Free WAV to MP3 Converter 7.5.9 (HKLM-x32\...\7A8557C6-547D-42CC-B72E-F42F60F0B686_is1) (Version: - Accmeware Corporation)
    FreeFixer (HKLM-x32\...\FreeFixer1.13) (Version: 1.13 - Kephyr)
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Gateway Incorporated)
    Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
    Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
    herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
    Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)
    Icecream Ebook Reader version 1.41 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 1.41 - Icecream Apps)
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
    IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line bvba)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
    IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.60 - IVONA Software Sp. z o.o.)
    Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    Litecoin (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Litecoin) (Version: 0.8.6.1 - Litecoin project)
    Live 8.2.8 (HKLM-x32\...\Live 8.2.8) (Version: - )
    Live! Cam Center (HKLM-x32\...\Live! Cam Center) (Version: - )
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
    Microsoft Research Mesh Virtual WIFI (HKLM-x32\...\{034A32D5-699E-4AED-A2EB-2CCB6E7F37F1}) (Version: 1.0.000 - Microsoft Research)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    MP3 Splitter Joiner Pro v4.2 build 2612 (HKLM-x32\...\{F88C04C9-9CDC-4830-A533-CC5E3D69F2A1}_is1) (Version: - Hoo Technologies)
    MP3 to YouTube Converter 1.0 (HKLM-x32\...\MP3 to YouTube Converter_is1) (Version: - FreeMusicConverter.net)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - )
    MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
    Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
    Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
    Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version: - Native Instruments)
    Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10800.8.100 - Nero AG)
    Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
    Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
    Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
    Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10100 - Nero AG)
    Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
    Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
    Network Security Task Manager 1.5 (HKLM-x32\...\Network Security Task Manager) (Version: 1.5 - Neuber GmbH)
    Nightly 13.0a1 (x64 en-US) (HKLM\...\Nightly 13.0a1 (x64 en-US)) (Version: 13.0a1 - Mozilla)
    Nmap 6.25 (HKLM-x32\...\Nmap) (Version: - )
    Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
    OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
    Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
    Palringo Beta (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\{palringo beta}}_is1) (Version: 0.31 - Palringo)
    Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
    Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
    Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0006 - Panda Security)
    Panda Free Antivirus (Version: 7.84.00.0000 - Panda Security) Hidden
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )
    PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.14.6.15183 - Sony Computer Entertainment Inc.)
    PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line bvba)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power Exchange version 0.1 (HKLM-x32\...\{D2BA6EA8-3760-430D-95C2-9FA3FA04C675}_is1) (Version: 0.1 - SEO Power Bots)
    QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
    reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
    Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
    RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
    Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
    Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
    SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version: - )
    SEO PowerSuite Final 1.00 (HKLM-x32\...\SEO PowerSuite Final 1.00) (Version: 1.00 - SEO PowerSuite Final 2014)
    Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
    Smart Guardian (HKLM-x32\...\{417E7710-C77B-4CB9-839A-D586A12C64E2}) (Version: 2.0 - ITE)
    Sony Mobile Emma (HKLM-x32\...\Emma) (Version: 2.13.4.20 - Sony Mobile Communications AB)
    Sony Mobile Update Service (HKLM-x32\...\Update Service) (Version: 2.13.9.201308081522 - Sony Mobile Communications AB)
    Sony PC Companion 2.10.236 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
    SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version: - )
    SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
    SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: - NCH Software)
    Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
    Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
    Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
    SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
    Speed Video Splitter 4.3.47 (HKLM-x32\...\Speed Video Splitter_is1) (Version: - Flyers software, Inc.)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spotify (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
    SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    StudioTax 2014 (HKLM-x32\...\{B66FF49A-22D0-40C2-9E64-00325689850D}) (Version: 10.0.10.3 - BHOK IT Consulting)
    TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
    Toastify (HKLM-x32\...\Toastify) (Version: 1.6 - Jesper Palm)
    Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version: - Image-Line bvba)
    Ultra Video Splitter 5.1.0713 (HKLM-x32\...\Ultra Video Splitter_is1) (Version: - Aone Software)
    Unified Remote (HKLM-x32\...\{71A521AE-CCAE-43B0-8439-369AC1615B34}) (Version: 2.14.3.0 - Unified Remote)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Waterfox 39.0 (x64 en-US) (HKLM\...\Waterfox 39.0 (x64 en-US)) (Version: 39.0 - Mozilla)
    Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)
    WildTangent Games App (Gateway Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
    Winamp (HKLM-x32\...\Winamp) (Version: 5.581 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    WinHTTrack Website Copier 3.47-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.22 - HTTrack)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
    Wondershare Video Editor(Build 4.8.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
    Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2013.2 - URSoft, Inc.)
    YouTube To MP3 V1.5.0 (HKLM-x32\...\{52A73D55-93BC-41A9-B4C0-C5A6E6DA0E26}_is1) (Version: 1.5.0 - Apowersoft)
    Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {025A2307-3CD5-4C0A-AA34-538407160A65} - System32\Tasks\herdProtectScan => C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe [2014-09-29] (Reason Software Company Inc.)
    Task: {13E1E845-916B-4536-8748-F3C8C1F16C72} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {13EF663D-9D89-4E79-9B75-9D3358EBCE82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
    Task: {14018F38-7497-43FC-939B-79AAED78BFA0} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-06-21] (Nero AG)
    Task: {1AAE8FEC-1A88-415F-9999-2EBC07F98E2A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {3E2649C7-A6BE-4D7B-86C3-0A42377EE2BA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
    Task: {4B2877E7-5AD0-4477-B93C-217AC9FE1857} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {57F9CCEA-2ECF-429F-8D10-C50DE7A4FEEC} - \{F86B61FD-AD4D-4037-9EF7-90FD4318C267} -> No File <==== ATTENTION
    Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {648B4228-C046-4757-B989-C8ED15DEA49D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {9A453458-2656-4C33-84E0-8A6666967BF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {CAC532C5-A0A8-475C-B36A-339ED34641D0} - System32\Tasks\Opera scheduled Autoupdate 1424728335 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
    Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
    Task: {ED1D5A59-2CA0-41B5-B116-1067773E45DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {F97AD7BF-3A15-4990-A1F8-59453DD14293} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Shane\Desktop\Program Shortcuts\µpdater.lnk -> C:\Users\Shane\AppData\Roaming\uTorrent\IP filter µpdater.bat ()
    Shortcut: C:\Users\Shane\Desktop\desktop\µpdater.lnk -> C:\Users\Shane\AppData\Roaming\uTorrent\IP filter µpdater.bat ()

