TechSpot

Trojans "removed" - Residual infection suspected

By aleph8
Jun 13, 2016
  1. I've run F-Secure online scanner, Malwarebytes, HitmanPro, etc... Microsoft Security Essentials hangs repeatedly around 90% complete (approximately 2+ hours into the scan). Here are my FRST.txt and Addition.txt logs...

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
    Ran by Brett (administrator) on BRETT-PC (13-06-2016 17:13:27)
    Running from C:\Users\Brett\Desktop
    Loaded Profiles: Brett (Available Profiles: Brett & UpdatusUser & Classic .NET AppPool & DefaultAppPool)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTeK COMPUTER INC.) C:\Windows\System32\ATKFUSService.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Windows\SysWOW64\ASDR.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    () C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
    (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
    (Microsoft Corporation) C:\Windows\System32\snmp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\recovery\RPMDaemon.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
    (NDS Technologies) C:\Users\Brett\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe
    (Google Inc.) C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe
    () C:\Users\Brett\AppData\Local\Amazon Music\Amazon Music Helper.exe
    () C:\Users\Brett\AppData\Local\NDS\PCShow\NDSPCShowServer.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (brackets.io) C:\Program Files (x86)\Brackets\Brackets.exe
    (Joyent, Inc) C:\Program Files (x86)\Brackets\node.exe
    (brackets.io) C:\Program Files (x86)\Brackets\Brackets.exe
    () C:\Program Files (x86)\Tomboy\Tomboy.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
    HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
    HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
    HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Run: [Pidgin] => C:\Program Files (x86)\Pidgin\pidgin.exe [60216 2014-02-02] (The Pidgin developer community)
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Run: [PCShowServer] => C:\Users\Brett\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [1625440 2013-10-02] (NDS Technologies)
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Run: [Google Update] => C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Run: [Amazon Music] => C:\Users\Brett\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-20] ()
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    GroupPolicyScripts: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
    Tcpip\..\Interfaces\{D9041368-C476-443E-9B1C-5C074D29AF40}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{EC42D335-DF89-44F2-8FD4-A31FF3AD9880}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mlb.mlb.com/home
    SearchScopes: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> {D51CC3BE-0FCC-49FC-A70E-365FB5A169C1} URL = hxxp://www.hulu.com/search?query={searchTerms}&ref=os
    SearchScopes: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> {E60470ED-C21A-4B70-9B94-EFCD0E2D9AB9} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
    BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    Toolbar: HKLM-x32 - Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files (x86)\Zend\Zend Studio - 8.0.1\toolbars\ZendIEToolbar.dll [2007-12-06] (Zend Technologies Ltd)
    Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
    Toolbar: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\0wgtzfrl.default-1396450258671
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Homepage: hxxps://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-01] ()
    FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-01] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-02-22] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-09-12] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-09-12] (NVIDIA Corporation)
    FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
    FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Brett\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-15] (Citrix Online)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @nds.com/PlayerPlugin -> C:\Users\Brett\AppData\Local\NDS\PCShow\npPlayerPlugin.dll [2013-10-02] (COX)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Brett\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @talk.google.com/O1DPlugin -> C:\Users\Brett\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: NDS.com/PlayerPlugin -> C:\Users\Brett\AppData\Local\NDS\PCShow\npPlayerPlugin.dll [2013-10-02] (COX)
    FF user.js: detected! => C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\user.js [2013-01-04]
    FF user.js: detected! => C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\0wgtzfrl.default-1396450258671\user.js [2016-06-08]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-06-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-06-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-06-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-06-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-06-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Brett\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Brett\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Extension: Default Manager - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\Extensions\DefaultManager@Microsoft [2011-09-12] [not signed]
    FF Extension: Firebug - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\Extensions\firebug@software.joehewitt.com.xpi [2012-02-16] [not signed]
    FF Extension: Xmarks - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\Extensions\foxmarks@kei.com [2012-06-14] [not signed]
    FF Extension: Inline Code Finder for Firebug - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\Extensions\icffirebug@robertnyman.com.xpi [2011-09-08] [not signed]
    FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\Extensions\LogMeInClient@logmein.com [2012-05-23] [not signed]
    FF Extension: Firebug - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\0wgtzfrl.default-1396450258671\Extensions\firebug@software.joehewitt.com.xpi [2016-06-08]
    FF Extension: SSL Version Control - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\0wgtzfrl.default-1396450258671\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2015-05-27]
    FF HKLM-x32\...\Firefox\Extensions: [{3c9761ad-a43d-4447-b924-f5d83cb48063}] - C:\Program Files (x86)\Zend\Zend Studio - 8.0.1\toolbars\firefox
    FF Extension: Zend Studio Toolbar - C:\Program Files (x86)\Zend\Zend Studio - 8.0.1\toolbars\firefox [2011-07-28] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-07] [not signed]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR Profile: C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Translate) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-05-12]
    CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-05-04]
    CHR Extension: (Google Docs) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-09]
    CHR Extension: (YouTube) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
    CHR Extension: (Black Menu for Google™) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2016-06-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
    CHR Extension: (Vector Paint) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo [2013-04-11]
    CHR Extension: (Do Not Disturb!) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-12-03]
    CHR Extension: (Google Hangouts) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-06-13]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-11]
    CHR Extension: (LogMeIn) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj [2014-11-11] [UpdateUrl: hxxps://secure.logmein.com/activex/update_chrome.xml] <==== ATTENTION
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
    CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2015-02-02]
    CHR Extension: (Google Reader) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-10-11]
    CHR Extension: (Gmail) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
    CHR Extension: (ClassiChat) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppciiachhdkeifboklbflhedimblgbbn [2015-02-26]
    CHR Profile: C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15]
    CHR Extension: (Google Docs) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-15]
    CHR Extension: (Google Drive) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-02]
    CHR Extension: (YouTube) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-15]
    CHR Extension: (Google Search) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-15]
    CHR Extension: (Google Sheets) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-15]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-15]
    CHR Extension: (Google Wallet) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-15]
    CHR Extension: (Gmail) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
    CHR Profile: C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Slides) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-30]
    CHR Extension: (Google Docs) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]
    CHR Extension: (Google Drive) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
    CHR Extension: (YouTube) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-30]
    CHR Extension: (Google Search) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-30]
    CHR Extension: (Google Sheets) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-30]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-30]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-30]
    CHR Extension: (Google Wallet) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]
    CHR Extension: (Gmail) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]
    CHR HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Brett\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
    CHR HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome.PNE74PVZ62ENXSR6QAY2UZEMNI - C:\Users\Brett\AppData\Local\Google\Chrome\Application\chrome.exe
     
  2. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    FRST.txt continued...


    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    R2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] () [File not signed]
    R2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [62464 2009-05-06] (ASUSTeK COMPUTER INC.) [File not signed]
    S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-28] (Dropbox, Inc.)
    S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-28] (Dropbox, Inc.)
    S4 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-07-28] (Macrovision Europe Ltd.) [File not signed]
    R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-05-31] (Microsoft Corporation)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-06-08] (SurfRight B.V.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
    S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
    S2 Marvell RAID; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [235560 2010-03-07] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S4 MRUWebService; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635 2008-06-12] (Apache Software Foundation) [File not signed]
    R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220104 2012-06-12] (Microsoft Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
    R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
    R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
    R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62118344 2012-06-12] (Microsoft Corporation)
    S2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe [54791520 2011-06-17] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [65536 2010-11-20] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2180960 2011-06-17] (Microsoft Corporation)
    S4 SDLService; C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [95264 2010-03-26] ()
    R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
    R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
    R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
    S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
    S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-12] (Microsoft Corporation)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-22] ()
    R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
    R3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2011-07-27] (ASUSTeK Computer Inc.)
    S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-09-20] ()
    S4 LMIRfsClientNP; no ImagePath
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-13] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
    R1 MpKsla78a9dc5; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2899A714-79FD-448D-AA01-B07400D3ED82}\MpKsla78a9dc5.sys [44928 2016-06-13] (Microsoft Corporation)
    R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [246272 2010-11-20] (Microsoft Corporation)
    R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
    R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [104960 2010-11-20] (Microsoft Corporation)
    S3 rtkio; C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [17392 2010-01-20] (Windows (R) Codename Longhorn DDK provider)
    R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation)
    R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation)
    S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-02] (Windows (R) Codename Longhorn DDK provider)
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-13 17:13 - 2016-06-13 17:13 - 00044775 _____ C:\Users\Brett\Desktop\FRST.txt
    2016-06-13 17:11 - 2016-06-13 17:11 - 05659224 _____ (Swearware) C:\Users\Brett\Desktop\ComboFix.exe
    2016-06-13 17:10 - 2016-06-13 17:10 - 02385920 _____ (Farbar) C:\Users\Brett\Desktop\FRST64.exe
    2016-06-13 10:53 - 2016-06-13 10:53 - 00000000 ____D C:\bf35aff91e8d303fc0788750eec351c9
    2016-06-13 08:39 - 2016-06-13 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-06-13 07:37 - 2016-06-13 07:37 - 00000708 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk
    2016-06-13 07:37 - 2016-06-13 07:37 - 00000000 ____D C:\Program Files (x86)\Brackets
    2016-06-13 07:35 - 2016-06-13 07:35 - 45244416 _____ C:\Users\Brett\Downloads\Brackets.Release.1.7.msi
    2016-06-09 13:57 - 2016-06-09 13:57 - 01420840 _____ (Microsoft Corporation) C:\Users\Brett\Downloads\vcredist_arm.exe
    2016-06-09 10:38 - 2016-06-06 09:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-06-09 10:38 - 2016-06-06 09:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-06-09 10:38 - 2016-06-03 06:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-06-09 10:38 - 2016-05-27 06:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-06-09 10:38 - 2016-05-27 06:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-06-09 10:38 - 2016-05-27 06:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-06-09 10:38 - 2016-05-27 06:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2016-06-09 10:38 - 2016-05-22 06:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-06-09 10:38 - 2016-04-14 09:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-06-09 10:38 - 2016-04-14 09:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-06-09 10:38 - 2016-04-14 09:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-06-09 10:38 - 2016-04-14 09:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-06-09 10:38 - 2016-04-14 09:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-06-09 10:38 - 2016-04-14 09:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2016-06-09 10:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-06-09 10:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-06-09 10:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2016-06-09 10:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2016-06-09 10:38 - 2016-04-14 08:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2016-06-09 10:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2016-06-09 10:38 - 2016-04-11 18:23 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-06-09 10:38 - 2016-04-11 18:23 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-06-09 10:38 - 2016-04-11 18:20 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-06-09 10:38 - 2016-04-11 18:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-06-09 10:38 - 2016-04-11 18:01 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-06-09 10:38 - 2016-04-11 18:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-06-09 10:38 - 2016-04-11 17:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-06-09 10:38 - 2016-04-11 17:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-06-09 10:38 - 2016-04-11 17:43 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-06-09 10:38 - 2016-04-11 17:43 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-06-09 10:38 - 2016-04-11 17:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-06-09 10:38 - 2016-04-11 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-06-09 10:38 - 2016-04-11 17:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-06-09 10:38 - 2016-04-08 23:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-06-09 10:38 - 2016-04-08 23:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-06-09 10:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-06-09 10:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-06-09 10:38 - 2016-04-08 22:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-06-09 10:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-06-09 10:38 - 2016-03-09 12:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2016-06-09 10:38 - 2016-03-09 12:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
    2016-06-09 10:38 - 2016-03-09 11:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2016-06-09 10:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
    2016-06-09 10:33 - 2016-06-09 10:33 - 07194312 _____ (Microsoft Corporation) C:\Users\Brett\Downloads\vcredist_x64 (1).exe
    2016-06-09 10:32 - 2016-06-09 10:32 - 00887896 _____ (Microsoft Corporation) C:\Users\Brett\Downloads\dotNetFx40_Client_setup.exe
    2016-06-09 10:28 - 2016-06-09 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
    2016-06-09 07:40 - 2016-06-09 07:40 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
    2016-06-09 07:40 - 2016-06-09 07:40 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
    2016-06-09 07:40 - 2016-06-09 07:40 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2016-06-09 07:40 - 2016-06-09 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-06-09 07:39 - 2016-06-09 07:39 - 00987728 _____ (Google Inc.) C:\Users\Brett\Downloads\googledrivesync.exe
    2016-06-08 17:33 - 2016-06-09 10:33 - 00000000 ____D C:\ProgramData\Package Cache
    2016-06-08 17:32 - 2016-06-08 17:32 - 07186992 _____ (Microsoft Corporation) C:\Users\Brett\Downloads\vcredist_x64.exe
    2016-06-08 17:25 - 2015-06-03 22:11 - 00963232 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120.dll
    2016-06-08 17:18 - 2015-06-03 22:11 - 00963232 _____ (Microsoft Corporation) C:\Windows\msvcr120.dll
    2016-06-08 16:35 - 2016-06-09 10:28 - 00000000 ____D C:\Program Files\MySQL
    2016-06-08 16:33 - 2016-06-08 16:33 - 28426240 _____ C:\Users\Brett\Downloads\mysql-workbench-community-6.3.6-winx64.msi
    2016-06-08 14:43 - 2016-06-08 14:43 - 00524248 _____ (F-Secure Corporation) C:\Users\Brett\Downloads\F-SecureOnlineScanner(1).exe
    2016-06-08 11:47 - 2016-06-08 11:51 - 00000000 ____D C:\AdwCleaner
    2016-06-08 11:34 - 2016-06-13 11:31 - 00000204 _____ C:\Windows\system32\.crusader
    2016-06-08 10:30 - 2016-06-08 10:34 - 00000000 ____D C:\Users\Brett\Documents\AAAAATASK
    2016-06-08 10:29 - 2016-06-08 10:29 - 00000000 ____D C:\Users\Brett\New folder
    2016-06-08 10:26 - 2016-06-08 10:26 - 00023508 _____ C:\Users\Brett\Downloads\RepairTasks.zip
    2016-06-08 09:44 - 2016-06-08 09:44 - 00007169 _____ C:\Users\Brett\Downloads\TaskRepair.cmd
    2016-06-08 09:34 - 2016-06-08 09:34 - 00000000 ____D C:\Windows\system32\msmq
    2016-06-08 09:19 - 2016-06-08 09:19 - 00000000 ____D C:\8ec9026b670e6578bf8b61bbeb27ba
    2016-06-08 09:18 - 2016-06-08 09:18 - 07749976 _____ (Microsoft Corporation) C:\Users\Brett\Downloads\WindowsUpdateAgent30-x64.exe
    2016-06-08 09:18 - 2016-06-08 09:18 - 00000000 ____D C:\af2cd166799fcea632e5911bdf79e733
    2016-06-08 08:39 - 2016-06-13 08:33 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
    2016-06-08 08:39 - 2016-06-08 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2016-06-08 08:39 - 2016-06-08 08:39 - 00000000 ____D C:\Program Files\HitmanPro
    2016-06-08 07:55 - 2016-06-08 09:12 - 00000000 ____D C:\ProgramData\HitmanPro
    2016-06-07 17:28 - 2016-06-07 17:27 - 00002626 _____ C:\mBytes removal june7-16.xml
    2016-06-07 16:20 - 2016-06-07 16:20 - 00524248 _____ (F-Secure Corporation) C:\Users\Brett\Downloads\F-SecureOnlineScanner (1).exe
    2016-06-07 15:02 - 2016-06-07 15:02 - 00524248 _____ (F-Secure Corporation) C:\Users\Brett\Downloads\F-SecureOnlineScanner.exe
    2016-06-07 12:06 - 2016-06-07 17:38 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
    2016-06-07 12:06 - 2016-06-07 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2016-06-07 12:06 - 2016-06-07 12:06 - 00000000 ____D C:\Program Files (x86)\Sophos
    2016-06-07 12:00 - 2016-06-07 12:00 - 151873432 _____ (Sophos Limited) C:\Users\Brett\Downloads\Sophos Virus Removal Tool.exe
    2016-06-07 10:46 - 2016-06-07 10:46 - 00000000 __SHD C:\found.000
    2016-06-07 09:48 - 2016-06-07 09:48 - 00262144 _____ C:\Windows\Minidump\060716-177685-01.dmp
    2016-06-07 09:47 - 2016-06-07 09:47 - 2200523019 _____ C:\Windows\MEMORY.DMP
    2016-06-07 09:42 - 2016-06-07 14:22 - 00000000 ____D C:\Windows\system32\SSL
    2016-06-07 09:41 - 2016-06-07 09:41 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
    2016-06-07 09:40 - 2016-06-07 09:40 - 06867968 _____ C:\Users\Brett\AppData\Roaming\agent.dat
    2016-06-07 09:40 - 2016-06-07 09:40 - 00018432 _____ C:\Users\Brett\AppData\Roaming\Main.dat
    2016-06-07 09:39 - 2016-06-07 09:39 - 00128512 _____ C:\Users\Brett\AppData\Roaming\Installer.dat
    2016-06-07 09:33 - 2016-06-07 17:37 - 00001212 _____ C:\Users\Brett\Desktop\Google Chrome.lnk
    2016-06-07 09:32 - 2016-06-08 08:23 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Software Tool
    2016-06-07 09:32 - 2016-06-07 09:32 - 00000000 ____D C:\Users\Brett\AppData\Roaming\c
    2016-06-07 09:31 - 2016-06-07 09:31 - 00000000 ____D C:\Users\Brett\AppData\Roaming\WinRAR
    2016-06-07 09:30 - 2016-06-08 07:16 - 00000000 ____D C:\Program Files\WinRAR
    2016-06-07 09:29 - 2016-06-07 09:29 - 02181272 _____ C:\Users\Brett\Downloads\winrar-x64-54b2.exe
    2016-06-07 09:26 - 2016-06-07 09:26 - 00717130 _____ C:\Users\Brett\Downloads\Keygen Tool v15.33 - Razor-1911.zip
    2016-06-07 09:26 - 2016-06-07 09:26 - 00717130 _____ C:\Users\Brett\Downloads\Keygen Tool v15.33 - Razor-1911 (1).zip
    2016-06-07 09:21 - 2016-06-07 17:38 - 00001167 _____ C:\Users\Public\Desktop\SQL Manager for MySQL.lnk
    2016-06-07 09:17 - 2016-06-07 09:18 - 84759200 _____ C:\Users\Brett\Downloads\mymanager.zip
    2016-06-06 13:00 - 2016-06-06 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-05-25 12:26 - 2016-02-14 23:12 - 00110080 _____ C:\Windows\system32\endpoint_volume.dll
    2016-05-25 12:26 - 2016-02-01 22:08 - 00027648 _____ C:\Windows\system32\BaDeskband2_64.dll
    2016-05-25 12:22 - 2016-05-25 12:23 - 00000000 ____D C:\Program Files (x86)\Breakaway
    2016-05-25 12:13 - 2016-05-25 12:13 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
    2016-05-25 12:13 - 2012-06-19 01:54 - 04065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2016-05-25 12:13 - 2012-06-04 22:45 - 00237968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtHDMIVX.sys
    2016-05-25 12:13 - 2012-05-31 18:37 - 02674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2016-05-25 12:13 - 2012-05-16 20:29 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64H.dll
    2016-05-25 12:13 - 2012-05-16 20:29 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64H.dll
    2016-05-25 12:13 - 2012-05-16 20:29 - 00141152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64H.dll
    2016-05-25 12:13 - 2012-05-16 20:29 - 00123744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64H.dll
    2016-05-25 12:13 - 2012-05-16 20:29 - 00074592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64H.dll
    2016-05-25 12:13 - 2012-02-21 04:45 - 02605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
    2016-05-25 12:13 - 2012-01-29 20:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
    2016-05-25 12:13 - 2012-01-09 19:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
    2016-05-25 12:13 - 2011-12-20 00:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2016-05-25 12:13 - 2011-12-19 14:43 - 00220776 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
    2016-05-25 12:13 - 2011-12-13 01:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2016-05-25 12:13 - 2011-12-01 23:20 - 03746408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkHDM64.dll
    2016-05-25 12:13 - 2011-09-26 23:04 - 02526824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RHDMEx64.dll
    2016-05-25 12:13 - 2011-09-01 23:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
    2016-05-25 12:13 - 2011-09-01 23:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2016-05-25 12:13 - 2011-09-01 23:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
    2016-05-25 12:13 - 2011-07-05 22:27 - 00092264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RHCoInst64.dll
    2016-05-25 12:13 - 2011-03-16 21:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
    2016-05-25 12:13 - 2011-03-07 02:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00372056 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64H.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RH3DHT64.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RH3DAA64.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64H.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00097624 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64H.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64H.dll
    2016-05-25 12:13 - 2010-07-22 01:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
    2016-05-25 12:13 - 2009-11-23 18:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
    2016-05-25 12:13 - 2009-11-23 18:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
    2016-05-25 12:13 - 2009-11-23 18:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
    2016-05-25 12:13 - 2009-11-23 18:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
    2016-05-25 12:12 - 2012-06-18 22:31 - 00293889 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
    2016-05-25 12:12 - 2012-06-13 22:43 - 05096448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2016-05-25 12:12 - 2012-06-08 01:18 - 03615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
    2016-05-25 12:12 - 2012-06-05 19:44 - 00869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2016-05-25 12:12 - 2012-05-31 03:08 - 00105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2016-05-25 12:12 - 2012-05-16 20:29 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2016-05-25 12:12 - 2012-05-16 20:29 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2016-05-25 12:12 - 2012-05-16 20:29 - 00141152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2016-05-25 12:12 - 2012-05-16 20:29 - 00123744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2016-05-25 12:12 - 2012-05-16 20:29 - 00074592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2016-05-25 12:12 - 2012-05-10 00:22 - 01262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2016-05-25 12:12 - 2012-04-09 23:40 - 02533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2016-05-25 12:12 - 2012-04-03 03:42 - 01345368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
    2016-05-25 12:12 - 2012-04-03 03:42 - 01015640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2016-05-25 12:12 - 2012-03-07 20:47 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2016-05-25 12:12 - 2012-03-07 20:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2016-05-25 12:12 - 2012-02-17 00:54 - 00396632 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2016-05-25 12:12 - 2012-02-13 09:05 - 08363864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
    2016-05-25 12:12 - 2012-01-23 07:30 - 00537456 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
    2016-05-25 12:12 - 2012-01-23 07:30 - 00524656 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
    2016-05-25 12:12 - 2012-01-23 07:30 - 00449392 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
    2016-05-25 12:12 - 2011-12-18 02:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
    2016-05-25 12:12 - 2011-11-22 01:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2016-05-25 12:12 - 2011-08-23 02:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
    2016-05-25 12:12 - 2010-11-03 03:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
    2016-05-25 12:12 - 2010-10-02 22:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2016-05-25 12:12 - 2010-09-26 18:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2016-05-25 12:04 - 2016-05-25 12:04 - 00000000 ____D C:\Users\Brett\Downloads\HD_Audio
    2016-05-25 12:03 - 2016-05-25 12:04 - 124038686 _____ C:\Users\Brett\Downloads\mb_driver_audio_realtek_azalia.exe
    2016-05-25 10:14 - 2016-05-25 10:15 - 04276266 _____ (DriverIdentifier ) C:\Users\Brett\Downloads\yourpcdrivers_setup.exe
    2016-05-25 09:53 - 2016-05-25 09:53 - 00000000 ____D C:\Users\Brett\Desktop\Breakaway
    2016-05-17 15:54 - 2016-05-17 15:54 - 01617886 _____ C:\Users\Brett\Downloads\A1z-thccqeS.pdf
     