    ==================== Loaded Modules (Whitelisted) ==============

    2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-10-27 03:24 - 2011-04-04 18:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
    2014-10-14 15:07 - 2014-10-14 15:07 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
    2011-10-27 02:34 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
    2015-04-13 05:56 - 2015-04-13 05:56 - 00070675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 02158528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00593344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00332736 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 01264064 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00242112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00084928 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00034752 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00961472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00137152 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 01303488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00024000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00338368 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00720832 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblive555_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00418240 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libgme_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00035264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libimage_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libxa_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00029632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libpva_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll
    2015-04-13 05:57 - 2015-04-13 05:57 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libau_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00681408 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00026560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00304576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 01549248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00363456 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 00121792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 13522368 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00772544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00038848 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00702400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00125376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00064448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00030656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00029120 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00037312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
    2015-04-13 05:58 - 2015-04-13 05:58 - 00024000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00059840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 01532864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00038336 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll
    2015-04-13 06:00 - 2015-04-13 06:00 - 01573824 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
    2015-04-13 05:59 - 2015-04-13 05:59 - 00067008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll
    2015-12-16 22:02 - 2015-12-10 19:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
    2015-12-16 22:02 - 2015-12-10 19:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:1CE11B51

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7750 more sites.

    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\...\123simsen.com -> www.123simsen.com

    There are 7748 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2016-01-02 13:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254 - 75.153.176.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: fdPHost => 3
    MSCONFIG\Services: FDResPub => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Virtual Router Manager.lnk => C:\Windows\pss\Virtual Router Manager.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Shane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Shane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
    MSCONFIG\startupreg: BitTorrent Sync => "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Connectify => C:\Program Files (x86)\Connectify\Connectify.exe
    MSCONFIG\startupreg: GlassWire => "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide
    MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
    MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: V0500Mon.exe => C:\Windows\V0500Mon.exe
    MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  16. Andit