  3. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    More FRST.txt


    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-13 17:13 - 2016-01-07 07:57 - 00000000 ____D C:\FRST
    2016-06-13 17:01 - 2012-10-03 17:00 - 00000000 ____D C:\Users\Brett\AppData\Roaming\.purple
    2016-06-13 16:54 - 2011-11-03 10:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-13 16:44 - 2012-08-08 07:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-06-13 16:28 - 2011-08-10 11:36 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000UA.job
    2016-06-13 16:18 - 2015-01-21 16:18 - 00000911 _____ C:\Windows\Tasks\EPSON WF-3620 Series Update {6CF4039E-DC58-4C2B-8298-29E30609319C}.job
    2016-06-13 16:18 - 2015-01-21 16:18 - 00000725 _____ C:\Windows\Tasks\EPSON WF-3620 Series Invitation {6CF4039E-DC58-4C2B-8298-29E30609319C}.job
    2016-06-13 14:55 - 2009-07-13 21:45 - 00027360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-06-13 14:55 - 2009-07-13 21:45 - 00027360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-06-13 14:53 - 2014-08-07 08:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-06-13 14:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\inetsrv
    2016-06-13 14:47 - 2011-11-03 10:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-13 14:47 - 2011-07-27 17:15 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2016-06-13 14:46 - 2011-07-27 17:29 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-06-13 14:46 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-13 14:29 - 2012-05-03 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-06-13 11:00 - 2016-03-16 08:20 - 00000000 ____D C:\Users\Brett\SecurityScans
    2016-06-09 10:52 - 2014-12-10 03:25 - 00000000 ____D C:\Windows\system32\appraiser
    2016-06-09 07:40 - 2011-08-01 16:10 - 00000000 ____D C:\Program Files (x86)\Google
    2016-06-09 07:18 - 2009-07-13 21:45 - 06003016 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-06-08 16:58 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\MSBuild
    2016-06-08 16:54 - 2011-08-17 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
    2016-06-08 16:49 - 2011-11-28 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
    2016-06-08 16:49 - 2011-11-28 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
    2016-06-08 16:46 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
    2016-06-08 16:45 - 2011-07-28 14:42 - 00000000 ____D C:\inetpub
    2016-06-08 16:45 - 2011-04-12 01:17 - 00000000 ____D C:\Windows\system32\0409
    2016-06-08 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
    2016-06-08 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2016-06-08 13:49 - 2015-01-29 07:15 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422540934
    2016-06-08 13:49 - 2013-03-05 09:23 - 00000000 ____D C:\Program Files (x86)\Opera
    2016-06-08 11:41 - 2011-08-10 11:36 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000Core.job
    2016-06-08 11:22 - 2011-04-12 01:28 - 00000000 ___RD C:\Users\Public\Recorded TV
    2016-06-08 10:36 - 2011-08-02 10:32 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2016-06-08 10:33 - 2015-01-21 16:18 - 00003978 _____ C:\Windows\System32\Tasks\EPSON WF-3620 Series Update {6CF4039E-DC58-4C2B-8298-29E30609319C}
    2016-06-08 10:33 - 2015-01-21 16:18 - 00003792 _____ C:\Windows\System32\Tasks\EPSON WF-3620 Series Invitation {6CF4039E-DC58-4C2B-8298-29E30609319C}
    2016-06-08 10:33 - 2015-01-21 11:17 - 00003308 _____ C:\Windows\System32\Tasks\{312A3800-E54D-4A99-8862-D52255DA01DE}
    2016-06-08 10:33 - 2012-08-08 07:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-06-08 10:33 - 2012-06-13 09:19 - 00003300 _____ C:\Windows\System32\Tasks\SidebarExecute
    2016-06-08 10:33 - 2012-04-23 16:17 - 00003314 _____ C:\Windows\System32\Tasks\{0D8B5A9C-86CB-4FAA-BCFB-F4D0D3B90AC0}
    2016-06-08 10:33 - 2011-12-08 14:24 - 00003338 _____ C:\Windows\System32\Tasks\{652E52A9-B828-4BD9-B6A7-D7F30BC4FD3A}
    2016-06-08 10:33 - 2011-11-03 10:07 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-06-08 10:33 - 2011-11-03 10:07 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-06-08 10:33 - 2011-09-09 09:52 - 00003612 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Brett-PC-Brett
    2016-06-08 10:33 - 2011-08-10 11:36 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000UA
    2016-06-08 10:33 - 2011-08-10 11:36 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000Core
    2016-06-08 10:33 - 2011-08-03 13:57 - 00004036 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{72DBEDBF-3E39-44AD-A33D-94B8794610F2}
    2016-06-08 10:33 - 2011-08-01 17:17 - 00003302 _____ C:\Windows\System32\Tasks\{394F9D8C-063A-4DBF-B6BC-D724F85595D4}
    2016-06-08 10:33 - 2011-07-28 06:50 - 00003192 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe
    2016-06-08 10:29 - 2011-07-27 15:37 - 00000000 ____D C:\Users\Brett
    2016-06-08 08:53 - 2016-03-16 10:40 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-08 08:53 - 2016-03-16 10:40 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-06-08 07:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Branding
    2016-06-07 18:17 - 2015-04-01 07:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMS
    2016-06-07 18:17 - 2011-08-15 15:56 - 00000000 ____D C:\Program Files (x86)\EMS
    2016-06-07 17:38 - 2016-03-16 08:19 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
    2016-06-07 17:38 - 2016-03-16 08:19 - 00001081 _____ C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.3.lnk
    2016-06-07 17:38 - 2016-01-07 07:28 - 00001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
    2016-06-07 17:38 - 2015-10-27 10:31 - 00001112 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
    2016-06-07 17:38 - 2015-10-01 07:54 - 00000981 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
    2016-06-07 17:38 - 2015-09-28 12:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-06-07 17:38 - 2015-09-28 12:38 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2016-06-07 17:38 - 2015-04-17 18:07 - 00000976 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
    2016-06-07 17:38 - 2015-04-01 07:33 - 00001212 _____ C:\Users\Public\Desktop\SQL Manager Lite for MySQL.lnk
    2016-06-07 17:38 - 2015-04-01 07:31 - 00001257 _____ C:\Users\Public\Desktop\SQL Manager Lite for SQL Server.lnk
    2016-06-07 17:38 - 2015-02-05 06:23 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 38.lnk
    2016-06-07 17:38 - 2015-01-29 07:15 - 00001115 _____ C:\Users\Public\Desktop\Opera 38.lnk
    2016-06-07 17:38 - 2015-01-21 16:19 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
    2016-06-07 17:38 - 2015-01-14 06:39 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2016-06-07 17:38 - 2014-07-24 13:37 - 00002651 _____ C:\Users\Public\Desktop\OneClickdigital Media Manager.lnk
    2016-06-07 17:38 - 2014-07-23 14:47 - 00002199 _____ C:\Users\Public\Desktop\Blio eBooks.lnk
    2016-06-07 17:38 - 2014-07-23 14:47 - 00002089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Blio eBooks.lnk
    2016-06-07 17:38 - 2014-07-23 06:41 - 00001622 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
    2016-06-07 17:38 - 2014-07-23 06:26 - 00000995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
    2016-06-07 17:38 - 2014-07-23 06:26 - 00000983 _____ C:\Users\Public\Desktop\Pidgin.lnk
    2016-06-07 17:38 - 2014-01-28 10:19 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2016-06-07 17:38 - 2014-01-28 10:19 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2016-06-07 17:38 - 2013-11-18 08:19 - 00000885 _____ C:\Users\Public\Desktop\HxD.lnk
    2016-06-07 17:38 - 2013-08-20 17:14 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-06-07 17:38 - 2013-04-15 14:30 - 00002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5 Beta 64-bit.lnk
    2016-06-07 17:38 - 2013-04-15 14:30 - 00002068 _____ C:\Users\Public\Desktop\Lightroom 5 Beta 64-bit.lnk
    2016-06-07 17:38 - 2013-01-15 07:29 - 00001043 _____ C:\Users\Public\Desktop\FontForge.lnk
    2016-06-07 17:38 - 2013-01-10 14:55 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
    2016-06-07 17:38 - 2013-01-10 14:55 - 00001011 _____ C:\Users\Public\Desktop\Inkscape.lnk
    2016-06-07 17:38 - 2012-09-28 10:20 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
    2016-06-07 17:38 - 2012-09-28 10:20 - 00001031 _____ C:\Users\Public\Desktop\Adobe Download Assistant.lnk
    2016-06-07 17:38 - 2012-09-24 07:39 - 00001396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
    2016-06-07 17:38 - 2012-09-24 07:39 - 00001384 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
    2016-06-07 17:38 - 2012-07-11 14:49 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
    2016-06-07 17:38 - 2012-04-16 07:55 - 00001141 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    2016-06-07 17:38 - 2012-01-31 10:53 - 00002525 _____ C:\Users\Public\Desktop\OverDrive Media Console.lnk
    2016-06-07 17:38 - 2011-12-01 08:36 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Rhapsody.lnk
    2016-06-07 17:38 - 2011-12-01 08:36 - 00000947 _____ C:\Users\Public\Desktop\Rhapsody.lnk
    2016-06-07 17:38 - 2011-11-08 07:43 - 00002903 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tomboy Notes.lnk
    2016-06-07 17:38 - 2011-11-02 13:22 - 00001857 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat!.LNK
    2016-06-07 17:38 - 2011-10-24 08:41 - 00001120 _____ C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
    2016-06-07 17:38 - 2011-09-21 10:51 - 00000869 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora.lnk
    2016-06-07 17:38 - 2011-09-21 10:51 - 00000857 _____ C:\Users\Public\Desktop\Pandora.lnk
    2016-06-07 17:38 - 2011-09-19 11:57 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
    2016-06-07 17:38 - 2011-09-09 08:55 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    2016-06-07 17:38 - 2011-09-09 08:55 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    2016-06-07 17:38 - 2011-09-09 08:55 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2016-06-07 17:38 - 2011-09-09 08:54 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
    2016-06-07 17:38 - 2011-09-09 08:53 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
    2016-06-07 17:38 - 2011-09-09 08:53 - 00001085 _____ C:\Users\Public\Desktop\Adobe Content Viewer.lnk
    2016-06-07 17:38 - 2011-09-09 08:50 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    2016-06-07 17:38 - 2011-09-07 06:22 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    2016-06-07 17:38 - 2011-09-07 06:22 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    2016-06-07 17:38 - 2011-09-07 06:21 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2016-06-07 17:38 - 2011-08-24 13:34 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
    2016-06-07 17:38 - 2011-08-24 13:34 - 00002491 _____ C:\Users\Public\Desktop\Safari.lnk
    2016-06-07 17:38 - 2011-08-24 13:34 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-06-07 17:38 - 2011-08-17 09:33 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2016-06-07 17:38 - 2011-08-01 16:56 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2016-06-07 17:38 - 2011-08-01 16:11 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
    2016-06-07 17:38 - 2011-08-01 14:58 - 00000952 _____ C:\Users\Public\Desktop\WinMerge.lnk
    2016-06-07 17:38 - 2011-08-01 08:32 - 00001126 _____ C:\Users\Public\Desktop\Zend Server Community Edition 5.1.0.lnk
    2016-06-07 17:38 - 2011-07-28 11:36 - 00001965 _____ C:\Users\Public\Desktop\Zend Studio - 8.0.1.lnk
    2016-06-07 17:38 - 2011-07-28 10:36 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-06-07 17:38 - 2011-07-28 10:36 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-06-07 17:38 - 2011-07-28 07:54 - 00002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MarvellTray.lnk
    2016-06-07 17:38 - 2011-07-28 07:54 - 00002065 _____ C:\Users\Public\Desktop\MarvellTray.lnk
    2016-06-07 17:38 - 2011-07-27 17:08 - 00001036 _____ C:\Users\Public\Desktop\smart6.lnk
    2016-06-07 17:38 - 2011-07-27 15:42 - 00002989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
    2016-06-07 17:38 - 2011-07-27 15:37 - 00001417 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-06-07 17:38 - 2011-07-27 15:33 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    2016-06-07 17:38 - 2011-07-27 15:33 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2016-06-07 17:38 - 2009-07-13 22:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2016-06-07 17:38 - 2009-07-13 21:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-06-07 17:38 - 2009-07-13 21:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2016-06-07 17:38 - 2009-07-13 21:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2016-06-07 17:38 - 2009-07-13 21:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2016-06-07 17:38 - 2009-07-13 21:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2016-06-07 17:37 - 2016-04-12 06:54 - 00002043 _____ C:\Users\Brett\Desktop\Top Overlooked Security Threats To Node_js Web Applications Presentation 1.pdf - Shortcut.lnk
    2016-06-07 17:37 - 2016-03-15 16:42 - 00001228 _____ C:\Users\Brett\Desktop\Error Log.lnk
    2016-06-07 17:37 - 2016-01-11 12:02 - 00000968 _____ C:\Users\Brett\Desktop\join.me.lnk
    2016-06-07 17:37 - 2015-09-24 12:29 - 00000947 _____ C:\Users\Brett\Desktop\phpDev - Shortcut.lnk
    2016-06-07 17:37 - 2015-07-30 10:26 - 00001066 _____ C:\Users\Brett\Desktop\Amazon Music.lnk
    2016-06-07 17:37 - 2015-06-10 06:53 - 00000876 _____ C:\Users\Brett\Desktop\RPOWERPOS.lnk
    2016-06-07 17:37 - 2015-06-10 06:53 - 00000876 _____ C:\Users\Brett\Desktop\K3server8.lnk
    2016-06-07 17:37 - 2015-05-26 13:48 - 00000876 _____ C:\Users\Brett\Desktop\vncview k3server6.lnk
    2016-06-07 17:37 - 2015-02-26 08:21 - 00002356 _____ C:\Users\Brett\Desktop\Chrome App Launcher.lnk
    2016-06-07 17:37 - 2014-07-23 06:41 - 00001764 _____ C:\Users\Brett\Desktop\ICQ.lnk
    2016-06-07 17:37 - 2013-04-25 06:39 - 00000905 _____ C:\Users\Brett\Desktop\Windows Update Troubleshooting Info.lnk
    2016-06-07 17:37 - 2013-04-08 17:59 - 00001796 _____ C:\Users\Brett\Desktop\Google Drive.lnk
    2016-06-07 17:37 - 2012-11-26 10:47 - 00001218 _____ C:\Users\Brett\Desktop\Dropbox.lnk
    2016-06-07 17:37 - 2012-04-04 16:48 - 00001758 _____ C:\Users\Brett\Desktop\crocs esc't.txt.lnk
    2016-06-07 17:37 - 2011-12-20 08:53 - 00000729 _____ C:\Users\Brett\Desktop\Google Talk Received Files.lnk
    2016-06-07 17:37 - 2011-11-08 07:43 - 00002943 _____ C:\Users\Brett\Desktop\Tomboy Notes.lnk
    2016-06-07 17:37 - 2011-11-02 13:22 - 00001827 _____ C:\Users\Brett\Desktop\The Bat!.LNK
    2016-06-07 17:37 - 2011-09-20 07:45 - 00001230 _____ C:\Users\Brett\Desktop\I.R.I.S. Resource Center.lnk
    2016-06-07 17:37 - 2011-09-12 09:12 - 00001853 _____ C:\Users\Brett\Desktop\WinSCP.lnk
    2016-06-07 17:37 - 2011-08-15 15:56 - 00001269 _____ C:\Users\Brett\Desktop\SQL Manager Lite for SQL Server.lnk
    2016-06-07 17:37 - 2011-08-01 17:09 - 00001035 _____ C:\Users\Brett\Desktop\WinDirStat.lnk
    2016-06-07 17:37 - 2011-08-01 07:17 - 00001172 _____ C:\Users\Brett\Desktop\Repair Network Driver.lnk
    2016-06-07 17:37 - 2011-07-28 13:26 - 00000592 _____ C:\Users\Brett\Desktop\BrettsC (BRETT-RPOWER) (V) - Shortcut.lnk
    2016-06-07 17:37 - 2011-07-27 15:37 - 00001244 _____ C:\Users\Brett\Desktop\Command Prompt.lnk
    2016-06-07 17:33 - 2011-07-28 13:25 - 00000000 ____D C:\Windows\pss
    2016-06-07 16:44 - 2014-08-07 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-06-07 16:44 - 2014-08-07 08:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-06-07 15:03 - 2012-04-06 08:56 - 00000000 ____D C:\ProgramData\F-Secure
    2016-06-07 14:28 - 2011-07-28 07:54 - 00075008 _____ C:\Windows\za_mv_raid.ev
    2016-06-07 14:28 - 2011-07-28 07:54 - 00000096 _____ C:\Windows\za_mv_seqnum.ev
    2016-06-07 14:28 - 2011-07-28 07:54 - 00000008 _____ C:\Windows\mvraidver.dat
    2016-06-07 14:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\IME
    2016-06-07 12:06 - 2013-05-07 09:23 - 00000000 ____D C:\ProgramData\Sophos
    2016-06-07 11:59 - 2011-07-27 15:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2016-06-07 11:44 - 2011-07-28 06:51 - 00000000 ____D C:\Users\UpdatusUser
    2016-06-07 09:13 - 2016-01-07 07:28 - 00000000 ____D C:\Users\Brett\.VirtualBox
    2016-06-07 09:11 - 2015-04-01 07:36 - 00047718 _____ C:\Users\Brett\ntuserdirect_MyManager.dat
    2016-06-07 07:08 - 2016-02-22 17:47 - 00056733 _____ C:\Users\Brett\Documents\student loan2.xlsx
    2016-06-06 13:00 - 2016-04-28 07:53 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2016-06-01 16:11 - 2012-04-16 07:55 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-06-01 16:11 - 2011-08-01 15:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-05-25 19:12 - 2016-03-01 19:04 - 00000000 ____D C:\Windows\SysWOW64\GWX
    2016-05-25 19:12 - 2015-04-07 18:47 - 00000000 ___SD C:\Windows\system32\GWX
    2016-05-25 12:15 - 2011-07-27 15:39 - 00000000 ___HD C:\Program Files (x86)\Temp
    2016-05-25 12:12 - 2011-07-27 15:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-05-23 07:19 - 2009-07-13 22:08 - 00032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-05-16 13:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2016-05-16 07:28 - 2009-07-13 22:13 - 01111032 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-16 07:17 - 2011-04-12 01:28 - 00000000 ____D C:\Program Files\Windows Journal