    Andit TS Rookie Topic Starter Posts: 17

    FirewallRules: [{B229786B-94BF-4C10-89DA-CB47996FCB2E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{14DA3937-780D-4A52-A450-BD5353BF82AC}] => (Allow) LPort=2869
    FirewallRules: [{ECC03155-D8E3-424C-8EFA-EFAF0F53AC93}] => (Allow) LPort=1900
    FirewallRules: [{7D25F6F3-4890-4FE9-9CC7-674F177CC25A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{509EE2D8-1C07-4499-90DD-C8C2E83636AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{EBA21F78-625A-40EB-914F-19E97AB6010E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{1665A1EE-5BE5-4C70-B7AC-FC9AF4DD6A61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\shomac5k\counter-strike source\hl2.exe
    FirewallRules: [{420D5E74-1045-4765-B3EF-CCECFC06893D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\shomac5k\counter-strike source\hl2.exe
    FirewallRules: [{CCA6F9DF-9C3D-484B-B2FD-EE169AE25BE2}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
    FirewallRules: [{956A0256-8714-4D0D-BCFF-25BF956B9CC8}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B2189865-95E1-4DDC-B5C6-9D30F3E4C553}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{2C3612CB-5F75-4F39-A7BA-42F7CFDF9DB3}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{A2C4ABC5-5536-495D-9B80-502754AEBFA2}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0D8AD227-A196-4873-A5D1-B76B6231727A}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{8E5AD324-101F-4BF6-8E25-610967B79DD4}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9FDAD3B9-C8B4-4541-9F66-67BA51EFD811}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0EAFC281-3E1C-42C6-A483-06D9C765D765}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{5269A70D-0B12-45CD-A799-74A649AD4101}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{61B5F975-FD6C-4F3F-A2C6-A62D6AEBCA70}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{261CCDD8-FF5D-4AA1-BAFE-78DB5E5C701B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{F9BA02E0-2C59-4948-980B-F6A6128BA854}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{4CE4C010-DB4B-4BC0-8461-435359DCC8E1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{4FB3E012-14EA-4700-8307-248FD3CC9C59}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B55624C3-7CFF-4F02-B889-91A30BD405F1}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{E0725020-D3C9-4437-BBC8-B621232BBE6B}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{6DE31FE2-D636-4349-ACAF-F3880254293E}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{DD215597-4D34-4669-9E0A-59E55E5CF5E0}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B26397B6-8336-4313-A2E9-29765D2E6F36}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{1FF5E321-C14D-4703-B618-33E23FA552AF}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{ED1F5C8D-0F7D-4DE2-B797-A200F809602B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{39850DC7-4049-4083-B4F9-78B877DEF6E5}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{138B1D37-9DD7-4F24-B873-66BE12C79578}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{A8B5EF05-6686-4C61-B603-56FF758E68F9}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{4EC1CC8A-DFE3-4A6F-A945-13FDBCDA72BA}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{45946F23-0BF6-4048-A53F-53D97ABBC564}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{6036D077-CD87-44C8-86C6-AC476F172931}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{D5DFD925-DADF-4A15-A192-AB7B6A1D32CB}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{BCC9CFD2-5D59-425B-9269-4BCE81D61572}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{4A86A797-5A90-40AF-A2EB-100BD4F3B6B8}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{DB92D041-8C27-4190-BE13-8E2269CD19EA}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{36E7C44F-90D1-451D-B370-37BAF6994AE1}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{7FA39DA7-97C7-48BC-85EB-35CA3469BA91}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{A9505875-855D-40D9-8607-725A64417300}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9D3081BA-6E8E-41FF-ACA1-0047B7A89E27}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{384CBF6F-F316-42FD-98B3-5365B00904B2}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{01309D2B-67DA-409A-9A67-587074B93A6A}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{FBCABD87-0068-41B0-A42A-086B6BF4A1DA}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{765C20F4-E6C8-474D-A949-23FE127F6F4D}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{8E0BA25D-01CE-4778-B0E3-51CE049F4F4E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{7B5FE134-DFE8-47A2-B3A5-6EE9EE565B2D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{703A4EE8-4AE3-4DA5-93CF-7151B61D5091}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{BCC76929-348B-4204-ACA7-8B5CB8D85F4A}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{25BD39AF-2BC0-4737-B31E-8B68B4FFCC90}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{3DA34065-7596-489F-8589-B8146CE3BB24}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0B1115B0-7602-483F-8D74-7B2B6C6ECF93}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B52B6DEE-0744-4398-A6B8-2A9F27ACB2D3}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{8C9FFAD9-975E-426B-B363-EF8BD6F9A6E1}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{4317ABD1-2C16-4464-B068-08DF884AB6D7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{31A67241-61E3-44F0-AD0F-F01F1FC07F11}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{43003A2A-25C7-4BDE-9DD7-B49E1414C0F7}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{6E7AE34A-BF70-4965-9907-491F5313DE24}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{48E59547-0299-4B7C-8A3D-3E9C31E56F28}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{E3D874AF-B969-4953-A45C-4F70679C6723}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{233BEE55-026E-4824-8942-8EC3468D5342}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{CAD96344-59C7-4FCF-87CE-E0B643CC3B1F}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{859769C1-0BA7-4884-848D-45281ACFDE32}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Service\Update Service.exe
    FirewallRules: [{FD297AE7-5AC9-4254-AF19-73CB2EF33367}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Service\Update Service.exe
    FirewallRules: [{B7ECB282-A7A5-4BED-8B67-9B4BD3D4FD9A}] => (Allow) C:\Program Files (x86)\Sony Mobile\Emma\Emma.exe
    FirewallRules: [{D5756174-B8AB-4A1B-9D50-62B84A7E73C6}] => (Allow) C:\Program Files (x86)\Sony Mobile\Emma\Emma.exe
    FirewallRules: [{C7569CE2-4E9A-4C83-ADCD-88D841C7FD80}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{6344EB68-C11D-40C8-8B8A-3492665A26E7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{279FA07F-60D0-4BE6-85D6-761F6F746A19}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{99C41CDF-DEF7-4F5C-B4C5-835B1A718BCC}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{361F953E-66F6-4604-8C39-263F56DBDB04}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{8ECD23AE-14C8-4CA1-AA9F-8F7DDE47D810}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{FE9CD425-2E32-46AE-A761-8D17327D6047}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{BBE40230-B995-418C-98CA-A6D508D40A84}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{187ED747-09F9-4BC8-9E47-9F6921AC735D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0DE48B65-D297-4FD1-A8EA-5BBD87F343B0}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{24117230-3F26-4F39-A886-2892C575EC0C}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{2437AF52-FBC7-4E34-86CC-964B05131B26}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{E718E124-8F91-4338-BFF3-2C9D29398181}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{6B276873-4174-4896-A6DE-9293FE04D8C7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B2F6E8BE-CE9B-4676-A360-84F777698709}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{18C8DD87-815C-4DE9-A85C-B1AEF4A174CC}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{FEEC6718-CEF9-48CA-A231-948B937A485F}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{EF769BC7-D9F8-4D2A-B4B1-AAF3A89D2F39}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{80BEA4CE-F637-42D0-9055-85E55DF06BC4}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{064DA803-4BA5-440C-BF67-C0A9346D8AB3}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{2BA72F52-C9D8-4BEB-BF55-507A9B769825}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{91A965EA-3353-4C3D-8406-86A08B1CB848}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{6DB65C2D-4B07-492B-8610-6DDB2050AF41}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{51A2780E-EB64-48AE-B8D5-20339F327D94}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{DF3713F9-6B6F-4B6E-B4F1-BEBDC5ACB24E}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{61F700A6-166A-4015-BBC1-6B736FF5FFE1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{DAD9862D-78C2-429A-9FE4-720B6B635055}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{C9C217F3-ED78-45E6-843E-AC2187F58667}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{4875ACA7-99EC-4212-825C-31E86746ACA1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{68F96CC6-4914-48F5-95C2-DA88222DDBDC}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{88ABA2C6-C868-4561-805C-63C66060B84A}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{D8C0F05D-A60F-4579-B260-EE52B2D22272}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{66EAAEA2-E045-4C04-9CB9-791E097EBC91}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{2C3637EB-A085-4046-B0F2-874DA29AA848}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{5C66071A-DCF4-4A6B-B3EC-38F0DA386844}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{D78F4818-3F8C-454C-A96C-2E30E20F4797}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{881688F7-6A20-425E-A1A0-9621DD46C8DD}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9C3E84C4-8C54-49C0-A237-5F841850A235}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0D037AA5-8172-4BFD-A8C1-C6C08CD6DF0C}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{96477870-CDCA-4768-A612-F6528FF1150E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{CDE21A02-8F6D-4021-B6A7-AC662D3C184C}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{F77AE76C-B031-4D21-BA2B-23C92FBDF0BF}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{15059492-727F-4EE1-8EE5-B9931D12A77E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{F5CB5D34-DEA1-49AC-9B30-AC441ACB2E1E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{565676F7-FFB9-4E5E-A829-0EED9C6EA8A7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{818CCE71-71A7-4ECA-BA94-492A5998B4A1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{EC951D26-7D1B-466E-A191-58477DCACC12}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{5FD90036-BF1A-4465-BFCB-F1291F789F60}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{509E933D-9F7A-48DB-938E-4C864C93C3B2}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{7AB53C8C-3957-4A21-9A36-CF00F902AAAC}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{8CB3383D-AAB3-4FB0-8364-EFC649FC2CF5}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{7AB809CA-EBBE-4ACC-9EB3-4655C4741729}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{02487671-80FA-4D4E-A571-B7BBF38F4CB0}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9080C1A6-A331-42BE-A35F-C3A6116E4972}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9E2EC42E-F009-4A79-A07E-F7837F6448A2}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{038AA883-FD9E-40A6-8DAF-DB2C6F00DFD3}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{AE113813-492B-41D8-AAF7-54D6BC6F9F9C}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{72072B4A-ED1B-43B5-9F97-6FEB1526921E}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{E94F093B-D56D-4415-9B40-D2CBC416A873}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{1BDA3DB5-22FE-4649-BFA6-4341CFF6C2A9}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{5EDFBDF5-C669-4065-AED1-6BC3B8F9CD88}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{C8830996-D0A7-440D-BA1B-01CC1EA0DC8F}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9A3906B6-7EAE-4EC5-A4B3-1D417C953BC9}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{A7C8F1CF-A4CE-4F98-B5BE-FF2D374C01DD}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{C7322353-6273-4E4F-84FA-9701D637D771}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{86A0DCD5-C5B1-47F1-BF5B-041CAD6FB854}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{10405DA4-868D-44C8-90CB-6CE170BAA373}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{E3F83204-96AA-46A7-821B-3FCACE395E05}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{DCF1A5F1-AF75-4623-B2F3-A63199E1BD80}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{D4B8DBF8-DF4E-4578-9A4D-B0D419482D22}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9CBCB423-6341-4A2E-9435-F9A56A35C910}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{793665CA-9277-47A0-AE40-CECD4652F121}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{CC367D70-4F23-4A76-B097-6231F28181D9}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{0FDC208F-5160-41F2-8BDD-116D1FC9551D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{9BFD2E59-1E58-4B38-B0D2-DC8368FA5C41}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{9AC60221-B017-4DF7-82AA-BD188A219C77}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{D0DC7047-5384-4076-A8D7-A422A6C4201B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{FC31EE35-D42F-44B6-B699-E9B3552E7FB6}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{F79F9A36-628F-420E-988B-AF49F266BDB3}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{30921E49-38D4-42AC-B83E-C19B86DB472C}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{CC2EBA4B-4B59-416B-B781-0437C1367A49}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{6A7FA5ED-B31B-4A23-901D-3EF3F2F825F1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{83F4EE1B-18ED-4345-A5B2-0B907843EFC6}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{6B601D9E-DD6D-4B05-A697-2DB723C50F59}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{9A932428-4782-40EF-8E92-0B7FC6CC3EE9}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{360D2CB5-A0AD-4E32-8169-E8076255DB71}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{19EABD30-B3EF-4459-B610-C8B2C1C9F4AE}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{8D24997F-B2BD-48F8-BF0F-253D4299172E}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{3CAAD0B0-FB39-43D3-9228-5316C3990E8B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{44EF28FD-1510-4F9D-89B6-14B7001EED5F}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{A05031A6-723B-4793-9527-ABA2BB1A3EB8}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{99B4B4B4-DE80-4310-B8F2-7F1B67DF1CF8}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{300F7D37-94FE-4128-BE5F-453BB8D7DCB4}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{B4167570-6188-4F24-A40D-51ADD1E336F5}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