    ==================== Files in the root of some directories =======

    2011-09-22 09:47 - 2011-09-22 09:48 - 0000132 _____ () C:\Users\Brett\AppData\Roaming\Adobe BMP Format CS5 Prefs
    2012-05-17 14:20 - 2016-03-31 10:43 - 0000132 _____ () C:\Users\Brett\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2016-06-07 09:40 - 2016-06-07 09:40 - 6867968 _____ () C:\Users\Brett\AppData\Roaming\agent.dat
    2016-06-07 09:39 - 2016-06-07 09:39 - 0128512 _____ () C:\Users\Brett\AppData\Roaming\Installer.dat
    2016-06-07 09:40 - 2016-06-07 09:40 - 0018432 _____ () C:\Users\Brett\AppData\Roaming\Main.dat
    2011-09-12 09:12 - 2011-09-15 13:08 - 0000600 _____ () C:\Users\Brett\AppData\Roaming\winscp.rnd
    2011-09-12 18:00 - 2016-04-25 14:38 - 0001456 _____ () C:\Users\Brett\AppData\Local\Adobe Save for Web 12.0 Prefs
    2013-01-14 07:29 - 2013-01-14 07:29 - 0000218 _____ () C:\Users\Brett\AppData\Local\recently-used.xbel
    2011-08-02 08:31 - 2016-06-08 17:36 - 0007597 _____ () C:\Users\Brett\AppData\Local\Resmon.ResmonCfg
    2011-08-10 10:59 - 2014-11-11 13:21 - 0021089 _____ () C:\ProgramData\hpzinstall.log
    2015-02-05 07:51 - 2016-04-21 17:30 - 0001483 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2016-04-25 07:28 - 2016-04-25 07:28 - 0000016 _____ () C:\ProgramData\mntemp

    Files to move or delete:
    ====================
    C:\Users\Brett\ntuserdirect_MSManager.dat
    C:\Users\Brett\ntuserdirect_MyManager.dat


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-06-07 00:31

    ==================== End of FRST.txt ============================
     
  4. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Addition.txt....


    Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
    Ran by Brett (2016-06-13 17:14:05)
    Running from C:\Users\Brett\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) (2011-07-27 22:37:04)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1722142055-1796014379-4179580014-500 - Administrator - Disabled)
    Brett (S-1-5-21-1722142055-1796014379-4179580014-1000 - Administrator - Enabled) => C:\Users\Brett
    Guest (S-1-5-21-1722142055-1796014379-4179580014-501 - Limited - Disabled)
    UpdatusUser (S-1-5-21-1722142055-1796014379-4179580014-1001 - Limited - Disabled) => C:\Users\UpdatusUser
    ZendUser (S-1-5-21-1722142055-1796014379-4179580014-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @Bios Ver.2.06 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.06 - GIGABYTE)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    7500_7600_7700_Help1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_e7e6bb3ae60aaa1c5b11aa97d8f15b0) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
    Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
    Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
    Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5 Beta 64-bit (HKLM\...\{652E6883-26B8-4683-BDAA-8AD37D00C045}) (Version: 5.0.0 - Adobe)
    Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
    Advanced IP Scanner 2.4 (HKLM-x32\...\{C3CF783A-5457-4989-966F-7BE08812FB71}) (Version: 2.4.2601 - Famatech)
    AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
    Amazon Music (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
    Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Gamer OSD (HKLM-x32\...\{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}) (Version: 3.06.0731 - ASUSTeK COMPUTER INC.)
    ASUS Smart Doctor (HKLM-x32\...\InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}) (Version: 5.43 - ASUSTek COMPUTER INC.)
    ASUS Smart Doctor (x32 Version: 5.43 - ASUSTek COMPUTER INC.) Hidden
    ASUS VideoSecurity Online (HKLM-x32\...\InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}) (Version: 3.5.1.3 - ASUSTeK Computer Inc.)
    ASUS VideoSecurity Online (x32 Version: 3.5.1.3 - ASUSTeK Computer Inc.) Hidden
    AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
    AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
    Blio (HKLM-x32\...\{0361F83A-9DFC-483F-BC9E-7A73170612EA}) (Version: 3.3.9721 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
    BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    Brackets (HKLM-x32\...\{EF4E49D9-63EF-4BD4-BAD0-2234C79970D3}) (Version: 1.7 - brackets.io)
    BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
    Cox TV Connect (HKLM-x32\...\{EA86FAE4-25FE-48B1-89E6-24D51B47C2B1}) (Version: 11.53.00 - Cox Communications)
    Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
    Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
    Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.39.1 - Dropbox, Inc.) Hidden
    Easy Tune 6 B10.0420.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
    Easy Tune 6 B10.0420.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    EMS SQL Manager 2011 Lite for SQL Server (HKLM-x32\...\{D368A75F-913B-4415-947D-F6B1BA9DB2F4}) (Version: 3.7.0.1 - EMS)
    EMS SQL Manager Lite for SQL Server (HKLM-x32\...\{2435A7B0-D45E-4D0F-8F75-D7060CE1B43A}) (Version: 4.1.0.45480 - EMS Database Management Solutions, Ltd.)
    Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
    EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)
    Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
    FontForge version 1.0 (HKLM-x32\...\{16CB5DA9-AB24-4F1E-9D55-C088245B8120}_is1) (Version: 1.0 - Download Freely, LLC)
    GDR 2550 for SQL Server 2008 R2 (KB2716440) (64-bit) (HKLM\...\KB2716440) (Version: 10.51.2550.0 - Microsoft Corporation)
    GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
    GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
    Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
    Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    GoToMeeting 7.18.0.4962 (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\GoToMeeting) (Version: 7.18.0.4962 - CitrixOnline)
    Gtk# for .Net 2.12.21 (HKLM-x32\...\{71109D19-D8C1-437D-A6DA-03B94F5187FB}) (Version: 2.12.21 - Xamarin, Inc.)
    Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
    HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{A818DAE1-EBBE-4438-B557-8115955D88E4}) (Version: 14.0 - HP)
    HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
    ICQ 8.2 (build 7100) (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\ICQ) (Version: 8.2.7100.0 - ICQ)
    IIS Diagnostics Toolkit January 2006 (AMD64) (HKLM\...\{269F4A2A-D659-4D2F-A6CC-20051225051C}) (Version: 1.5.1225.0 - Microsoft Corporation)
    IIS URL Rewrite Module 2 (HKLM\...\{EB675D0A-2C95-405B-BEE8-B42A65D23E11}) (Version: 7.2.2 - Microsoft Corporation)
    Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
    iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
    Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
    Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    join.me (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\JoinMe) (Version: 2.11.0.1717 - LogMeIn, Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    L7000_Basic (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Marvell MRU V4 (HKLM-x32\...\mv61xxMRU) (Version: 4.1.0.1700 - Marvell)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
    Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C058FC5D-565F-4360-A562-0527A3D993DC}) (Version: 2.3.2211 - Microsoft Corporation)
    Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCELR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
    Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6A0F9093-6EDF-45B2-8783-9EB9D15F8339}) (Version: 10.51.2550.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
    Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
    Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
    Miranda IM 0.10.4 (HKLM-x32\...\Miranda IM) (Version: 0.10.4 - Miranda IM Project)
    Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MySQL Workbench 6.3 CE (HKLM\...\{59958BAC-A61D-4A23-8082-CC2FDF17937F}) (Version: 6.3.6 - Oracle Corporation)
    NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
    NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
    Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    NVIDIA 3D Vision Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
    NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
    NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
    ON_OFF Charge B10.0422.2 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
    OneClickdigital Media Manager (HKLM-x32\...\{C259BBE2-2531-4387-B5E3-9E6845854272}) (Version: 61.0.0.0 - Recorded Books)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Opera Stable 38.0.2220.29 (HKLM-x32\...\Opera 38.0.2220.29) (Version: 38.0.2220.29 - Opera Software)
    Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
    OverDrive Media Console (HKLM-x32\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)
    Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
    Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )
    Rhapsody (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\8aa854a199af1b36) (Version: 6.17.22.0 - Rhapsody International Inc.)
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
    Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
    ShellFolderFix 1.1.4 (HKLM\...\{3DD823AB-145A-4522-B9F6-A9566121F837}_is1) (Version: - )
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Smart 6 B11.0824.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
    Smart Dual Lan (HKLM-x32\...\{FB238A00-FB43-49C8-8955-6F1F430944B7}) (Version: 1.00.0000 - Realtek)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
    SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Analysis Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 BI Development Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Client Tools (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Integration Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Reporting Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    The Bat! Professional v3.98.4 (HKLM-x32\...\{FCBBBD2E-CAF5-4C80-B73E-4657703EF259}) (Version: 3.98.4 - Ritlabs)
    Tomboy Notes (HKLM-x32\...\{F8AC5942-DB6B-49F1-95F2-76380E1F0A2C}) (Version: 1.14.0.0 - Tomboy Project)
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
    Utility (x32 Version: 1.00.0002 - ASUSTek) Hidden
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
    WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
    Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
    WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
    WinDirStat 1.1.2 (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\WinDirStat) (Version: - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
    WinSCP 4.3.4 (HKLM-x32\...\winscp3_is1) (Version: 4.3.4 - Martin Prikryl)
    XviD MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - XviD Development Team)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Zend Server (x32 Version: 4.0.1 - Zend Technologies) Hidden
    Zend Server Community Edition (HKLM-x32\...\InstallShield_{DCDC2DF0-7305-4F7F-A78C-F5148819928F}) (Version: 4.0.1 - Zend Technologies)
    Zend Studio 8.0.1 (HKLM-x32\...\{A73D4BEE-2BBE-4285-BF6C-4B8C7C002290}) (Version: 8.0.1 - Zend Technologies Ltd.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Brett\AppData\Local\Citrix\GoToMeeting\4800\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
     
  5. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Addition.txt continued...


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01E726C6-19D1-48AD-8F9E-DC43020B3C6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000Core => C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {1240AB07-C2AF-4063-99DF-08193C89FD08} - System32\Tasks\{312A3800-E54D-4A99-8862-D52255DA01DE} => pcalua.exe -a "C:\Users\Brett\Downloads\QuickTimeInstaller (1).exe" -d C:\Users\Brett\Downloads
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {4237B16E-8A80-4C4E-B1F4-5F668C67384A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-01] (Adobe Systems Incorporated)
    Task: {56F55C45-9BAE-4A77-BCD8-B586E5E5157F} - System32\Tasks\{652E52A9-B828-4BD9-B6A7-D7F30BC4FD3A} => pcalua.exe -a C:\Users\Brett\Downloads\New_PC_Studio_1.4.1_AD2.exe -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {5D8DFBF9-9413-400A-86B8-04BCF7BF7CF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {64775044-053F-4C2A-8F55-C9D6651B4373} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {80ECE277-D76D-4CD6-BF70-EF74F6445067} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {86E9C180-AD73-4B09-8900-291C2BD7FB60} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {8FF9DB0C-085D-4797-BB71-DF431F9BD127} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000UA => C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {9599A4A6-2F6C-435B-B759-CC53F1DB9CB0} - System32\Tasks\{0D8B5A9C-86CB-4FAA-BCFB-F4D0D3B90AC0} => pcalua.exe -a C:\Users\Brett\Downloads\SQLSRV20(1).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {96BDBB7C-1CC7-4A1D-8E9E-A8EEAD7B086B} - System32\Tasks\EPSON WF-3620 Series Update {6CF4039E-DC58-4C2B-8298-29E30609319C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {97CB488C-26AF-4CD8-8FBB-58C813B40290} - System32\Tasks\Opera scheduled Autoupdate 1422540934 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-06] (Opera Software)
    Task: {A3F9F643-C953-470F-8D01-67C516EB7720} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
    Task: {A611CD2E-1AC1-4546-89B8-E14721D7984B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {AF027826-30AC-4B64-8562-382AD03B5765} - System32\Tasks\AdobeAAMUpdater-1.0-Brett-PC-Brett => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
    Task: {B4409CBE-B5B7-4DEE-8BCB-A364791DE27F} - System32\Tasks\EPSON WF-3620 Series Invitation {6CF4039E-DC58-4C2B-8298-29E30609319C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {BFDD5801-3B60-4C2F-99CF-1B84140E720C} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {EBAB9099-D565-4457-9C7F-020AEF23EFC1} - System32\Tasks\{394F9D8C-063A-4DBF-B6BC-D724F85595D4} => pcalua.exe -a C:\Users\Brett\Downloads\windirstat1_1_2_setup.exe -d C:\Users\Brett\Downloads
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {6CF4039E-DC58-4C2B-8298-29E30609319C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {6CF4039E-DC58-4C2B-8298-29E30609319C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{6CF4039E-DC58-4C2B-8298-29E30609319C} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000Core.job => C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000UA.job => C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2012-11-18 03:06 - 2013-09-12 00:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2009-07-27 11:13 - 2009-07-27 11:13 - 00061440 _____ () C:\Windows\SysWOW64\ASDR.exe
    2012-12-12 21:37 - 2012-12-12 21:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
    2011-09-20 14:32 - 2011-09-20 14:32 - 00008704 _____ () C:\Windows\assembly\GAC_64\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll
    2011-07-27 17:38 - 2009-07-02 20:49 - 00449024 _____ () C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
    2015-07-30 10:26 - 2015-07-20 22:02 - 05887808 _____ () C:\Users\Brett\AppData\Local\Amazon Music\Amazon Music Helper.exe
    2013-10-02 11:58 - 2013-10-02 11:58 - 08089936 _____ () C:\Users\Brett\AppData\Local\NDS\PCShow\NDSPCShowServer.exe
    2013-03-25 23:43 - 2013-03-25 23:43 - 00640000 _____ () C:\Program Files (x86)\Tomboy\Tomboy.exe
    2016-06-08 08:53 - 2016-06-03 18:01 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
    2016-06-08 08:53 - 2016-06-03 18:01 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
    2016-06-08 08:53 - 2016-06-03 18:01 - 31491736 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00036878 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00310443 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00092285 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00201726 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00106712 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00373657 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00150086 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00116583 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00171090 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00055804 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00416065 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00237138 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00047391 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00028276 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00023851 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00486400 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
    2013-10-02 11:58 - 2013-10-02 11:58 - 00332104 _____ () C:\Users\Brett\AppData\Local\NDS\PCShow\ndsLogStore.dll
    2013-10-02 11:58 - 2013-10-02 11:58 - 03006792 _____ () C:\Users\Brett\AppData\Local\NDS\PCShow\DrmSingleton.dll
    2013-10-02 11:58 - 2013-10-02 11:58 - 07556936 _____ () C:\Users\Brett\AppData\Local\NDS\PCShow\gsttspplugin.dll
    2013-10-02 11:58 - 2013-10-02 11:58 - 00688984 _____ () C:\Users\Brett\AppData\Local\NDS\PCShow\libgstreamer-0.10.dll
    2013-10-02 11:58 - 2013-10-02 11:58 - 01403208 _____ () C:\Users\Brett\AppData\Local\NDS\PCShow\libxml2-2.dll
    2013-10-02 11:58 - 2013-10-02 11:58 - 00091960 _____ () C:\Users\Brett\AppData\Local\NDS\PCShow\z.dll
    2016-05-16 09:13 - 2016-05-16 09:13 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\36228373a740e360eb9e81fe1e54615e\IsdiInterop.ni.dll
    2011-07-27 15:41 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2012-12-12 20:30 - 2012-12-12 20:30 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
    2016-06-08 12:34 - 2016-06-08 12:34 - 48942256 _____ () C:\Program Files (x86)\Brackets\libcef.dll
    2016-06-08 12:34 - 2016-06-08 12:34 - 00120832 _____ () C:\Program Files (x86)\Brackets\www\filesystem\impls\appshell\node\node_modules\fsevents_win\build\Release\fswatch_win.node
    2011-04-04 14:50 - 2011-04-04 14:50 - 00393416 _____ () C:\Program Files (x86)\Tomboy\MonoPosixHelper.DLL
    2011-11-22 10:48 - 2014-03-03 08:58 - 01294335 _____ () C:\GtkPlus\bin\libcairo-2.dll
    2010-02-05 21:55 - 2014-03-03 08:58 - 00279059 _____ () C:\GtkPlus\bin\libfontconfig-1.dll
    2009-01-31 22:42 - 2014-03-03 08:58 - 00143096 _____ () C:\GtkPlus\bin\libexpat-1.dll
    2010-12-27 14:12 - 2014-03-03 08:58 - 00538324 _____ () C:\GtkPlus\bin\freetype6.dll
    2010-08-17 16:38 - 2014-03-03 08:58 - 00230529 _____ () C:\GtkPlus\bin\libpng14-14.dll
    2010-08-20 11:18 - 2014-03-03 08:58 - 00100352 _____ () C:\GtkPlus\bin\zlib1.dll
    2012-02-08 21:37 - 2014-03-03 08:58 - 00100255 _____ () C:\GtkPlus\lib\gtk-2.0\2.10.0\engines\libwimp.dll
    2013-04-29 16:49 - 2013-04-29 16:49 - 00084279 _____ () C:\Program Files (x86)\GtkSharp\2.12\bin\glibsharpglue-2.DLL
    2013-04-29 16:49 - 2013-04-29 16:49 - 00556298 _____ () C:\Program Files (x86)\GtkSharp\2.12\bin\gtksharpglue-2.DLL
    2013-04-29 16:49 - 2013-04-29 16:49 - 00112879 _____ () C:\Program Files (x86)\GtkSharp\2.12\bin\gdksharpglue-2.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\rhapsody.com -> hxxps://rhap-app-4-0.rhapsody.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2016-06-07 15:04 - 00000885 ____A C:\Windows\system32\Drivers\etc\hosts