    FirewallRules: [{22D91610-EC79-4A26-A3F7-85DA5C779B40}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [{419FC887-AEED-4E32-B0AC-2C9CC84DBF87}] => (Allow) C:\Program Files (x86)\Connectify\Connectifyd.exe
    FirewallRules: [TCP Query User{9A65F1C8-98C2-4B5F-9332-1F31EA26C13B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [UDP Query User{F579EFA6-1061-4A0F-9914-14B0F6DA143B}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [{8C68E386-811C-45D8-86F1-35E826B664BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{FCA9240F-3C4B-4DB6-82A0-4A9C7C822EAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [TCP Query User{D2634CFA-7569-489F-B5D6-FE921A563C2D}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{7AF4E901-7DC8-4793-88AD-90F0C9F91B53}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [TCP Query User{04E1E54F-4064-4A16-B601-7C885A54F6A7}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [UDP Query User{8707BFAD-E6A2-40DC-9140-C6EA6BFA4F13}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [TCP Query User{3DC61758-14A1-4E8B-BF32-52D589452433}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [UDP Query User{34E741F9-36B3-4886-B16C-CBCFC58D8B2B}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
    FirewallRules: [TCP Query User{52884A0A-B8B6-4338-BE11-46E662D396EF}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [UDP Query User{BB39B84A-7255-4000-B527-976449FFCC38}C:\program files (x86)\unified remote\remoteserver.exe] => (Allow) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [{6F0C4BF8-F979-47CB-828E-73D34F3676AC}] => (Block) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [{DE33561F-F7DA-459C-82E0-1F15E7D909FB}] => (Block) C:\program files (x86)\unified remote\remoteserver.exe
    FirewallRules: [TCP Query User{7DF542EA-46BC-4EF0-B799-66FE5AAB25C2}C:\program files\winhttrack\winhttrack.exe] => (Block) C:\program files\winhttrack\winhttrack.exe
    FirewallRules: [UDP Query User{2EB8A408-72E1-4D11-878E-7F5425B227D5}C:\program files\winhttrack\winhttrack.exe] => (Block) C:\program files\winhttrack\winhttrack.exe
    FirewallRules: [{AA0FC55C-C0D7-46DE-B921-10DC417A2742}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{7BDC804B-0D34-4FA8-9971-F1C8477BDD8A}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{02F1D4DB-4D4B-43DE-89AB-F61D722F09FD}] => (Allow) C:\Users\Shane\AppData\Local\Temp\uttB474.tmp.exe
    FirewallRules: [{98000A27-476C-442F-900F-970292471F92}] => (Allow) C:\Users\Shane\AppData\Local\Temp\uttB474.tmp.exe
    FirewallRules: [{A2F33A39-36AD-4E5D-A946-20C38311149D}] => (Allow) C:\Users\Shane\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{254772D6-5E5F-4441-AF05-A89D77307BC8}] => (Allow) C:\Users\Shane\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{2F31BBC0-972A-43EC-AE72-80F8891FC29E}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [UDP Query User{87316062-4605-430D-91BD-0D99BEACFD33}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [TCP Query User{307F5BB6-711D-442B-830E-89C55E2732CE}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{4A1A27C6-7DCE-4E91-A211-35481D41B6BB}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [{5ABA8C29-2306-4E25-B59C-BC737C953D7C}] => (Allow) C:\Users\Shane\AppData\Roaming\Spotify\spotify.exe
    FirewallRules: [{40F1D1AF-AAC5-42CE-8554-DDB2014EEDA5}] => (Allow) C:\Users\Shane\AppData\Roaming\Spotify\spotify.exe
    FirewallRules: [{261B9E1E-B674-4598-B194-B8CB3D782DC4}] => (Allow) C:\Users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{51B7E2A6-292B-430C-A793-7E0E4012B353}] => (Allow) C:\Users\Shane\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{408839D2-4BC9-4F1E-BDF9-4C512CFD192C}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
    FirewallRules: [{EAE9DED0-7553-4516-845E-371343302E39}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
    FirewallRules: [{CCBDF491-C56D-4266-9B02-FC95503DA3CC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    FirewallRules: [{DEBE1F31-9726-422A-9371-CBF26B90004E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    FirewallRules: [{358A31A0-6165-41A1-A36D-81EB0CF3BE77}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    FirewallRules: [{F27B0050-931F-4F66-BA2E-B7B240ED65EE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    FirewallRules: [{6FD0ED70-E2DA-4382-8408-6A6226620387}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{488BDD71-9B3C-4B78-805C-CF4C84CE2858}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{5C6CED81-BBEB-4EFF-AAE1-8EADF013CFD5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{5C22FD9A-F9C1-4CA6-9D7D-A969531FF6D3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    FirewallRules: [{A1C63AAB-1994-4ADA-84DF-7AD84B53A98A}] => (Allow) C:\Users\Shane\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{4F45BB91-62F3-4C00-B91E-CF2646839E99}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4102B0EC-3AB7-46C5-BCB0-2F6FABBC92CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1784D1A4-3519-4555-A73F-A670F98CCB40}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A9865554-D06C-47B7-BD66-C47E13FA5AD7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{A51365D2-F508-4126-BBED-5FBBE0B2B3A7}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [UDP Query User{F8BD21F6-C977-4486-AF83-02ECDE6F1524}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [TCP Query User{2C8C4F6C-DC49-4651-AAE5-C01BA6D70360}C:\program files (x86)\aether\aether.exe] => (Allow) C:\program files (x86)\aether\aether.exe
    FirewallRules: [UDP Query User{296F6E5E-47D6-47E8-A585-08876235E593}C:\program files (x86)\aether\aether.exe] => (Allow) C:\program files (x86)\aether\aether.exe
    FirewallRules: [TCP Query User{50B96EEA-416A-4B92-81BF-54901F63C6A1}C:\Program Files (x86)\Aether\networking_daemon\aether_networking_process.exe] => (Allow) C:\Program Files (x86)\Aether\networking_daemon\aether_networking_process.exe
    FirewallRules: [UDP Query User{9BB8ABD8-7471-404B-89EF-835A3F988F4F}C:\Program Files (x86)\Aether\networking_daemon\aether_networking_process.exe] => (Allow) C:\Program Files (x86)\Aether\networking_daemon\aether_networking_process.exe
    FirewallRules: [{01F0B1E7-BB4C-4206-8184-841C40EAAF18}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
    FirewallRules: [{45E0C584-0DFD-41C2-BF35-86B03732D4CF}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
    FirewallRules: [{A0BC7131-1A77-446A-94F6-CAF99264B9B8}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
    FirewallRules: [{1B227616-3BF2-4637-B9AB-4A453715A763}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
    FirewallRules: [{90B11D7B-2119-4FBB-860E-99C912BAAC69}] => (Block) c:\program files (x86)\opera\30.0.1835.88\opera_autoupdate.exe
    FirewallRules: [{89353EFD-2312-4B19-8D94-E5EC46312854}] => (Block) c:\program files (x86)\opera\30.0.1835.88\opera_autoupdate.exe
    FirewallRules: [{2AD59A09-71BE-4527-8162-54CBBE67F33E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{54A9A02B-2525-4372-924B-94A19C9EA667}] => (Block) c:\program files\windows media player\wmpnetwk.exe
    FirewallRules: [{E56366AA-8D7D-4687-B8AA-1F5ED1F1075C}] => (Block) c:\program files\windows media player\wmpnetwk.exe
    FirewallRules: [{E1DE2C9A-C0C1-4C2D-953B-472852CBB4E1}] => (Block) c:\program files (x86)\splashtop\splashtop software updater\ssuservice.exe
    FirewallRules: [{777D0CF2-FCE8-451E-AB0C-EF2D1B67C0CF}] => (Block) c:\program files (x86)\splashtop\splashtop software updater\ssuservice.exe
    FirewallRules: [{244577A1-FAEF-4D08-93DE-AE9B315AF402}] => (Block) c:\users\shane\desktop\superantispyware.exe
    FirewallRules: [{4D8F69BE-F45E-4B3C-9335-DED01D310BD4}] => (Block) c:\users\shane\desktop\superantispyware.exe
    FirewallRules: [{8DAE81C9-6D33-4112-A315-D85EB7FFDDCA}] => (Block) c:\program files\superantispyware\superantispyware.exe
    FirewallRules: [{620A5E3E-2F0C-4400-9FB1-36DDFE427D4E}] => (Block) c:\program files\superantispyware\superantispyware.exe
    FirewallRules: [{38F87D37-D687-48E7-9FAB-9F317FF19EBA}] => (Block) c:\program files\bonjour\mdnsresponder.exe
    FirewallRules: [{6F93D456-1165-40E6-8AE5-B3F240139758}] => (Block) c:\program files\bonjour\mdnsresponder.exe
    FirewallRules: [{3DF08DA2-65D6-4BEE-83E2-3ADDBC0BD7EE}] => (Block) c:\program files\windows defender\mpcmdrun.exe
    FirewallRules: [{7E7844CD-542B-459A-8D80-5D779514B44F}] => (Block) c:\program files\windows defender\mpcmdrun.exe
    FirewallRules: [{87717839-6298-42F2-9FF4-0BD0B2C33850}] => (Allow) C:\Users\Shane\AppData\Local\Temp\Rar$EXb0.458\ipts.exe
    FirewallRules: [{8CCF9593-ED84-4B4A-9B41-619D6D9FE21D}] => (Allow) C:\Users\Shane\AppData\Local\Temp\Rar$EXb0.458\ipts.exe
    FirewallRules: [{2EABDA7E-6820-4098-A874-FD0DD7FC05FA}] => (Allow) C:\Users\Shane\Desktop\ipts.exe
    FirewallRules: [{03ABC5E4-E440-4963-9E24-5D10F98D1C92}] => (Allow) C:\Users\Shane\Desktop\ipts.exe
    FirewallRules: [{BEF2249C-37B6-40BF-8425-D627289C60F8}] => (Block) c:\users\shane\desktop\ipts.exe
    FirewallRules: [{F7AC2001-0BA6-4C87-8B3C-A21AA66F55A3}] => (Block) c:\users\shane\desktop\ipts.exe
    FirewallRules: [{ACFFB498-B48E-4320-B326-2511A663B930}] => (Block) c:\users\shane\desktop\email scraper\emailscraperwizard.exe
    FirewallRules: [{1A413D10-8DAE-4D6E-B15B-35F867BADBD4}] => (Block) c:\users\shane\desktop\email scraper\emailscraperwizard.exe
    FirewallRules: [{0314D253-0478-4D56-905A-5B44BC6A2EF8}] => (Block) c:\users\shane\appdata\local\temp\rar$exb0.458\ipts.exe
    FirewallRules: [{356DBC82-A276-429D-B027-4AC366A677B9}] => (Block) c:\users\shane\appdata\local\temp\rar$exb0.458\ipts.exe
    FirewallRules: [{61345875-AF9B-4958-99AC-3326A3B89050}] => (Block) c:\program files (x86)\power exchange\spz1.exe
    FirewallRules: [{F788C1C5-707A-4690-ABC1-3D703EB26543}] => (Block) c:\program files (x86)\power exchange\spz1.exe
    FirewallRules: [{57D43AEB-7154-4731-927C-51E2FE8F0081}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdcleaner.exe
    FirewallRules: [{DF1D940F-B340-47BB-BF48-9597FD6F7B65}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdcleaner.exe
    FirewallRules: [{35BB8941-8D17-4820-9332-3B92E64DAFC6}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
    FirewallRules: [{918B3DF7-90F8-40DB-8558-76D2D99EB8D3}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
    FirewallRules: [{76E63D52-9182-4483-B6AB-86959F844D70}] => (Block) c:\program files (x86)\wondershare\video editor\wsresdownloader.exe
    FirewallRules: [{2F334C85-3D59-4981-A385-5FB4897F189C}] => (Block) c:\program files (x86)\wondershare\video editor\wsresdownloader.exe
    FirewallRules: [{18EC4DFE-50AB-4008-A668-4F21B31EF56E}] => (Block) c:\users\shane\appdata\local\palringo beta\palringo beta.exe
    FirewallRules: [{1ECBB5F8-9FE6-4BC8-8F5A-572CCDC7D6DB}] => (Block) c:\users\shane\appdata\local\palringo beta\palringo beta.exe
    FirewallRules: [{63915654-63DE-4A64-82F2-EE9E8218C3EE}] => (Block) c:\program files (x86)\common files\wondershare\wondershare helper compact\wshelper.exe
    FirewallRules: [{6D136362-8A62-4D22-8071-8B6D39256710}] => (Block) c:\program files (x86)\common files\wondershare\wondershare helper compact\wshelper.exe
    FirewallRules: [{F4DEF2D4-D318-4A65-BA58-F4C464F81496}] => (Block) c:\program files (x86)\wondershare\video editor\videoeditor.exe
    FirewallRules: [{00B1A555-71FF-4D4D-8C85-6D90F95AA838}] => (Block) c:\program files (x86)\wondershare\video editor\videoeditor.exe
    FirewallRules: [{5256E0B9-FFD8-490A-9CC2-E4DD434A0F3F}] => (Block) c:\program files (x86)\openoffice.org 3\program\soffice.bin
    FirewallRules: [{B9CAC069-AE6E-455C-AF11-023B69E11051}] => (Block) c:\program files (x86)\openoffice.org 3\program\soffice.bin
    FirewallRules: [{5B2BEC33-2ABA-4EC5-B6E0-BB32668B7D4C}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdimmunize.exe
    FirewallRules: [{F3ED5603-5AB1-4185-ADBA-C534BA23AB78}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdimmunize.exe
    FirewallRules: [{4055B1F8-B578-49B4-B871-F31D87DD3564}] => (Block) c:\windows\temp\{87488285-99e7-4d6a-9889-98448064feed}\installflashplayer.exe
    FirewallRules: [{0CEAFCE6-047B-4481-89AA-6CA02E87CCC1}] => (Block) c:\windows\temp\{87488285-99e7-4d6a-9889-98448064feed}\installflashplayer.exe
    FirewallRules: [{B871B439-3CF3-4ED2-851F-8452106872EE}] => (Block) c:\windows\temp\{6e767649-a1e8-49c2-949d-c9feca5a8d40}\installflashplayer.exe
    FirewallRules: [{652C203D-2CD3-4E8B-91B6-AD2E628C8475}] => (Block) c:\windows\temp\{6e767649-a1e8-49c2-949d-c9feca5a8d40}\installflashplayer.exe
    FirewallRules: [{6181C8EF-A895-465A-896B-F677A4E5F0E8}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
    FirewallRules: [{1EC66931-A6BA-41A4-A7ED-1C3BB168EFF5}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
    FirewallRules: [{8BC652BB-A2B9-4A84-B0A8-5DAA6764EEB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{5940FDD8-4587-4565-9F1F-B0441A5DAE52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [TCP Query User{491CF5CE-2A9F-488B-9C5B-38F6A7791CAF}C:\users\shane\desktop\qtox.exe] => (Allow) C:\users\shane\desktop\qtox.exe
    FirewallRules: [UDP Query User{CC9F3D66-D64E-4B64-A2A1-C3789EB7316F}C:\users\shane\desktop\qtox.exe] => (Allow) C:\users\shane\desktop\qtox.exe
    FirewallRules: [{C947E96E-A546-44A6-AC5A-10D5EA105286}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D4B3D27B-F0F4-4824-8DE4-53E365054FAD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{CF676682-8CAC-4198-84FE-76586C234FD1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{9BDA595D-1686-4802-8A4B-FD632482C3DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{9C202E5C-CD45-49BD-8557-DDA558193E1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe

    ==================== Restore Points =========================

    22-12-2015 19:18:08 Scheduled Checkpoint
    24-12-2015 04:09:59 Windows Update
    31-12-2015 10:05:50 Windows Update
    31-12-2015 13:00:10 Removed iTunes
    01-01-2016 05:28:07 Windows Modules Installer
    01-01-2016 06:02:45 Removed Mach5 Mailer
    02-01-2016 12:17:10 JRT Pre-Junkware Removal
    02-01-2016 12:32:28 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: Realtek PCIe GBE Family Controller
    Description: Realtek PCIe GBE Family Controller
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: RTL8167
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/02/2016 02:02:59 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

    Error: (01/02/2016 01:53:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/02/2016 12:37:12 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

    Error: (01/02/2016 12:27:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/02/2016 08:23:17 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

    Error: (01/02/2016 08:14:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2016 05:21:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

    Error: (01/01/2016 05:11:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2016 11:29:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 18484137

    Error: (01/01/2016 11:29:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 18484137


    System errors:
    =============
    Error: (01/02/2016 01:52:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NTPort Library Driver service failed to start due to the following error:
    %%2

    Error: (01/02/2016 01:52:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5

    Error: (01/02/2016 01:52:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NIHardwareService service failed to start due to the following error:
    %%3

    Error: (01/02/2016 01:52:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Connectify service failed to start due to the following error:
    %%3

    Error: (01/02/2016 01:51:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (01/02/2016 01:51:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (01/02/2016 01:51:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (01/02/2016 01:48:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (01/02/2016 12:26:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NTPort Library Driver service failed to start due to the following error:
    %%2

    Error: (01/02/2016 12:26:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5


    CodeIntegrity:
    ===================================
    Date: 2016-01-02 13:51:07.479
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-01-02 13:51:07.454
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-11-24 14:01:30.727
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-24 14:01:30.725
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-24 14:01:30.723
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-24 14:01:29.336
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-24 14:01:29.334
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-11-24 14:01:29.332
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-08-19 16:15:58.418
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Shane\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-08-19 16:15:58.403
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Shane\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
    Percentage of memory in use: 41%
    Total physical RAM: 4000.28 MB
    Available physical RAM: 2344.48 MB
    Total Virtual: 7998.76 MB
    Available Virtual: 6263.37 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:917.41 GB) (Free:131.74 GB) NTFS
    Drive l: (TRAVELDRIVE) (Removable) (Total:0.94 GB) (Free:0.79 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8F078F48)
    Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=917.4 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 958.2 MB) (Disk ID: 6CE37E6D)
    Partition 1: (Active) - (Size=958 MB) - (Type=06)