    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: BBSvc => 2
    MSCONFIG\Services: BBUpdate => 3
    MSCONFIG\Services: dbupdate => 2
    MSCONFIG\Services: dbupdatem => 3
    MSCONFIG\Services: DES2 Service => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: JMB36X => 2
    MSCONFIG\Services: MRUWebService => 2
    MSCONFIG\Services: SDLService => 2
    MSCONFIG\Services: WeatherChiknSrvr => 2
    MSCONFIG\Services: Zonekix => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Zend Controller.lnk => C:\Windows\pss\Zend Controller.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Brett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Launch Jawbone Updater.lnk => C:\Windows\pss\Launch Jawbone Updater.lnk.Startup
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ASUSGamerOSD => C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: Breakaway => "C:\Program Files (x86)\Breakaway1.4\breakaway.exe" force
    MSCONFIG\startupreg: Digital Coupon Print Driver => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
    MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
    MSCONFIG\startupreg: EasyTuneVI => C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
    MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
    MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: icq => C:\Users\Brett\AppData\Roaming\ICQM\icq.exe -CU
    MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    MSCONFIG\startupreg: MRUTray => C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{649583B8-782C-4637-8133-8BABE4A8C42B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    FirewallRules: [{AE057E5C-EBC2-47FE-858C-E35523707451}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    FirewallRules: [TCP Query User{2DF62BF5-E760-45B3-B0ED-341608D6D32C}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe
    FirewallRules: [UDP Query User{0E455E0E-9E5A-42A7-91A2-601E45047F96}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe
    FirewallRules: [TCP Query User{A46F6428-EBF8-4102-83A6-A01B51D70A2E}C:\program files (x86)\miranda im\miranda32.exe] => (Allow) C:\program files (x86)\miranda im\miranda32.exe
    FirewallRules: [UDP Query User{BB71072D-839E-497C-B16C-9EE4DE3254FB}C:\program files (x86)\miranda im\miranda32.exe] => (Allow) C:\program files (x86)\miranda im\miranda32.exe
    FirewallRules: [TCP Query User{0789E310-FD0B-48AC-A3EE-33217A1072FB}C:\program files (x86)\zend\zend studio - 8.0.1\zendstudio.exe] => (Allow) C:\program files (x86)\zend\zend studio - 8.0.1\zendstudio.exe
    FirewallRules: [UDP Query User{20107522-1B21-436A-B606-BCC85A875E23}C:\program files (x86)\zend\zend studio - 8.0.1\zendstudio.exe] => (Allow) C:\program files (x86)\zend\zend studio - 8.0.1\zendstudio.exe
    FirewallRules: [TCP Query User{745A4974-A7C0-48AF-8324-6AFEA5798357}C:\program files (x86)\miranda im\miranda32.exe] => (Block) C:\program files (x86)\miranda im\miranda32.exe
    FirewallRules: [UDP Query User{04C862C6-12A1-4B7C-A9BE-709170773012}C:\program files (x86)\miranda im\miranda32.exe] => (Block) C:\program files (x86)\miranda im\miranda32.exe
    FirewallRules: [{834A22ED-8961-49B7-8B05-E61F744DA264}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{6EB43CB6-2E21-46EC-9ADF-D077B6AF32DE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{76EC055C-F944-4353-985B-52585AFD35E5}] => (Allow) D:\WinTemp\AppData\Local\Temp\7zS7291\OJProL7X00_Basic_14\setup\hpznui40.exe
    FirewallRules: [{C5007291-6BC3-4C38-9043-378D6460C86D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{F58395D4-C1D9-4993-BF53-E3449C5192DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{97B1C1A4-2758-4B04-9106-51AA12430877}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{A85B3D9B-7EC1-49F6-AAEE-93A885C5476E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{59907EAB-8C4E-4E9F-9878-BAB889850735}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{34E547A1-8E53-4ADD-A29D-13509827036F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{BDC0EC3C-0FC4-4037-8218-09D48FD015FD}] => (Allow) LPort=2869
    FirewallRules: [{43EDDC3B-2289-41D2-A406-F01F9239D881}] => (Allow) LPort=1900
    FirewallRules: [{15E2DFF1-3E9E-40A6-BABF-4F9B9752ADB9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{9B791286-7E80-4A89-B97D-41F601DE4649}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{862CAB1A-0BF0-4958-9C91-8052AD2855BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{9B9027A7-8357-4F1A-AF97-E8661A8D3D66}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{A2E88E58-DD7F-4615-A9D9-03B585BD88A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{B62240A2-CD4D-41C4-B057-86EA8072FC82}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{60A25641-E516-4519-9763-D8A2619BD3BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{11038C88-C553-47A2-83F5-F71828B9AD72}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{040F9044-E413-431B-8328-2706EE8087E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{34689BE3-8474-4A03-B402-BCD341019A92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{729920C3-3726-484D-AB76-57B013728627}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{A3575ADE-80D1-4217-BAF0-DE0DA2F43DFC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{13DFDBBA-85B9-47FC-94DE-D0043C1559B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{A46918E8-BC79-4505-BD15-915AC9F4CCCC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{D837C17B-B21B-424E-BA68-AEC8AF7365EC}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [TCP Query User{4CB2FE52-7047-48A2-88DE-C4970E009DFD}C:\program files (x86)\gigabyte\smart6\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\smart6\gbtupd.exe
    FirewallRules: [UDP Query User{2F64B26B-6BE6-429D-962C-BB894C865936}C:\program files (x86)\gigabyte\smart6\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\smart6\gbtupd.exe
    FirewallRules: [TCP Query User{E5DA35C3-FAEF-4BE7-A727-AB36B0409395}C:\program files (x86)\gigabyte\smart6\updexe.exe] => (Block) C:\program files (x86)\gigabyte\smart6\updexe.exe
    FirewallRules: [UDP Query User{9574B8C4-726A-4918-A4F1-7FB41B3FF396}C:\program files (x86)\gigabyte\smart6\updexe.exe] => (Block) C:\program files (x86)\gigabyte\smart6\updexe.exe
    FirewallRules: [TCP Query User{85C0522B-719D-43D3-8ED4-2345C93C0834}C:\program files (x86)\napster\napster.exe] => (Allow) C:\program files (x86)\napster\napster.exe
    FirewallRules: [UDP Query User{8A95B0D4-DC7C-42AA-9FE8-474A43B93887}C:\program files (x86)\napster\napster.exe] => (Allow) C:\program files (x86)\napster\napster.exe
    FirewallRules: [TCP Query User{7E6436E1-F198-4496-A000-7FAA99713980}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
    FirewallRules: [UDP Query User{5F9C77ED-2408-4271-9A74-09E3140A0D09}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
    FirewallRules: [{93A87AAC-D985-4A1C-A9A4-B6E5CAF78076}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
    FirewallRules: [{DAADEBB8-B19F-4CCE-8F14-E388BCD1C548}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
    FirewallRules: [{F14F80CE-664B-4A1D-B657-FD525A40AB89}] => (Allow) D:\menuImports\npsasvr.exe
    FirewallRules: [{A598D455-8A9B-410E-A5CA-A57C97C99860}] => (Allow) D:\menuImports\npsasvr.exe
    FirewallRules: [{6EA71E0A-6DAA-405E-B518-223B5338FCD8}] => (Allow) D:\menuImports\npsvsvr.exe
    FirewallRules: [{764230B1-02F9-4BB1-A2FC-00BB148BD198}] => (Allow) D:\menuImports\npsvsvr.exe
    FirewallRules: [TCP Query User{90AE0930-856D-43C9-929A-CACFE2A77AF0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{CAA43023-926E-4FAA-B2F6-0E14424D0CC1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{9643E137-9216-4AD9-963C-6F9466650ADA}C:\users\brett\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Block) C:\users\brett\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [UDP Query User{4E65DEB1-4C45-422C-95B2-7776D3F8FFD2}C:\users\brett\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Block) C:\users\brett\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [TCP Query User{E7CF8502-1255-418B-B467-2A519A70ABA9}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [UDP Query User{7A8A49CD-7712-47DF-9072-B5F4FF328419}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [TCP Query User{A141A18F-515D-4123-9E30-47100336D942}C:\program files (x86)\mono-2.10.6\bin\mono.exe] => (Block) C:\program files (x86)\mono-2.10.6\bin\mono.exe
    FirewallRules: [UDP Query User{9D9ECF9B-6D8D-4767-A091-3EB81519741E}C:\program files (x86)\mono-2.10.6\bin\mono.exe] => (Block) C:\program files (x86)\mono-2.10.6\bin\mono.exe
    FirewallRules: [{F3301210-993C-4426-96FF-72535428B379}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{C28FAA86-9720-4667-95A8-494A63EE3862}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{3735DDDD-C0A3-4933-A42A-2AA9567A98DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B699AFB0-9371-4D67-8827-19B4B914622A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{88FE09D0-AD97-4A8C-9211-61EE37CC8088}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A9AA9173-013B-41A2-B5AE-F6811F139BC4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{F27F095D-9AD4-46C4-8C89-F5978277AD0F}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe
    FirewallRules: [UDP Query User{A7D28249-24A7-486D-A2D1-7962B5E3FBC3}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe
    FirewallRules: [TCP Query User{F443CF85-E735-4099-B6D7-74B1173E1C6A}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{A554BF97-1797-4A13-A74B-1558AC11E0DB}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{0126BDB0-1DA9-4962-ACF5-6B4A71EB3428}C:\users\brett\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\brett\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{A4A80D1E-D9CE-4B29-8B08-CE79242E57FE}C:\users\brett\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\brett\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{132C56E7-7048-4586-AE0E-0EC308D490A5}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
    FirewallRules: [{7A62AE34-5DE6-4478-BF0D-A741AE27EB4C}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
    FirewallRules: [{7EA61E59-D11E-4021-8624-D82ABBDCF7B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{8B6A5293-D25E-4B31-999D-064746B6FE25}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{5598F752-2883-4151-87B0-CB06DD9D8B2F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [TCP Query User{B6751A6A-8842-4C3E-AC0F-A682315B67D9}D:\wintemp\appdata\local\temp\lmiecd7.tmp\logmein client.exe] => (Allow) D:\wintemp\appdata\local\temp\lmiecd7.tmp\logmein client.exe
    FirewallRules: [UDP Query User{6C1AEE32-022C-4683-A2EC-3CF0C834D6F5}D:\wintemp\appdata\local\temp\lmiecd7.tmp\logmein client.exe] => (Allow) D:\wintemp\appdata\local\temp\lmiecd7.tmp\logmein client.exe
    FirewallRules: [TCP Query User{19573729-EA8F-49F7-BE17-02D3E3AE309E}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Block) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
    FirewallRules: [UDP Query User{76509D7D-228C-4208-B780-01A93FF4E4ED}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Block) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
    FirewallRules: [{08EC233A-4B19-4746-8FA6-80653197F689}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe
    FirewallRules: [{F78EEA93-13E4-4506-8821-685BA5A09D8E}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe
    FirewallRules: [{630F0C54-0EBC-4415-ABE0-4380C3F58525}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F17F4FD4-D307-49DC-94DA-62C2F276B1C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{41BEC0C4-FFAE-48CD-850A-476D2F635A85}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{78A332BC-884F-4FF6-981C-829EA5834718}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{594BE973-5E26-44C8-8C0D-5721D0F501EE}] => (Allow) D:\WinTemp\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{138F7B78-C77E-49AE-BA6B-9B4BA2826913}] => (Allow) D:\WinTemp\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [TCP Query User{474ED91E-4452-4415-84BD-8ED23ED55D64}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{3024AC85-4C99-4685-B58F-4C23531F2693}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{6B0C6014-4B71-41C3-9A7F-A16FAAFB7DFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{20967EFA-BA50-4DF1-B066-746356011ADB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3C2D47A2-88B3-4963-A7BF-3C901E05F9FA}] => (Allow) C:\Users\Brett\AppData\Local\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{B23C61D9-12D9-4D4C-8411-9AE53FDADA22}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
    FirewallRules: [UDP Query User{21545605-F341-4381-9223-120B06E95625}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
    FirewallRules: [TCP Query User{911ED9B9-4E28-4767-A264-0DF87287B56A}D:\wintemp\appdata\local\temp\joicd55.tmp\join.me.exe] => (Allow) D:\wintemp\appdata\local\temp\joicd55.tmp\join.me.exe
    FirewallRules: [UDP Query User{14465195-93A7-4C7F-BE13-472213A3C565}D:\wintemp\appdata\local\temp\joicd55.tmp\join.me.exe] => (Allow) D:\wintemp\appdata\local\temp\joicd55.tmp\join.me.exe
    FirewallRules: [TCP Query User{F90B5FAD-EE46-4523-9C45-F51D8486B1E1}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
    FirewallRules: [UDP Query User{56F9C9DD-0262-486C-875E-CEE19407D29D}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
    FirewallRules: [TCP Query User{522D584E-B632-4BB7-83A9-E5F7722D5213}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
    FirewallRules: [UDP Query User{6970C9AA-BB95-4B18-A12D-26026BD21E2A}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
    FirewallRules: [{D25746A4-E1FE-489A-8A68-25C82B2A73A0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{AFA55E27-D170-4FEE-A7C0-F34AAE08A5B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
    FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
    FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
    FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe

    ==================== Restore Points =========================

    08-06-2016 14:09:39 Automatic creation
    09-06-2016 11:25:05 Automatic creation
    13-06-2016 15:17:03 Automatic creation

    ==================== Faulty Device Manager Devices =============

    Name: MpKslaba8b6e9
    Description: MpKslaba8b6e9
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: MpKslaba8b6e9
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Officejet Pro L7600
    Description: Officejet Pro L7600
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: HP
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: LogMeIn Kernel Information Provider
    Description: LogMeIn Kernel Information Provider
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: LMIInfo
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Officejet Pro L7600
    Description: Officejet Pro L7600
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: HP Officejet Pro 8620
    Description: HP Officejet Pro 8620
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/13/2016 05:12:00 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (06/13/2016 03:17:01 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {71f4e6c9-9b40-465f-8d24-a3f748891b0b}

    Error: (06/13/2016 02:48:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/13/2016 02:47:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SmartDoctor.exe, version: 5.4.3.7, time stamp: 0x4a74e69d
    Faulting module name: SmartDoctor.exe, version: 5.4.3.7, time stamp: 0x4a74e69d
    Exception code: 0xc0000005
    Fault offset: 0x0002cddd
    Faulting process id: 0xe68
    Faulting application start time: 0xSmartDoctor.exe0
    Faulting application path: SmartDoctor.exe1
    Faulting module path: SmartDoctor.exe2
    Report Id: SmartDoctor.exe3

    Error: (06/13/2016 02:47:29 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 8355) (User: )
    Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

    Error: (06/13/2016 02:47:27 PM) (Source: MSSQLServerOLAPService) (EventID: 0) (User: )
    Description: The service cannot be started: XML parsing failed at line 1, column 1: Incorrect document syntax.
    .

    Error: (06/13/2016 02:47:24 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 3414) (User: )
    Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

    Error: (06/13/2016 02:47:24 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
    Description: The log scan number (335:456:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (06/13/2016 02:47:08 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
    Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

    Error: (06/13/2016 02:31:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (06/13/2016 02:49:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    The service did not start due to a logon failure.


    Error: (06/13/2016 02:49:53 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    Logon failure: account currently disabled.


    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (06/13/2016 02:48:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

    Error: (06/13/2016 02:47:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (06/13/2016 02:47:37 PM) (Source: SNMP) (EventID: 1500) (User: )
    Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error: (06/13/2016 02:46:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Marvell RAID Event Agent service depends on the MRU Web Service service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Error: (06/13/2016 02:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
    The system cannot find the path specified.


    Error: (06/13/2016 02:33:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    The service did not start due to a logon failure.


    Error: (06/13/2016 02:33:07 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    Logon failure: account currently disabled.


    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (06/13/2016 02:31:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)


    CodeIntegrity:
    ===================================
    Date: 2012-04-06 08:56:57.369
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\WinTemp\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-04-06 08:56:57.360
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\WinTemp\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
    Percentage of memory in use: 41%
    Total physical RAM: 16382.27 MB
    Available physical RAM: 9541.23 MB
    Total Virtual: 32762.73 MB
    Available Virtual: 25499.28 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.51 GB) (Free:267.45 GB) NTFS
    Drive d: (SDD) (Fixed) (Total:59.52 GB) (Free:15.26 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 62191A89)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: EECF37B9)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Thank you for your help on this.

    All four scans completed... here are the logs as requested. I'll be back in the morning. Again, thanks so much for your help.



    RogueKiller V12.3.3.0 [Jun 13 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Brett [Administrator]
    Started from : C:\Users\Brett\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 06/13/2016 18:53:03

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 13 ¤¤¤
    [Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\{086C8477-4F71-4550-87FB-AF0AE8DF3E98} | Exec : C:

    \Users\Brett\AppData\Roaming\ICQM\icq.exe [7] -> Deleted
    [Suspicious.Path|VT.Unknown] (X86) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\{086C8477-4F71-4550-87FB-AF0AE8DF3E98} | Exec : C:

    \Users\Brett\AppData\Roaming\ICQM\icq.exe [7] -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MpKslaba8b6e9 (\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AFB22D2-D0D5-4792-81DB-

    4E2C696F35C0}\MpKslaba8b6e9.sys) -> Deleted
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://mlb.mlb.com/home -> Replaced

    (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://mlb.mlb.com/home -> Replaced

    (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Replaced (1)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Raid_OS +++++
    --- User ---
    [MBR] bd308a23c07c34ebb81aca282b18ef89
    [BSP] 18cd6cb177ed3b06a9d62bb53a0f66e8 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953865 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([57] The parameter is incorrect. )

    +++++ PhysicalDrive1: KINGSTON SNV425S264GB ATA Device +++++
    --- User ---
    [MBR] a6011350ffb27be49e4c621f5843f559
    [BSP] 975d220807a2920fdefb3583f66b88d1 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 60951 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    ***********
    ***********

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/13/2016
    Scan Time: 7:02 PM
    Logfile: mbam6-3.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.06.13.05
    Rootkit Database: v2016.05.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Brett

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 496701
    Time Elapsed: 17 min, 13 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    ***********
    ***********

    # AdwCleaner v5.119 - Logfile created 13/06/2016 at 19:28:08
    # Updated 30/05/2016 by Xplode
    # Database : 2016-06-13.1 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (X64)
    # Username : Brett - BRETT-PC
    # Running from : C:\Users\Brett\Desktop\adwcleaner_5.119.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****

    [#] File Deleted : C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
    [-] File Deleted : C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pinhfkamckbogjgmbmdkdebbbpnmlaef_0.localstorage

    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}
    [-] Key Deleted : HKCU\Software\Rtp
    [-] Key Deleted : HKLM\SOFTWARE\Xtp
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Xtp

    ***** [ Web browsers ] *****

    [-] [C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [6591 bytes] - [08/06/2016 11:51:32]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1555 bytes] - [13/06/2016 19:28:08]
    C:\AdwCleaner\AdwCleaner[S1].txt - [6630 bytes] - [08/06/2016 11:47:41]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1724 bytes] - [13/06/2016 19:26:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1774 bytes] ##########


    ************
    ************


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 7 Ultimate x64
    Ran by Brett (Administrator) on Mon 06/13/2016 at 19:33:50.30
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 223

    Successfully deleted: C:\ProgramData\mntemp (File)
    Successfully deleted: C:\Users\Brett\AppData\Local\{001EF8DF-479A-4A88-B4C3-AE6CCA029CB1} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{01C01F94-7499-46DF-9060-7A5492BEFCDA} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{01C3F53E-29EA-4EAC-82CF-2331F019879C} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{0383CFC3-A7A8-40C1-B046-CD6A79FFEF2D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{03D2F16E-DC94-4484-8C60-171704D4C7DA} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{07BDCCAC-8B69-447B-8E3A-C5BA89E3E792} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{09192C67-25FC-41D9-9AF9-C1F34B3C0588} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{0994CAB2-2BAA-4AB6-BC6F-25A359961548} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{0B20EAF9-D880-4CAF-A33B-D7B05D5F7292} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{0B6253C0-C5F8-46A5-B25A-505065EEABEE} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{0DE283B7-A194-4981-A0CD-BEECF3DA57FE} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{0DE2A8FC-C67D-4BAB-95BA-F6B3839257A3} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{0F9DA91D-B2DD-4EE3-BD72-2E11C458C86D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{10C995BD-CDF9-479D-962F-EC072189583A} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{117CA792-5365-4F6D-85E8-8E3B770C0E23} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{11950BDA-896E-497D-BA99-EB5A54759578} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{13E5237C-A174-4F4F-8A9A-757370400498} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{140E70BF-2022-4F3E-A848-74AD9704C088} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{160112F0-D757-4D4D-8C99-B395C25F73A4} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{16F4A8B5-D98C-489B-8EA0-8A475D9542B8} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{18BB038A-1EE4-4769-91F6-9E33A37C9964} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{1AA68D36-C18C-48CF-9C1F-B2ADBA008486} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{1ABBEF11-C118-42A4-BD2E-F096DFAB257E} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{1CE34FB3-F403-441F-9212-E2B28C7D3101} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{1F1F1E4C-2136-40DD-B029-B289ED039444} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{1F9CBF90-4F32-4454-A1FC-6216F52CF2E1} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{1FAB1608-1A58-473F-8110-0E2946ED25C4} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{212DD4D2-710E-47A3-9399-32E3F004A9CE} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{2132FD60-3073-4A58-B8B0-37F535DCE688} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{2266B7E5-B812-4C5F-955A-7EEFD73A392B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{22C25534-EED6-466F-B9F5-6AFADEBCC89B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{2347AC0E-270A-4475-AE32-31B547B87831} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{2374E2E9-CDFC-48CF-8682-5AD08C20B830} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{254E6C72-56CD-4C71-A85F-B8AE7516F3B0} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{2C9EC125-7AAE-416B-A444-3280A10C5D4C} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{2E48245F-3B94-418A-BD5B-3980F3A10515} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{2E88C50F-C95B-408B-BDE1-2E8F0EAB6FE3} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{2FB9918F-C0DF-45B7-98BF-D5B097B08D59} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{30B6316D-223F-4C48-A683-EC085A22BF83} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{31252C33-DC59-461C-97DA-DB2B6287D448} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{32963EB7-FA83-43AE-9F05-6E921BA1F618} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{347C4660-6A77-404F-A0FE-5BEBF459465A} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{35520D58-2665-4418-8BEC-E7B2F3D71503} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{359C1FB1-1991-4248-8131-4B5FB114F314} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{36953DDA-6971-458F-84A8-80923A46707D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{38E65767-BE84-4470-896C-B10C66E21FBB} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{3949AA2B-727A-4E07-9CC2-954EA2736008} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{3A3E0BDB-B3A5-4CA3-A653-CD1EB1674F29} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{3A757FDC-B7C2-4A84-89E7-83D31A0B2009} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{3C53A406-7183-41D7-9B0F-DB3A0FFA2B18} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{3C972246-4AFA-4DF0-95CC-52C3831E7B73} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{3CD014BE-00D1-48D3-95D3-075F31B78635} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{417BE7F9-36AB-4B83-81EF-85B045B3285F} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{422217F4-DE89-400D-8028-23D08D38E42F} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{44B03F33-487C-4235-ADE6-8BCBE0BE63F0} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{4526A6AB-32E6-4AD4-B447-9C13BAA9FAE7} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{456D5CB2-1F84-4430-8495-5D278322295D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{4CB63ACF-5070-43E9-9F27-F8C7C83CA629} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{4E7E6A19-B35E-424C-B63F-E510BFE0C875} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{51F00B48-0D4B-440F-94BC-48DA6B4A9B0E} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{520F7829-014B-4E12-B8F4-73412C22EA45} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{54292CFF-0A24-41F1-92F3-05146454A851} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{546308C3-5EA0-4D5B-AC2E-B8470EC4E246} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{5732E6AC-B399-47A9-B161-B6CCD3AFFC65} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{57707C6A-2142-4A18-AD26-1A8D7FAD5F89} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{57A58D0D-9B76-4DD5-B3EB-7606D3A10EEA} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{584F07BA-AD6C-4A3A-A497-B51B454DDC18} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{58FBB399-60CC-428A-BBEA-549C14A8521C} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{5C2CC8E5-B3A0-4B1C-830C-55FCCAC1D819} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{5C6CCE6B-8934-4792-A216-4D3BD5537357} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{5E16226A-3D93-4F5E-9279-4163AA48894B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{5E4C6E0E-971A-401C-9A2C-F34A469D76A9} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{5E610730-6FD1-4474-B6B0-46C5BBC0D9D4} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{5FE118AE-FE3B-477F-A371-6D115ED137D9} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{60C7AF4B-DCD2-4209-93D3-2763F7620D82} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{60F5CB03-6E8B-460E-8285-95860A96F41B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{611A189B-05B2-4001-8242-3E436CED3DA4} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{62136512-B494-4C57-B132-710CDFB52FDE} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{62D26A3A-2E57-4388-8540-A0D2299F94BB} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{6594CFD2-930A-4345-B489-9BE8A785DF9C} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{660FCF81-58A5-4C61-B16A-CFD328BF191A} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{66DB9D10-453C-4B85-B2B7-540C0695B4BA} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{67A8FA11-C1ED-42BE-ADB6-F8E470633273} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{6834F360-89BD-44CD-AA32-E65E209F6396} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{69D17006-1CA0-43D8-BFE1-1972CE64485D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{6A477959-FE64-4754-A2C3-ECF62A692F19} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{6B46CF46-84DA-4FC6-B888-371044EF5621} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{6BADDF84-CFB6-4355-9330-322614F5A0B2} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{6CCFAD24-1DB9-461A-BD10-41DC06B427E0} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{6E0491CE-D012-454A-B89D-FCCE1322DF1A} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{6EE37749-9AB9-4D7E-BCE4-22C1211A0A07} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{7268A4AE-7535-4CFA-BAFF-E88BEF36F2D9} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{72807C39-54DA-46B1-BFA4-FBE746C3E8B8} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{7642790F-C2D3-48F8-827A-8B4FC0AD2F56} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{77CFAB8A-0EC2-40DA-B9E6-EF0DF780ADE9} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{784CF6BF-067D-42E5-8427-202F9AF4BDF7} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{791B24B8-2A1A-4658-997D-37CD6ED61FF5} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{7CFC5BB2-0111-4876-B93F-84CBEBB6F761} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{7E4EC40A-0AE6-4759-8DD0-A209724FA50D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{80D24741-54E4-4B27-9FAB-FEA2E3C6A20F} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{8163FBEF-2C1E-4CE9-9A48-7CCD584F4381} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{84A45179-7EF3-4D4C-A4D5-2793A3159603} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{850AAACF-65AC-4516-B24E-9EEF0CDF99F1} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{85D20DED-BB6A-48C1-AF6E-12053276920B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{86072B07-8A75-487A-BDF2-7596CCC06364} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{87726A85-B045-45B4-9BD6-6796AF627CAE} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{88C92A63-3791-4FCF-8DAE-1F27BD4BA96B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{8B03CAF4-2FFD-43D4-BF70-599DB58F7E20} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{8BB39E6F-F168-46B1-A137-6E6335AA71A8} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{8ED74DEC-8FE1-4415-9DA2-BFE61BF9C13A} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{927A8D6D-4EE5-4EB5-A35F-79DF7F7A0437} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{95A1672E-A9E1-4888-9A9C-F81112B0819F} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{973A0153-1BE2-44DA-9ABE-B1E73D4BEBF2} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{978537A3-192C-4168-8573-3C60A50370BD} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{99C89149-3D15-47CC-BE52-2345C67B20BC} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{99DFA4BF-0695-472C-B0C8-C57B513D0749} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{9C0B5449-C319-4424-8761-75AD0E5C205B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{9E709767-D92C-411A-BED3-E179671FF068} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{9F3C7085-7645-4EF8-825B-89227AFD4890} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{9F573776-738C-49B1-9D6E-7F96CAB586AC} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{A223CC0D-ABE3-45E8-9496-DB999521E43A} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{A26BC194-6B0A-4DDE-AB09-6B5B82C7F0FF} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{A3A86847-FC98-42E6-A9F5-ADF6993C8065} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{A4C8A9F3-D7C8-47A7-920C-D49D7E238B7B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{A4CFACC4-EFF5-47AD-802F-8BAD733CD7E8} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{A4E674FB-3BDE-4EA9-A63A-3113F3BEF85D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{A7560B39-A66C-4800-A8E2-9A08A628B87C} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{A7611C49-D501-4351-92C2-FB4459ED3802} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{ADFF33E5-3041-42A0-829F-C3190FF01835} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{B0904D55-96F7-4A28-9158-B8FD8FD15B71} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{B123A02F-15E5-4344-A589-1308DF5AD54B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{B3844F71-8EA8-4F88-BE69-DFEC34D8CCB3} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{B3EBA673-157C-4E29-9DA7-3DBB58B870E5} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{B43F3F16-4695-40C7-8864-3A100F201330} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{B509E073-0674-4AC3-87C7-F418238D68DD} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{B6E7F049-EDAB-43CA-9379-99D74C1598E9} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{B97FA302-E322-41B8-BAC4-E13DD6ADADC1} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{B9A150AB-CEDC-40B9-87EF-8CA7E2A0F86B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{BA1E0ABE-99BB-40B1-88A7-28E2199194BA} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{BB6F0B80-3F43-4EA1-ACE4-8046A440392D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{BC248E4F-A0B2-4038-A325-9E8AAE7422C0} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{BCA62F92-EC61-4F2C-A75F-5152FF2660F9} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{BD5A94F1-8430-4609-8D0D-09058789B110} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{BD7668A5-380E-43C2-8B5D-614C2BEC73BF} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{BDC5DE00-A11B-4533-B80A-E4A5A9E0BE08} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{BE04D8CF-ABBD-4F54-916A-25B594E42DD5} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{BEA41C54-9303-47C0-9BBD-434D4ECB8C1D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C07047CE-13A0-48D9-9408-487A34FCE12F} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C22ACB71-D4CF-4E75-A837-EAC0E6CB32D6} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C24E5A13-493C-41BC-8B36-508CA4BA4E2D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C2C46A71-5736-4330-ADB3-D40C1C24AA0A} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C39BCFE1-6D0A-426D-9102-84406A96F04C} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C4F8111B-1638-4CB0-AA8B-667CFD4AEF05} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C51D4266-F4F6-4127-9A32-B3466A4D860E} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C5442235-5169-485C-9E0F-78154F755C7A} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C673179A-CFB9-4FFC-82C3-3172B0D988AD} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C67E6B18-EE69-4BD3-B6F6-BB3F4D786646} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C6C1ADBF-2407-4281-830A-6210FF6E2D0B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C7B64E81-2482-486F-ADF3-766E19F04C4D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{C8EFBC36-5396-422E-84FF-46E6CFA1AF0C} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{CB19AD11-F2CE-43EA-85C7-E99A7B0CE390} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{CD6008B2-3FB5-487C-BAFB-26C65EFFBA36} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{D2593EAD-68A6-4069-A3D9-09CB4A17799D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{D3430AC7-F375-4360-ADAB-88F5D99E08C3} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{D375C054-301E-47EC-96A8-8790D9A0B698} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{D5542BC2-AFAD-4C77-88AD-8F5030A25FD7} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{D67FB6AB-783D-452B-B474-0F7AB9D7A95C} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{DA0B0A2F-00A7-4BE7-B748-531EF07AF067} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{DD31AA11-E442-473B-ABFB-8CF19DFF8054} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{DD423AA6-F5CE-4499-A0C1-8BF0F4D81E43} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{DD64F800-F6EC-4F89-900B-53C7DE074301} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{DDACFAA3-AD23-4242-B002-9F00222997A2} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{DECE0FD8-E663-4AFF-AF7C-8712E2D20C96} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{DF4F0E4A-8C67-4710-9473-ACE7F6BF9D65} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{E23D2301-269D-42E6-A5A7-D58988DC9FFD} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{E2CCD830-022A-454D-8DCA-6FEA45F1780F} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{E4B7BC44-68DB-437E-A198-2AD2932A4D31} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{E6352443-6AF4-4889-BC11-7747BD4A0459} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{E87F2440-3048-461B-9C33-D6512FBDFE3B} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{EC6AC951-0D86-4EEB-AC00-F0F0F9BDE7F8} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{EE9C2F7A-AEEE-4F9B-8D61-50A954D4DE1D} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{F109962A-3369-4659-AF12-0B27D2ABBBE4} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{F18304FD-1085-48CB-864E-6A2815FA2DEB} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{F35452D7-E16E-40FF-BC40-85A02541C9DD} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{F391A69D-88EB-43B1-9DDF-6DCBA6C06644} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{F48AAF3F-C901-4AD4-AB7E-8DD2F48FE178} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{F754283B-09DF-4341-9565-121228701B81} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{FA620383-525A-4414-8C69-CFB738B9691C} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{FC3D03C1-4808-4458-881B-16F18C07FEB3} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{FD015E92-4B0A-4C0B-9868-970D7F3E0E95} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{FD2D8766-11B6-47E3-8F36-8517BB266D75} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{FE194C6A-BCED-45A2-B4F4-0546BD8CB0CE} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\{FF3A616F-7B95-46B2-B4A7-279847DB4070} (Empty Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\crashrpt (Folder)
    Successfully deleted: C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\0wgtzfrl.default-1396450258671\user.js (File)
    Successfully deleted: C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\extensions\foxmarks@kei.com\chrome\content\newuser.js (File)
    Successfully deleted: C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\user.js (File)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62JQTLVE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9QL7ZB5Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A165UJV4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3XGQ8WI (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNEKP3FN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OYUN5AEB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PSNEC4RB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQZT46YM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3MSUX5W (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIHAYZCV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0EVNXS9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Brett\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDUZJGID (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62JQTLVE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9QL7ZB5Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A165UJV4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3XGQ8WI (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LNEKP3FN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OYUN5AEB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PSNEC4RB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQZT46YM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S3MSUX5W (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIHAYZCV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X0EVNXS9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YDUZJGID (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\SysWOW64\RENE6E6.tmp (File)



    Registry: 1

    Successfully deleted: HKLM\Software\MozillaPlugins\@qq.com/npqscall (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 06/13/2016 at 19:37:47.68
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Combofix scan completed. Here's the log...