    ==================== End of Addition.txt ============================
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  18. Andit

    Andit TS Rookie Topic Starter Posts: 17

    Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
    Ran by Shane (2016-01-02 18:02:24) Run:1
    Running from C:\Users\Shane\Desktop\New folder
    Loaded Profiles: Shane (Available Profiles: Shane & Guest)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
    Toolbar: HKLM-x32 - No Name - {2B171655-A69C-5c18-B693-6CB5DC269D41} - No File
    Toolbar: HKLM-x32 - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx No File
    Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx No File
    FF HKLM-x32\...\Firefox\Extensions: [{9051303c-7e41-4311-a783-d6fe5ef2832d}] - C:\Program Files (x86)\FVD Suite\addons\Firefox => not found
    CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
    S2 Connectify; no ImagePath
    S2 NIHardwareService; no ImagePath
    S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 zntport; \??\C:\Windows\system32\zntport.sys [X]
    2013-12-18 20:02 - 2013-12-18 20:02 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2013-01-27 19:01 - 2013-01-27 19:01 - 0000576 _____ () C:\Users\Shane\AppData\Roaming\All CPU MeterV3_Settings.ini
    2012-04-26 23:20 - 2015-03-19 20:02 - 0004608 _____ () C:\Users\Shane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-08-24 10:23 - 2013-08-24 10:23 - 0000218 _____ () C:\Users\Shane\AppData\Local\recently-used.xbel
    2015-01-06 12:46 - 2015-01-06 12:46 - 0007607 _____ () C:\Users\Shane\AppData\Local\Resmon.ResmonCfg
    2015-12-15 18:04 - 2015-12-15 18:04 - 1752039 _____ () C:\Users\Shane\AppData\Local\soulseek-client.dat.1450231472021
    2015-12-15 19:04 - 2015-12-15 19:04 - 1752039 _____ () C:\Users\Shane\AppData\Local\soulseek-client.dat.1450235072030
    2015-12-15 19:42 - 2015-12-15 19:42 - 1752306 _____ () C:\Users\Shane\AppData\Local\soulseek-client.dat.1450237367898
    2015-09-23 13:49 - 2015-09-23 13:49 - 0000000 _____ () C:\Users\Shane\AppData\Local\{30CE770F-C62D-40BB-A162-8D9EC7CEFF45}
    2015-06-30 16:38 - 2015-06-21 02:57 - 12543841 _____ () C:\ProgramData\usertray.exe
    Task: {57F9CCEA-2ECF-429F-8D10-C50DE7A4FEEC} - \{F86B61FD-AD4D-4037-9EF7-90FD4318C267} -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:1CE11B51

    *****************

    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-1051381468-4094465459-3186913488-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
    "HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2B171655-A69C-5c18-B693-6CB5DC269D41} => value removed successfully
    HKCR\Wow6432Node\CLSID\{2B171655-A69C-5c18-B693-6CB5DC269D41} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8E718888-423F-11D2-876E-00A0C9082467} => value removed successfully
    "HKCR\Wow6432Node\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}" => key removed successfully
    "HKCR\PROTOCOLS\Handler\vnd.ms.radio" => key removed successfully
    HKCR\CLSID\{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} => key not found.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d} => value removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eedgghdcpmmmilkmfpnklknlenbiolec" => key removed successfully
    Connectify => service removed successfully
    NIHardwareService => service removed successfully
    SkypeUpdate => service removed successfully
    catchme => service removed successfully
    zntport => service removed successfully
    C:\Program Files (x86)\Common Files\lpuninstall.exe => moved successfully
    C:\Users\Shane\AppData\Roaming\All CPU MeterV3_Settings.ini => moved successfully
    C:\Users\Shane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
    C:\Users\Shane\AppData\Local\recently-used.xbel => moved successfully
    C:\Users\Shane\AppData\Local\Resmon.ResmonCfg => moved successfully
    C:\Users\Shane\AppData\Local\soulseek-client.dat.1450231472021 => moved successfully
    C:\Users\Shane\AppData\Local\soulseek-client.dat.1450235072030 => moved successfully
    C:\Users\Shane\AppData\Local\soulseek-client.dat.1450237367898 => moved successfully
    C:\Users\Shane\AppData\Local\{30CE770F-C62D-40BB-A162-8D9EC7CEFF45} => moved successfully
    C:\ProgramData\usertray.exe => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57F9CCEA-2ECF-429F-8D10-C50DE7A4FEEC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57F9CCEA-2ECF-429F-8D10-C50DE7A4FEEC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F86B61FD-AD4D-4037-9EF7-90FD4318C267}" => key removed successfully
    C:\ProgramData\Temp => ":1CE11B51" ADS removed successfully.

    ==== End of Fixlog 18:02:25 ====
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  20. Andit

    Andit TS Rookie Topic Starter Posts: 17

    Results of screen317's Security Check version 1.009
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Panda Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 66
    Java version 32-bit out of Date!
    Adobe Flash Player 20.0.0.267
    Adobe Reader XI
    Google Chrome (47.0.2526.106)
    Google Chrome (47.0.2526.80)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  21. Andit

    Andit TS Rookie Topic Starter Posts: 17

    Farbar Service Scanner Version: 03-01-2016
    Ran by Shane (administrator) on 03-01-2016 at 11:49:57
    Running from "C:\Users\Shane\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is unreachable
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    Sophos didn't detect anything.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  23. Andit

    Andit TS Rookie Topic Starter Posts: 17

    Thank you! Much appreciated. My PC is running quick and smoothly.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...