    ComboFix 16-06-01.01 - Brett 06/14/2016 8:21.2.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16382.13348 [GMT -7:00]
    Running from: c:\users\Brett\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\INS_39a7f4c4.TMP
    C:\INS_4af23314.TMP
    C:\INS_74cc21ce.TMP
    C:\INS_8f70d81c.TMP
    C:\INS_b9699bf1.TMP
    C:\INS_d355aa46.TMP
    C:\INS_f89ed579.TMP
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-05-14 to 2016-06-14 )))))))))))))))))))))))))))))))
    .
    .
    2016-06-14 15:54 . 2016-06-14 15:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2016-06-14 15:54 . 2016-06-14 15:54 -------- d-----w- c:\users\Public\AppData\Local\temp
    2016-06-14 15:54 . 2016-06-14 15:54 -------- d-----w- c:\users\New folder\AppData\Local\temp
    2016-06-14 15:54 . 2016-06-14 15:54 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2016-06-14 15:54 . 2016-06-14 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-06-14 15:54 . 2016-06-14 15:54 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
    2016-06-14 15:54 . 2016-06-14 15:54 -------- d-----w- c:\users\Brett\AppData\Local\temp
    2016-06-14 01:31 . 2016-06-14 01:31 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-06-14 01:30 . 2016-06-14 01:55 -------- d-----w- c:\programdata\RogueKiller
    2016-06-13 21:55 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2899A714-79FD-448D-AA01-B07400D3ED82}\mpengine.dll
    2016-06-13 18:16 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2016-06-13 17:53 . 2016-06-13 17:53 -------- d-----w- C:\bf35aff91e8d303fc0788750eec351c9
    2016-06-13 14:37 . 2016-06-13 14:37 -------- d-----w- c:\program files (x86)\Brackets
    2016-06-09 00:33 . 2016-06-09 17:33 -------- d-----w- c:\programdata\Package Cache
    2016-06-09 00:25 . 2015-06-04 05:11 963232 ----a-w- c:\windows\system32\msvcr120.dll
    2016-06-09 00:18 . 2015-06-04 05:11 963232 ----a-w- c:\windows\msvcr120.dll
    2016-06-08 23:35 . 2016-06-09 17:28 -------- d-----w- c:\program files\MySQL
    2016-06-08 18:47 . 2016-06-14 02:28 -------- d-----w- C:\AdwCleaner
    2016-06-08 17:34 . 2016-06-08 17:34 -------- d-----w- c:\users\Brett\AppData\Local\RepairTasks
    2016-06-08 17:29 . 2016-06-08 17:29 -------- d-----w- c:\users\Brett\New folder
    2016-06-08 16:36 . 2016-06-14 14:40 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
    2016-06-08 16:34 . 2016-06-08 16:34 -------- d-----w- c:\windows\system32\msmq
    2016-06-08 16:19 . 2016-06-08 16:19 -------- d-----w- C:\8ec9026b670e6578bf8b61bbeb27ba
    2016-06-08 16:18 . 2016-06-08 16:18 -------- d-----w- C:\af2cd166799fcea632e5911bdf79e733
    2016-06-08 15:39 . 2016-06-08 15:39 -------- d-----w- c:\program files\HitmanPro
    2016-06-08 14:55 . 2016-06-08 16:12 -------- d-----w- c:\programdata\HitmanPro
    2016-06-07 22:02 . 2016-06-09 14:17 -------- d-----w- c:\users\Brett\AppData\Local\FSDART
    2016-06-07 22:02 . 2016-06-07 22:02 -------- d-----w- c:\users\Brett\AppData\Local\F-Secure
    2016-06-07 19:06 . 2016-06-07 19:06 -------- d-----w- c:\program files (x86)\Sophos
    2016-06-07 17:46 . 2016-06-07 17:46 -------- d-----w- C:\found.000
    2016-06-07 16:42 . 2016-06-07 21:22 -------- d-----w- c:\windows\system32\SSL
    2016-06-07 16:41 . 2016-06-07 16:41 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
    2016-06-07 16:32 . 2016-06-07 16:32 -------- d-----w- c:\users\Brett\AppData\Roaming\c
    2016-06-07 16:32 . 2016-06-08 15:23 -------- d-----w- c:\users\Brett\AppData\Roaming\Software Tool
    2016-06-07 16:30 . 2016-06-08 14:16 -------- d-----w- c:\program files\WinRAR
    2016-05-27 19:19 . 2016-05-27 19:19 225976 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2016-05-25 19:26 . 2016-02-15 06:12 110080 ----a-w- c:\windows\system32\endpoint_volume.dll
    2016-05-25 19:26 . 2016-02-02 05:08 27648 ----a-w- c:\windows\system32\BaDeskband2_64.dll
    2016-05-25 19:22 . 2016-05-25 19:23 -------- d-----w- c:\program files (x86)\Breakaway
    2016-05-25 19:12 . 2011-11-22 08:28 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
    2016-05-25 19:09 . 2005-11-14 06:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2016-05-23 14:32 . 2016-05-11 14:50 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F15B16A7-4F93-4ED5-9F39-5A48F22A7F34}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-06-14 15:07 . 2014-08-07 15:25 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-06-14 15:07 . 2011-07-28 00:15 25640 ----a-w- c:\windows\gdrv.sys
    2016-06-09 00:00 . 2011-08-17 16:21 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2016-06-01 23:11 . 2012-04-16 14:55 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2016-06-01 23:11 . 2011-08-01 22:44 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-05-13 02:23 . 2011-07-28 01:18 139319312 ----a-w- c:\windows\system32\MRT.exe
    2016-05-11 14:50 . 2011-09-08 13:20 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2016-04-28 22:05 . 2016-01-07 14:28 916520 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2016-04-28 22:05 . 2016-04-28 22:05 192352 ----a-w- c:\windows\system32\drivers\VBoxNetLwf.sys
    2016-04-28 22:05 . 2016-04-28 22:05 119712 ----a-w- c:\windows\system32\drivers\VBoxNetAdp6.sys
    2016-04-28 22:05 . 2016-01-07 14:28 143568 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2016-04-23 17:08 . 2016-05-11 05:44 394960 ----a-w- c:\windows\system32\iedkcs32.dll
    2016-04-23 05:25 . 2016-05-11 05:44 25816064 ----a-w- c:\windows\system32\mshtml.dll
    2016-04-23 05:16 . 2016-05-11 05:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2016-04-23 05:16 . 2016-05-11 05:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2016-04-23 05:01 . 2016-05-11 05:44 66560 ----a-w- c:\windows\system32\iesetup.dll
    2016-04-23 05:00 . 2016-05-11 05:44 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2016-04-23 05:00 . 2016-05-11 05:44 417792 ----a-w- c:\windows\system32\html.iec
    2016-04-23 05:00 . 2016-05-11 05:44 2893312 ----a-w- c:\windows\system32\iertutil.dll
    2016-04-23 05:00 . 2016-05-11 05:44 571904 ----a-w- c:\windows\system32\vbscript.dll
    2016-04-23 05:00 . 2016-05-11 05:44 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2016-04-23 04:52 . 2016-05-11 05:44 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2016-04-23 04:51 . 2016-05-11 05:44 34304 ----a-w- c:\windows\system32\iernonce.dll
    2016-04-23 04:48 . 2016-05-11 05:44 615936 ----a-w- c:\windows\system32\ieui.dll
    2016-04-23 04:47 . 2016-05-11 05:44 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2016-04-23 04:47 . 2016-05-11 05:44 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2016-04-23 04:47 . 2016-05-11 05:44 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2016-04-23 04:47 . 2016-05-11 05:44 817664 ----a-w- c:\windows\system32\jscript.dll
    2016-04-23 04:46 . 2016-05-11 05:44 6052352 ----a-w- c:\windows\system32\jscript9.dll
    2016-04-23 04:40 . 2016-05-11 05:44 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2016-04-23 04:36 . 2016-05-11 05:44 489984 ----a-w- c:\windows\system32\dxtmsft.dll
    2016-04-23 04:29 . 2016-05-11 05:44 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2016-04-23 04:27 . 2016-05-11 05:44 107520 ----a-w- c:\windows\system32\inseng.dll
    2016-04-23 04:25 . 2016-05-11 05:44 199680 ----a-w- c:\windows\system32\msrating.dll
    2016-04-23 04:24 . 2016-05-11 05:44 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2016-04-23 04:21 . 2016-05-11 05:44 315392 ----a-w- c:\windows\system32\dxtrans.dll
    2016-04-23 04:20 . 2016-05-11 05:44 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2016-04-23 04:20 . 2016-05-11 05:44 152064 ----a-w- c:\windows\system32\occache.dll
    2016-04-23 04:09 . 2016-05-11 05:44 262144 ----a-w- c:\windows\system32\webcheck.dll
    2016-04-23 04:08 . 2016-05-11 05:44 497152 ----a-w- c:\windows\SysWow64\vbscript.dll
    2016-04-23 04:08 . 2016-05-11 05:44 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2016-04-23 04:08 . 2016-05-11 05:44 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2016-04-23 04:07 . 2016-05-11 05:44 341504 ----a-w- c:\windows\SysWow64\html.iec
    2016-04-23 04:07 . 2016-05-11 05:44 725504 ----a-w- c:\windows\system32\ie4uinit.exe
    2016-04-23 04:07 . 2016-05-11 05:44 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2016-04-23 04:06 . 2016-05-11 05:44 806400 ----a-w- c:\windows\system32\msfeeds.dll
    2016-04-23 04:06 . 2016-05-11 05:44 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2016-04-23 04:05 . 2016-05-11 05:44 2131968 ----a-w- c:\windows\system32\inetcpl.cpl
    2016-04-23 04:00 . 2016-05-11 05:44 15415808 ----a-w- c:\windows\system32\ieframe.dll
    2016-04-23 03:58 . 2016-05-11 05:44 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2016-04-23 03:58 . 2016-05-11 05:44 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2016-04-23 03:51 . 2016-05-11 05:44 2596864 ----a-w- c:\windows\system32\wininet.dll
    2016-04-23 03:45 . 2016-05-11 05:44 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2016-04-23 03:39 . 2016-05-11 05:44 1547776 ----a-w- c:\windows\system32\urlmon.dll
    2016-04-23 03:36 . 2016-05-11 05:44 4611072 ----a-w- c:\windows\SysWow64\jscript9.dll
    2016-04-23 03:30 . 2016-05-11 05:44 2056192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2016-04-23 03:30 . 2016-05-11 05:44 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2016-04-23 03:28 . 2016-05-11 05:44 800768 ----a-w- c:\windows\system32\ieapfltr.dll
    2016-04-23 03:12 . 2016-05-11 05:44 2121216 ----a-w- c:\windows\SysWow64\wininet.dll
    2016-04-22 07:57 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
    2016-04-14 13:49 . 2016-05-11 05:44 603648 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2016-04-14 13:21 . 2016-05-11 05:44 647680 ----a-w- c:\windows\system32\d3d10level9.dll
    2016-04-13 18:17 . 2015-10-02 14:19 4806 ----a-w- c:\users\Brett\advanced_ip_scanner_MAC.bin
    2016-04-09 07:02 . 2016-05-11 05:44 631176 ----a-w- c:\windows\system32\winresume.efi
    2016-04-09 07:01 . 2016-05-11 05:44 706280 ----a-w- c:\windows\system32\winload.efi
    2016-04-09 07:01 . 2016-05-11 05:44 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2016-04-09 07:01 . 2016-05-11 05:44 986344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2016-04-09 07:01 . 2016-05-11 05:44 264936 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2016-04-09 06:59 . 2016-05-11 05:44 3998952 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2016-04-09 06:59 . 2016-05-11 05:44 3943144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2016-04-09 06:59 . 2016-05-11 05:44 1732864 ----a-w- c:\windows\system32\ntdll.dll
    2016-04-09 06:58 . 2016-05-11 05:44 362496 ----a-w- c:\windows\system32\wow64win.dll
    2016-04-09 06:58 . 2016-05-11 05:44 215552 ----a-w- c:\windows\system32\winsrv.dll
    2016-04-09 06:58 . 2016-05-11 05:44 243712 ----a-w- c:\windows\system32\wow64.dll
    2016-04-09 06:58 . 2016-05-11 05:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2016-04-09 06:58 . 2016-05-11 05:44 2048 ----a-w- c:\windows\system32\tzres.dll
    2016-04-09 06:58 . 2016-05-11 05:44 503808 ----a-w- c:\windows\system32\srcore.dll
    2016-04-09 06:58 . 2016-05-11 05:44 50176 ----a-w- c:\windows\system32\srclient.dll
    2016-04-09 06:58 . 2016-05-11 05:44 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
    2016-04-09 06:57 . 2016-05-11 05:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2016-04-09 06:57 . 2016-05-11 05:44 419840 ----a-w- c:\windows\system32\KernelBase.dll
    2016-04-09 06:57 . 2016-05-11 05:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
    2016-04-09 06:57 . 2016-05-11 05:44 405504 ----a-w- c:\windows\system32\gdi32.dll
    2016-04-09 06:57 . 2016-05-11 05:44 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2016-04-09 06:57 . 2016-05-11 05:44 144384 ----a-w- c:\windows\system32\cdd.dll
    2016-04-09 06:57 . 2016-05-11 05:44 880640 ----a-w- c:\windows\system32\advapi32.dll
    2016-04-09 06:57 . 2016-05-11 05:44 59904 ----a-w- c:\windows\system32\appidapi.dll
    2016-04-09 06:57 . 2016-05-11 05:44 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-04-09 06:57 . 2016-05-11 05:44 34816 ----a-w- c:\windows\system32\appidsvc.dll
    2016-04-09 06:57 . 2016-05-11 05:44 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 211264 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2014-02-03 60216]
    "PCShowServer"="c:\users\Brett\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe" [2013-10-02 1625440]
    "Amazon Music"="c:\users\Brett\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2015-07-21 5887808]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-05-17 23496872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-03-21 595480]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-09-24 41360]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
    R2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [x]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
    R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys;c:\windows\SYSNATIVE\DRIVERS\sscebus.sys [x]
    R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdfl.sys [x]
    R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdm.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
    R4 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
    R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
    R4 dbupdate;Dropbox Update Service (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
    R4 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
    R4 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
    R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
    R4 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
    R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
    R4 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
    S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
    S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetLwf.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
    S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
    S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
    S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [x]
    S2 NfsClnt;Client for NFS;c:\windows\system32\nfsclnt.exe;c:\windows\SYSNATIVE\nfsclnt.exe [x]
    S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
    S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 NfsRdr;Client for NFS Redirector;c:\windows\system32\drivers\nfsrdr.sys;c:\windows\SYSNATIVE\drivers\nfsrdr.sys [x]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
    S3 RpcXdr;Server for NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys;c:\windows\SYSNATIVE\drivers\rpcxdr.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 23:11]
    .
    2016-06-14 c:\windows\Tasks\EPSON WF-3620 Series Invitation {6CF4039E-DC58-4C2B-8298-29E30609319C}.job
    - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2015-01-21 08:20]
    .
    2016-06-14 c:\windows\Tasks\EPSON WF-3620 Series Update {6CF4039E-DC58-4C2B-8298-29E30609319C}.job
    - c:\windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2015-01-21 08:20]
    .
    2016-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 05:50]
    .
    2016-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 05:50]
    .
    2016-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000Core.job
    - c:\users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 00:43]
    .
    2016-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000UA.job
    - c:\users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-10 00:43]
    .
    .
     
  10. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Combofix log continued...

    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
    2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2016-05-17 20:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2016-05-17 20:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2016-05-17 20:26 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2016-05-31 18:32 255296 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 17:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-08-06 508240]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-30 1340192]
    "MsmqIntCert"="mqrt.dll" [2010-11-21 247808]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "RPMKickstart"="c:\program files\GIGABYTE\SMART6\recovery\RPMKickstart.exe" [2011-03-30 2552320]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\0wgtzfrl.default-1396450258671\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{95188727-288F-4581-A48D-EAB3BD027314}"=hex:51,66,7a,6c,4c,1d,38,12,49,84,0b,
    91,bd,66,ef,00,db,9b,a9,f3,b8,5c,37,00
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
    8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
    f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
    "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
    f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
    51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:a7,50,9f,39,95,ea,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.21"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-06-14 08:56:41
    ComboFix-quarantined-files.txt 2016-06-14 15:56
    ComboFix2.txt 2014-02-20 22:03
    .
    Pre-Run: 283,928,342,528 bytes free
    Post-Run: 283,810,979,840 bytes free
    .
    - - End Of File - - 458C1A9539AB5B36EC730D68F1265BA9
     
  11. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Do I re-enable MBAM and Microsoft Security Essentials?
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yes.

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  13. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
    Ran by Brett (administrator) on BRETT-PC (14-06-2016 18:10:13)
    Running from C:\Users\Brett\Desktop
    Loaded Profiles: Brett (Available Profiles: Brett & UpdatusUser & Classic .NET AppPool & DefaultAppPool)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTeK COMPUTER INC.) C:\Windows\System32\ATKFUSService.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Windows\SysWOW64\ASDR.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\CISVC.EXE
    (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
    (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
    (Microsoft Corporation) C:\Windows\System32\snmp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    () C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
    (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
    (brackets.io) C:\Program Files (x86)\Brackets\Brackets.exe
    (Joyent, Inc) C:\Program Files (x86)\Brackets\node.exe
    (brackets.io) C:\Program Files (x86)\Brackets\Brackets.exe
    (Oracle Corporation) C:\Program Files\MySQL\MySQL Workbench 6.3 CE\MySQLWorkbench.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
    HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
    HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
    HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Run: [Pidgin] => C:\Program Files (x86)\Pidgin\pidgin.exe [60216 2014-02-02] (The Pidgin developer community)
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Run: [PCShowServer] => C:\Users\Brett\AppData\Local\NDS\PCShow\PCShowServerPMWrapper.exe [1625440 2013-10-02] (NDS Technologies)
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Run: [Amazon Music] => C:\Users\Brett\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-20] ()
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
    GroupPolicyScripts: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{D9041368-C476-443E-9B1C-5C074D29AF40}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{EC42D335-DF89-44F2-8FD4-A31FF3AD9880}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> {D51CC3BE-0FCC-49FC-A70E-365FB5A169C1} URL = hxxp://www.hulu.com/search?query={searchTerms}&ref=os
    SearchScopes: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> {E60470ED-C21A-4B70-9B94-EFCD0E2D9AB9} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
    BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
    Toolbar: HKLM-x32 - Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files (x86)\Zend\Zend Studio - 8.0.1\toolbars\ZendIEToolbar.dll [2007-12-06] (Zend Technologies Ltd)
    Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16] (Adobe Systems Incorporated.)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
    Toolbar: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\0wgtzfrl.default-1396450258671
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Homepage: hxxps://www.google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-01] ()
    FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-01] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-02-22] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-09-12] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-09-12] (NVIDIA Corporation)
    FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Brett\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-15] (Citrix Online)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @nds.com/PlayerPlugin -> C:\Users\Brett\AppData\Local\NDS\PCShow\npPlayerPlugin.dll [2013-10-02] (COX)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Brett\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @talk.google.com/O1DPlugin -> C:\Users\Brett\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1722142055-1796014379-4179580014-1000: NDS.com/PlayerPlugin -> C:\Users\Brett\AppData\Local\NDS\PCShow\npPlayerPlugin.dll [2013-10-02] (COX)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-06-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-06-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-06-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-06-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-06-19] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Brett\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Brett\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Extension: Default Manager - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\Extensions\DefaultManager@Microsoft [2011-09-12] [not signed]
    FF Extension: Firebug - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\Extensions\firebug@software.joehewitt.com.xpi [2012-02-16] [not signed]
    FF Extension: Xmarks - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\Extensions\foxmarks@kei.com [2012-06-14] [not signed]
    FF Extension: Inline Code Finder for Firebug - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\Extensions\icffirebug@robertnyman.com.xpi [2011-09-08] [not signed]
    FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\hrq4861f.default\Extensions\LogMeInClient@logmein.com [2012-05-23] [not signed]
    FF Extension: Firebug - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\0wgtzfrl.default-1396450258671\Extensions\firebug@software.joehewitt.com.xpi [2016-06-08]
    FF Extension: SSL Version Control - C:\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\0wgtzfrl.default-1396450258671\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2015-05-27]
    FF HKLM-x32\...\Firefox\Extensions: [{3c9761ad-a43d-4447-b924-f5d83cb48063}] - C:\Program Files (x86)\Zend\Zend Studio - 8.0.1\toolbars\firefox
    FF Extension: Zend Studio Toolbar - C:\Program Files (x86)\Zend\Zend Studio - 8.0.1\toolbars\firefox [2011-07-28] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-12-07] [not signed]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com"
    CHR Profile: C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Translate) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-05-12]
    CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-05-04]
    CHR Extension: (Google Docs) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-09]
    CHR Extension: (YouTube) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
    CHR Extension: (Black Menu for Google™) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2016-06-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
    CHR Extension: (Vector Paint) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo [2013-04-11]
    CHR Extension: (Do Not Disturb!) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia [2014-12-03]
    CHR Extension: (Google Hangouts) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-06-13]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-11]
    CHR Extension: (LogMeIn) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj [2014-11-11] [UpdateUrl: hxxps://secure.logmein.com/activex/update_chrome.xml] <==== ATTENTION
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
    CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2015-02-02]
    CHR Extension: (Google Reader) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-10-11]
    CHR Extension: (Gmail) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
    CHR Extension: (ClassiChat) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppciiachhdkeifboklbflhedimblgbbn [2015-02-26]
    CHR Profile: C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15]
    CHR Extension: (Google Docs) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-15]
    CHR Extension: (Google Drive) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-02]
    CHR Extension: (YouTube) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-15]
    CHR Extension: (Google Search) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-15]
    CHR Extension: (Google Sheets) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-15]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-15]
    CHR Extension: (Google Wallet) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-15]
    CHR Extension: (Gmail) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
    CHR Profile: C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Slides) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-30]
    CHR Extension: (Google Docs) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]
    CHR Extension: (Google Drive) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
    CHR Extension: (YouTube) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-30]
    CHR Extension: (Google Search) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-30]
    CHR Extension: (Google Sheets) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-30]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-30]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-30]
    CHR Extension: (Google Wallet) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]
    CHR Extension: (Gmail) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]
    CHR HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Brett\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
    CHR HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome.PNE74PVZ62ENXSR6QAY2UZEMNI - C:\Users\Brett\AppData\Local\Google\Chrome\Application\chrome.exe
     
  14. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    R2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] () [File not signed]
    R2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [62464 2009-05-06] (ASUSTeK COMPUTER INC.) [File not signed]
    S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-28] (Dropbox, Inc.)
    S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-28] (Dropbox, Inc.)
    S4 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-07-28] (Macrovision Europe Ltd.) [File not signed]
    R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-05-31] (Microsoft Corporation)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-06-08] (SurfRight B.V.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
    S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-18] ()
    S2 Marvell RAID; C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [235560 2010-03-07] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S4 MRUWebService; C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635 2008-06-12] (Apache Software Foundation) [File not signed]
    R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220104 2012-06-12] (Microsoft Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
    R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
    R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
    R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62118344 2012-06-12] (Microsoft Corporation)
    S2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe [54791520 2011-06-17] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [65536 2010-11-20] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2180960 2011-06-17] (Microsoft Corporation)
    S4 SDLService; C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [95264 2010-03-26] ()
    R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
    R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
    R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
    S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
    S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-12] (Microsoft Corporation)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-22] ()
    R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
    R3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2011-07-27] (ASUSTeK Computer Inc.)
    S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-09-20] ()
    S4 LMIRfsClientNP; no ImagePath
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-14] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
    R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [246272 2010-11-20] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
    R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [104960 2010-11-20] (Microsoft Corporation)
    S3 rtkio; C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [17392 2010-01-20] (Windows (R) Codename Longhorn DDK provider)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-13] ()
    R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation)
    R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation)
    S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-02] (Windows (R) Codename Longhorn DDK provider)
    U3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-14 18:10 - 2016-06-14 18:10 - 00043473 _____ C:\Users\Brett\Desktop\FRST.txt
    2016-06-14 18:09 - 2016-06-14 18:09 - 00000000 ____D C:\Users\Brett\Desktop\Infection Scans
    2016-06-14 08:56 - 2016-06-14 08:56 - 00053605 _____ C:\ComboFix.txt
    2016-06-14 08:16 - 2016-06-14 08:16 - 05659224 ____R (Swearware) C:\Users\Brett\Desktop\ComboFix.exe
    2016-06-14 08:13 - 2016-06-14 08:13 - 05659224 _____ (Swearware) C:\Users\Brett\Downloads\ComboFix.exe
    2016-06-13 19:37 - 2016-06-13 19:37 - 00025622 _____ C:\Users\Brett\Desktop\JRT.txt
    2016-06-13 19:33 - 2016-06-07 18:03 - 01610816 _____ (Malwarebytes) C:\Users\Brett\Desktop\JRT.exe
    2016-06-13 19:25 - 2016-06-07 17:21 - 03677248 _____ C:\Users\Brett\Desktop\adwcleaner_5.119.exe
    2016-06-13 19:23 - 2016-06-13 19:23 - 00001052 _____ C:\Users\Brett\Desktop\mbam6-3.txt
    2016-06-13 18:31 - 2016-06-13 18:31 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-06-13 18:30 - 2016-06-13 18:55 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-06-13 18:25 - 2016-06-13 18:25 - 19936840 _____ C:\Users\Brett\Desktop\RogueKiller.exe
    2016-06-13 17:10 - 2016-06-13 17:10 - 02385920 _____ (Farbar) C:\Users\Brett\Desktop\FRST64.exe
    2016-06-13 10:53 - 2016-06-13 10:53 - 00000000 ____D C:\bf35aff91e8d303fc0788750eec351c9
    2016-06-13 08:39 - 2016-06-13 14:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-06-13 07:37 - 2016-06-13 07:37 - 00000708 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk
    2016-06-13 07:37 - 2016-06-13 07:37 - 00000000 ____D C:\Program Files (x86)\Brackets
    2016-06-13 07:35 - 2016-06-13 07:35 - 45244416 _____ C:\Users\Brett\Downloads\Brackets.Release.1.7.msi
    2016-06-09 13:57 - 2016-06-09 13:57 - 01420840 _____ (Microsoft Corporation) C:\Users\Brett\Downloads\vcredist_arm.exe
    2016-06-09 10:38 - 2016-06-06 09:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-06-09 10:38 - 2016-06-06 09:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-06-09 10:38 - 2016-06-03 06:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-06-09 10:38 - 2016-05-27 06:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-06-09 10:38 - 2016-05-27 06:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-06-09 10:38 - 2016-05-27 06:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-06-09 10:38 - 2016-05-27 06:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2016-06-09 10:38 - 2016-05-22 06:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-06-09 10:38 - 2016-04-14 09:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-06-09 10:38 - 2016-04-14 09:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-06-09 10:38 - 2016-04-14 09:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-06-09 10:38 - 2016-04-14 09:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-06-09 10:38 - 2016-04-14 09:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-06-09 10:38 - 2016-04-14 09:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2016-06-09 10:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-06-09 10:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-06-09 10:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2016-06-09 10:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2016-06-09 10:38 - 2016-04-14 08:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2016-06-09 10:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2016-06-09 10:38 - 2016-04-11 18:23 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-06-09 10:38 - 2016-04-11 18:23 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-06-09 10:38 - 2016-04-11 18:20 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-06-09 10:38 - 2016-04-11 18:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-06-09 10:38 - 2016-04-11 18:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-06-09 10:38 - 2016-04-11 18:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-06-09 10:38 - 2016-04-11 18:01 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-06-09 10:38 - 2016-04-11 18:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-06-09 10:38 - 2016-04-11 17:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-06-09 10:38 - 2016-04-11 17:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-06-09 10:38 - 2016-04-11 17:43 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-06-09 10:38 - 2016-04-11 17:43 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-06-09 10:38 - 2016-04-11 17:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-06-09 10:38 - 2016-04-11 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-06-09 10:38 - 2016-04-11 17:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-06-09 10:38 - 2016-04-08 23:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-06-09 10:38 - 2016-04-08 23:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-06-09 10:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-06-09 10:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-06-09 10:38 - 2016-04-08 22:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-06-09 10:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-06-09 10:38 - 2016-03-09 12:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2016-06-09 10:38 - 2016-03-09 12:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
    2016-06-09 10:38 - 2016-03-09 11:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2016-06-09 10:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
    2016-06-09 10:33 - 2016-06-09 10:33 - 07194312 _____ (Microsoft Corporation) C:\Users\Brett\Downloads\vcredist_x64 (1).exe
    2016-06-09 10:32 - 2016-06-09 10:32 - 00887896 _____ (Microsoft Corporation) C:\Users\Brett\Downloads\dotNetFx40_Client_setup.exe
    2016-06-09 10:28 - 2016-06-09 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
    2016-06-09 07:40 - 2016-06-09 07:40 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
    2016-06-09 07:40 - 2016-06-09 07:40 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
    2016-06-09 07:40 - 2016-06-09 07:40 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2016-06-09 07:40 - 2016-06-09 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-06-09 07:39 - 2016-06-09 07:39 - 00987728 _____ (Google Inc.) C:\Users\Brett\Downloads\googledrivesync.exe
    2016-06-08 17:33 - 2016-06-09 10:33 - 00000000 ____D C:\ProgramData\Package Cache
    2016-06-08 17:32 - 2016-06-08 17:32 - 07186992 _____ (Microsoft Corporation) C:\Users\Brett\Downloads\vcredist_x64.exe
    2016-06-08 17:25 - 2015-06-03 22:11 - 00963232 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120.dll
    2016-06-08 17:18 - 2015-06-03 22:11 - 00963232 _____ (Microsoft Corporation) C:\Windows\msvcr120.dll
    2016-06-08 16:35 - 2016-06-09 10:28 - 00000000 ____D C:\Program Files\MySQL
    2016-06-08 16:33 - 2016-06-08 16:33 - 28426240 _____ C:\Users\Brett\Downloads\mysql-workbench-community-6.3.6-winx64.msi
    2016-06-08 14:43 - 2016-06-08 14:43 - 00524248 _____ (F-Secure Corporation) C:\Users\Brett\Downloads\F-SecureOnlineScanner(1).exe
    2016-06-08 11:47 - 2016-06-13 19:28 - 00000000 ____D C:\AdwCleaner
    2016-06-08 11:34 - 2016-06-13 11:31 - 00000204 _____ C:\Windows\system32\.crusader
    2016-06-08 10:30 - 2016-06-08 10:34 - 00000000 ____D C:\Users\Brett\Documents\AAAAATASK
    2016-06-08 10:29 - 2016-06-08 10:29 - 00000000 ____D C:\Users\Brett\New folder
    2016-06-08 10:26 - 2016-06-08 10:26 - 00023508 _____ C:\Users\Brett\Downloads\RepairTasks.zip
    2016-06-08 09:44 - 2016-06-08 09:44 - 00007169 _____ C:\Users\Brett\Downloads\TaskRepair.cmd
    2016-06-08 09:34 - 2016-06-08 09:34 - 00000000 ____D C:\Windows\system32\msmq
    2016-06-08 09:19 - 2016-06-08 09:19 - 00000000 ____D C:\8ec9026b670e6578bf8b61bbeb27ba
    2016-06-08 09:18 - 2016-06-08 09:18 - 07749976 _____ (Microsoft Corporation) C:\Users\Brett\Downloads\WindowsUpdateAgent30-x64.exe
    2016-06-08 09:18 - 2016-06-08 09:18 - 00000000 ____D C:\af2cd166799fcea632e5911bdf79e733
    2016-06-08 08:39 - 2016-06-13 08:33 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
    2016-06-08 08:39 - 2016-06-08 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2016-06-08 08:39 - 2016-06-08 08:39 - 00000000 ____D C:\Program Files\HitmanPro
    2016-06-08 07:55 - 2016-06-08 09:12 - 00000000 ____D C:\ProgramData\HitmanPro
    2016-06-07 17:28 - 2016-06-07 17:27 - 00002626 _____ C:\mBytes removal june7-16.xml
    2016-06-07 16:20 - 2016-06-07 16:20 - 00524248 _____ (F-Secure Corporation) C:\Users\Brett\Downloads\F-SecureOnlineScanner (1).exe
    2016-06-07 15:02 - 2016-06-07 15:02 - 00524248 _____ (F-Secure Corporation) C:\Users\Brett\Downloads\F-SecureOnlineScanner.exe
    2016-06-07 12:06 - 2016-06-07 17:38 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
    2016-06-07 12:06 - 2016-06-07 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2016-06-07 12:06 - 2016-06-07 12:06 - 00000000 ____D C:\Program Files (x86)\Sophos
    2016-06-07 12:00 - 2016-06-07 12:00 - 151873432 _____ (Sophos Limited) C:\Users\Brett\Downloads\Sophos Virus Removal Tool.exe
    2016-06-07 10:46 - 2016-06-07 10:46 - 00000000 ____D C:\found.000
    2016-06-07 09:48 - 2016-06-07 09:48 - 00262144 _____ C:\Windows\Minidump\060716-177685-01.dmp
    2016-06-07 09:47 - 2016-06-07 09:47 - 2200523019 _____ C:\Windows\MEMORY.DMP
    2016-06-07 09:42 - 2016-06-07 14:22 - 00000000 ____D C:\Windows\system32\SSL
    2016-06-07 09:41 - 2016-06-07 09:41 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
    2016-06-07 09:40 - 2016-06-07 09:40 - 06867968 _____ C:\Users\Brett\AppData\Roaming\agent.dat
    2016-06-07 09:40 - 2016-06-07 09:40 - 00018432 _____ C:\Users\Brett\AppData\Roaming\Main.dat
    2016-06-07 09:39 - 2016-06-07 09:39 - 00128512 _____ C:\Users\Brett\AppData\Roaming\Installer.dat
    2016-06-07 09:33 - 2016-06-07 17:37 - 00001212 _____ C:\Users\Brett\Desktop\Google Chrome.lnk
    2016-06-07 09:32 - 2016-06-08 08:23 - 00000000 ____D C:\Users\Brett\AppData\Roaming\Software Tool
    2016-06-07 09:32 - 2016-06-07 09:32 - 00000000 ____D C:\Users\Brett\AppData\Roaming\c
    2016-06-07 09:31 - 2016-06-07 09:31 - 00000000 ____D C:\Users\Brett\AppData\Roaming\WinRAR
    2016-06-07 09:30 - 2016-06-08 07:16 - 00000000 ____D C:\Program Files\WinRAR
    2016-06-07 09:29 - 2016-06-07 09:29 - 02181272 _____ C:\Users\Brett\Downloads\winrar-x64-54b2.exe
    2016-06-07 09:26 - 2016-06-07 09:26 - 00717130 _____ C:\Users\Brett\Downloads\Keygen Tool v15.33 - Razor-1911.zip
    2016-06-07 09:26 - 2016-06-07 09:26 - 00717130 _____ C:\Users\Brett\Downloads\Keygen Tool v15.33 - Razor-1911 (1).zip
    2016-06-07 09:21 - 2016-06-07 17:38 - 00001167 _____ C:\Users\Public\Desktop\SQL Manager for MySQL.lnk
    2016-06-07 09:17 - 2016-06-07 09:18 - 84759200 _____ C:\Users\Brett\Downloads\mymanager.zip
    2016-06-06 13:00 - 2016-06-06 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-05-25 12:26 - 2016-02-14 23:12 - 00110080 _____ C:\Windows\system32\endpoint_volume.dll
    2016-05-25 12:26 - 2016-02-01 22:08 - 00027648 _____ C:\Windows\system32\BaDeskband2_64.dll
    2016-05-25 12:22 - 2016-05-25 12:23 - 00000000 ____D C:\Program Files (x86)\Breakaway
    2016-05-25 12:13 - 2016-05-25 12:13 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
    2016-05-25 12:13 - 2012-06-19 01:54 - 04065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2016-05-25 12:13 - 2012-06-04 22:45 - 00237968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtHDMIVX.sys
    2016-05-25 12:13 - 2012-05-31 18:37 - 02674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2016-05-25 12:13 - 2012-05-16 20:29 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64H.dll
    2016-05-25 12:13 - 2012-05-16 20:29 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64H.dll
    2016-05-25 12:13 - 2012-05-16 20:29 - 00141152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64H.dll
    2016-05-25 12:13 - 2012-05-16 20:29 - 00123744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64H.dll
    2016-05-25 12:13 - 2012-05-16 20:29 - 00074592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64H.dll
    2016-05-25 12:13 - 2012-02-21 04:45 - 02605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
    2016-05-25 12:13 - 2012-01-29 20:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
    2016-05-25 12:13 - 2012-01-09 19:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
    2016-05-25 12:13 - 2011-12-20 00:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2016-05-25 12:13 - 2011-12-19 14:43 - 00220776 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
    2016-05-25 12:13 - 2011-12-13 01:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2016-05-25 12:13 - 2011-12-01 23:20 - 03746408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkHDM64.dll
    2016-05-25 12:13 - 2011-09-26 23:04 - 02526824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RHDMEx64.dll
    2016-05-25 12:13 - 2011-09-01 23:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
    2016-05-25 12:13 - 2011-09-01 23:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2016-05-25 12:13 - 2011-09-01 23:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
    2016-05-25 12:13 - 2011-07-05 22:27 - 00092264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RHCoInst64.dll
    2016-05-25 12:13 - 2011-03-16 21:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
    2016-05-25 12:13 - 2011-03-07 02:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00372056 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64H.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RH3DHT64.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RH3DAA64.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64H.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00097624 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64H.dll
    2016-05-25 12:13 - 2010-11-07 16:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64H.dll
    2016-05-25 12:13 - 2010-07-22 01:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
    2016-05-25 12:13 - 2009-11-23 18:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
    2016-05-25 12:13 - 2009-11-23 18:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
    2016-05-25 12:13 - 2009-11-23 18:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
    2016-05-25 12:13 - 2009-11-23 18:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
    2016-05-25 12:12 - 2012-06-18 22:31 - 00293889 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
    2016-05-25 12:12 - 2012-06-13 22:43 - 05096448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2016-05-25 12:12 - 2012-06-08 01:18 - 03615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
    2016-05-25 12:12 - 2012-06-05 19:44 - 00869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2016-05-25 12:12 - 2012-05-31 03:08 - 00105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2016-05-25 12:12 - 2012-05-16 20:29 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2016-05-25 12:12 - 2012-05-16 20:29 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2016-05-25 12:12 - 2012-05-16 20:29 - 00141152 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2016-05-25 12:12 - 2012-05-16 20:29 - 00123744 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2016-05-25 12:12 - 2012-05-16 20:29 - 00074592 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2016-05-25 12:12 - 2012-05-10 00:22 - 01262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2016-05-25 12:12 - 2012-04-09 23:40 - 02533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2016-05-25 12:12 - 2012-04-03 03:42 - 01345368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
    2016-05-25 12:12 - 2012-04-03 03:42 - 01015640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2016-05-25 12:12 - 2012-03-07 20:47 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2016-05-25 12:12 - 2012-03-07 20:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2016-05-25 12:12 - 2012-02-17 00:54 - 00396632 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2016-05-25 12:12 - 2012-02-13 09:05 - 08363864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
    2016-05-25 12:12 - 2012-01-23 07:30 - 00537456 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
    2016-05-25 12:12 - 2012-01-23 07:30 - 00524656 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
    2016-05-25 12:12 - 2012-01-23 07:30 - 00449392 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
    2016-05-25 12:12 - 2011-12-18 02:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
    2016-05-25 12:12 - 2011-11-22 01:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2016-05-25 12:12 - 2011-08-23 02:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2016-05-25 12:12 - 2011-05-30 18:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
    2016-05-25 12:12 - 2010-11-07 16:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
    2016-05-25 12:12 - 2010-11-03 03:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
    2016-05-25 12:12 - 2010-10-02 22:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2016-05-25 12:12 - 2010-09-26 18:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2016-05-25 12:04 - 2016-05-25 12:04 - 00000000 ____D C:\Users\Brett\Downloads\HD_Audio
    2016-05-25 12:03 - 2016-05-25 12:04 - 124038686 _____ C:\Users\Brett\Downloads\mb_driver_audio_realtek_azalia.exe
    2016-05-25 10:14 - 2016-05-25 10:15 - 04276266 _____ (DriverIdentifier ) C:\Users\Brett\Downloads\yourpcdrivers_setup.exe
    2016-05-25 09:53 - 2016-05-25 09:53 - 00000000 ____D C:\Users\Brett\Desktop\Breakaway
    2016-05-17 15:54 - 2016-05-17 15:54 - 01617886 _____ C:\Users\Brett\Downloads\A1z-thccqeS.pdf
     
  15. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-14 18:10 - 2016-01-07 07:57 - 00000000 ____D C:\FRST
    2016-06-14 17:59 - 2012-10-03 17:00 - 00000000 ____D C:\Users\Brett\AppData\Roaming\.purple
    2016-06-14 17:55 - 2011-11-03 10:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-14 17:54 - 2011-11-03 10:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-14 17:45 - 2014-08-07 08:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-06-14 17:44 - 2012-08-08 07:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-06-14 17:28 - 2011-08-10 11:36 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000UA.job
    2016-06-14 17:18 - 2015-01-21 16:18 - 00000911 _____ C:\Windows\Tasks\EPSON WF-3620 Series Update {6CF4039E-DC58-4C2B-8298-29E30609319C}.job
    2016-06-14 17:18 - 2015-01-21 16:18 - 00000725 _____ C:\Windows\Tasks\EPSON WF-3620 Series Invitation {6CF4039E-DC58-4C2B-8298-29E30609319C}.job
    2016-06-14 12:33 - 2009-07-13 21:45 - 00027360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-06-14 12:33 - 2009-07-13 21:45 - 00027360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-06-14 08:56 - 2014-02-20 14:54 - 00000000 ____D C:\Qoobox
    2016-06-14 08:56 - 2011-08-10 11:36 - 00000000 ____D C:\Users\Brett\AppData\Local\Apps\2.0
    2016-06-14 08:54 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
    2016-06-14 08:07 - 2011-07-27 17:15 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2016-06-14 07:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\inetsrv
    2016-06-14 07:39 - 2011-07-27 17:29 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-06-14 07:39 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-13 18:28 - 2014-08-28 16:09 - 00000000 ____D C:\Users\Brett\Desktop\QE Prod
    2016-06-13 14:29 - 2012-05-03 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-06-13 11:00 - 2016-03-16 08:20 - 00000000 ____D C:\Users\Brett\SecurityScans
    2016-06-09 10:52 - 2014-12-10 03:25 - 00000000 ____D C:\Windows\system32\appraiser
    2016-06-09 07:40 - 2011-08-01 16:10 - 00000000 ____D C:\Program Files (x86)\Google
    2016-06-09 07:18 - 2009-07-13 21:45 - 06003016 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-06-08 16:58 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\MSBuild
    2016-06-08 16:54 - 2011-08-17 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
    2016-06-08 16:49 - 2011-11-28 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
    2016-06-08 16:49 - 2011-11-28 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
    2016-06-08 16:46 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
    2016-06-08 16:45 - 2011-07-28 14:42 - 00000000 ____D C:\inetpub
    2016-06-08 16:45 - 2011-04-12 01:17 - 00000000 ____D C:\Windows\system32\0409
    2016-06-08 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
    2016-06-08 16:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2016-06-08 13:49 - 2015-01-29 07:15 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422540934
    2016-06-08 13:49 - 2013-03-05 09:23 - 00000000 ____D C:\Program Files (x86)\Opera
    2016-06-08 11:41 - 2011-08-10 11:36 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000Core.job
    2016-06-08 11:22 - 2011-04-12 01:28 - 00000000 ___RD C:\Users\Public\Recorded TV
    2016-06-08 10:36 - 2011-08-02 10:32 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2016-06-08 10:33 - 2015-01-21 16:18 - 00003978 _____ C:\Windows\System32\Tasks\EPSON WF-3620 Series Update {6CF4039E-DC58-4C2B-8298-29E30609319C}
    2016-06-08 10:33 - 2015-01-21 16:18 - 00003792 _____ C:\Windows\System32\Tasks\EPSON WF-3620 Series Invitation {6CF4039E-DC58-4C2B-8298-29E30609319C}
    2016-06-08 10:33 - 2015-01-21 11:17 - 00003308 _____ C:\Windows\System32\Tasks\{312A3800-E54D-4A99-8862-D52255DA01DE}
    2016-06-08 10:33 - 2012-08-08 07:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-06-08 10:33 - 2012-06-13 09:19 - 00003300 _____ C:\Windows\System32\Tasks\SidebarExecute
    2016-06-08 10:33 - 2012-04-23 16:17 - 00003314 _____ C:\Windows\System32\Tasks\{0D8B5A9C-86CB-4FAA-BCFB-F4D0D3B90AC0}
    2016-06-08 10:33 - 2011-12-08 14:24 - 00003338 _____ C:\Windows\System32\Tasks\{652E52A9-B828-4BD9-B6A7-D7F30BC4FD3A}
    2016-06-08 10:33 - 2011-11-03 10:07 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-06-08 10:33 - 2011-11-03 10:07 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-06-08 10:33 - 2011-09-09 09:52 - 00003612 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Brett-PC-Brett
    2016-06-08 10:33 - 2011-08-10 11:36 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000UA
    2016-06-08 10:33 - 2011-08-10 11:36 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000Core
    2016-06-08 10:33 - 2011-08-03 13:57 - 00004036 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{72DBEDBF-3E39-44AD-A33D-94B8794610F2}
    2016-06-08 10:33 - 2011-08-01 17:17 - 00003302 _____ C:\Windows\System32\Tasks\{394F9D8C-063A-4DBF-B6BC-D724F85595D4}
    2016-06-08 10:33 - 2011-07-28 06:50 - 00003192 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe
    2016-06-08 10:29 - 2011-07-27 15:37 - 00000000 ____D C:\Users\Brett
    2016-06-08 08:53 - 2016-03-16 10:40 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-08 08:53 - 2016-03-16 10:40 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-06-08 07:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Branding
    2016-06-07 18:17 - 2015-04-01 07:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMS
    2016-06-07 18:17 - 2011-08-15 15:56 - 00000000 ____D C:\Program Files (x86)\EMS
    2016-06-07 17:38 - 2016-03-16 08:19 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
    2016-06-07 17:38 - 2016-03-16 08:19 - 00001081 _____ C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.3.lnk
    2016-06-07 17:38 - 2016-01-07 07:28 - 00001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
    2016-06-07 17:38 - 2015-10-27 10:31 - 00001112 _____ C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
    2016-06-07 17:38 - 2015-10-01 07:54 - 00000981 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
    2016-06-07 17:38 - 2015-09-28 12:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-06-07 17:38 - 2015-09-28 12:38 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2016-06-07 17:38 - 2015-04-17 18:07 - 00000976 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
    2016-06-07 17:38 - 2015-04-01 07:33 - 00001212 _____ C:\Users\Public\Desktop\SQL Manager Lite for MySQL.lnk
    2016-06-07 17:38 - 2015-04-01 07:31 - 00001257 _____ C:\Users\Public\Desktop\SQL Manager Lite for SQL Server.lnk
    2016-06-07 17:38 - 2015-02-05 06:23 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 38.lnk
    2016-06-07 17:38 - 2015-01-29 07:15 - 00001115 _____ C:\Users\Public\Desktop\Opera 38.lnk
    2016-06-07 17:38 - 2015-01-21 16:19 - 00000934 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
    2016-06-07 17:38 - 2015-01-14 06:39 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2016-06-07 17:38 - 2014-07-24 13:37 - 00002651 _____ C:\Users\Public\Desktop\OneClickdigital Media Manager.lnk
    2016-06-07 17:38 - 2014-07-23 14:47 - 00002199 _____ C:\Users\Public\Desktop\Blio eBooks.lnk
    2016-06-07 17:38 - 2014-07-23 14:47 - 00002089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Blio eBooks.lnk
    2016-06-07 17:38 - 2014-07-23 06:41 - 00001622 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
    2016-06-07 17:38 - 2014-07-23 06:26 - 00000995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
    2016-06-07 17:38 - 2014-07-23 06:26 - 00000983 _____ C:\Users\Public\Desktop\Pidgin.lnk
    2016-06-07 17:38 - 2014-01-28 10:19 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2016-06-07 17:38 - 2014-01-28 10:19 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2016-06-07 17:38 - 2013-11-18 08:19 - 00000885 _____ C:\Users\Public\Desktop\HxD.lnk
    2016-06-07 17:38 - 2013-08-20 17:14 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-06-07 17:38 - 2013-04-15 14:30 - 00002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5 Beta 64-bit.lnk
    2016-06-07 17:38 - 2013-04-15 14:30 - 00002068 _____ C:\Users\Public\Desktop\Lightroom 5 Beta 64-bit.lnk
    2016-06-07 17:38 - 2013-01-15 07:29 - 00001043 _____ C:\Users\Public\Desktop\FontForge.lnk
    2016-06-07 17:38 - 2013-01-10 14:55 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
    2016-06-07 17:38 - 2013-01-10 14:55 - 00001011 _____ C:\Users\Public\Desktop\Inkscape.lnk
    2016-06-07 17:38 - 2012-09-28 10:20 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
    2016-06-07 17:38 - 2012-09-28 10:20 - 00001031 _____ C:\Users\Public\Desktop\Adobe Download Assistant.lnk
    2016-06-07 17:38 - 2012-09-24 07:39 - 00001396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
    2016-06-07 17:38 - 2012-09-24 07:39 - 00001384 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
    2016-06-07 17:38 - 2012-07-11 14:49 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
    2016-06-07 17:38 - 2012-04-16 07:55 - 00001141 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    2016-06-07 17:38 - 2012-01-31 10:53 - 00002525 _____ C:\Users\Public\Desktop\OverDrive Media Console.lnk
    2016-06-07 17:38 - 2011-12-01 08:36 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Rhapsody.lnk
    2016-06-07 17:38 - 2011-12-01 08:36 - 00000947 _____ C:\Users\Public\Desktop\Rhapsody.lnk
    2016-06-07 17:38 - 2011-11-08 07:43 - 00002903 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tomboy Notes.lnk
    2016-06-07 17:38 - 2011-11-02 13:22 - 00001857 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Bat!.LNK
    2016-06-07 17:38 - 2011-10-24 08:41 - 00001120 _____ C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
    2016-06-07 17:38 - 2011-09-21 10:51 - 00000869 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora.lnk
    2016-06-07 17:38 - 2011-09-21 10:51 - 00000857 _____ C:\Users\Public\Desktop\Pandora.lnk
    2016-06-07 17:38 - 2011-09-19 11:57 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
    2016-06-07 17:38 - 2011-09-09 08:55 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    2016-06-07 17:38 - 2011-09-09 08:55 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    2016-06-07 17:38 - 2011-09-09 08:55 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2016-06-07 17:38 - 2011-09-09 08:54 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
    2016-06-07 17:38 - 2011-09-09 08:53 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
    2016-06-07 17:38 - 2011-09-09 08:53 - 00001085 _____ C:\Users\Public\Desktop\Adobe Content Viewer.lnk
    2016-06-07 17:38 - 2011-09-09 08:50 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    2016-06-07 17:38 - 2011-09-07 06:22 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    2016-06-07 17:38 - 2011-09-07 06:22 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    2016-06-07 17:38 - 2011-09-07 06:21 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2016-06-07 17:38 - 2011-08-24 13:34 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
    2016-06-07 17:38 - 2011-08-24 13:34 - 00002491 _____ C:\Users\Public\Desktop\Safari.lnk
    2016-06-07 17:38 - 2011-08-24 13:34 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-06-07 17:38 - 2011-08-17 09:33 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2016-06-07 17:38 - 2011-08-01 16:56 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2016-06-07 17:38 - 2011-08-01 16:11 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
    2016-06-07 17:38 - 2011-08-01 14:58 - 00000952 _____ C:\Users\Public\Desktop\WinMerge.lnk
    2016-06-07 17:38 - 2011-08-01 08:32 - 00001126 _____ C:\Users\Public\Desktop\Zend Server Community Edition 5.1.0.lnk
    2016-06-07 17:38 - 2011-07-28 11:36 - 00001965 _____ C:\Users\Public\Desktop\Zend Studio - 8.0.1.lnk
    2016-06-07 17:38 - 2011-07-28 10:36 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-06-07 17:38 - 2011-07-28 10:36 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-06-07 17:38 - 2011-07-28 07:54 - 00002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MarvellTray.lnk
    2016-06-07 17:38 - 2011-07-28 07:54 - 00002065 _____ C:\Users\Public\Desktop\MarvellTray.lnk
    2016-06-07 17:38 - 2011-07-27 17:08 - 00001036 _____ C:\Users\Public\Desktop\smart6.lnk
    2016-06-07 17:38 - 2011-07-27 15:42 - 00002989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Program Updates.lnk
    2016-06-07 17:38 - 2011-07-27 15:37 - 00001417 _____ C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-06-07 17:38 - 2011-07-27 15:33 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    2016-06-07 17:38 - 2011-07-27 15:33 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2016-06-07 17:38 - 2009-07-13 22:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2016-06-07 17:38 - 2009-07-13 21:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-06-07 17:38 - 2009-07-13 21:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2016-06-07 17:38 - 2009-07-13 21:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2016-06-07 17:38 - 2009-07-13 21:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2016-06-07 17:38 - 2009-07-13 21:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2016-06-07 17:37 - 2016-04-12 06:54 - 00002043 _____ C:\Users\Brett\Desktop\Top Overlooked Security Threats To Node_js Web Applications Presentation 1.pdf - Shortcut.lnk
    2016-06-07 17:37 - 2016-03-15 16:42 - 00001228 _____ C:\Users\Brett\Desktop\Error Log.lnk
    2016-06-07 17:37 - 2016-01-11 12:02 - 00000968 _____ C:\Users\Brett\Desktop\join.me.lnk
    2016-06-07 17:37 - 2015-09-24 12:29 - 00000947 _____ C:\Users\Brett\Desktop\phpDev - Shortcut.lnk
    2016-06-07 17:37 - 2015-07-30 10:26 - 00001066 _____ C:\Users\Brett\Desktop\Amazon Music.lnk
    2016-06-07 17:37 - 2015-06-10 06:53 - 00000876 _____ C:\Users\Brett\Desktop\RPOWERPOS.lnk
    2016-06-07 17:37 - 2015-06-10 06:53 - 00000876 _____ C:\Users\Brett\Desktop\K3server8.lnk
    2016-06-07 17:37 - 2015-05-26 13:48 - 00000876 _____ C:\Users\Brett\Desktop\vncview k3server6.lnk
    2016-06-07 17:37 - 2015-02-26 08:21 - 00002356 _____ C:\Users\Brett\Desktop\Chrome App Launcher.lnk
    2016-06-07 17:37 - 2014-07-23 06:41 - 00001764 _____ C:\Users\Brett\Desktop\ICQ.lnk
    2016-06-07 17:37 - 2013-04-25 06:39 - 00000905 _____ C:\Users\Brett\Desktop\Windows Update Troubleshooting Info.lnk
    2016-06-07 17:37 - 2013-04-08 17:59 - 00001796 _____ C:\Users\Brett\Desktop\Google Drive.lnk
    2016-06-07 17:37 - 2012-11-26 10:47 - 00001218 _____ C:\Users\Brett\Desktop\Dropbox.lnk
    2016-06-07 17:37 - 2012-04-04 16:48 - 00001758 _____ C:\Users\Brett\Desktop\crocs esc't.txt.lnk
    2016-06-07 17:37 - 2011-12-20 08:53 - 00000729 _____ C:\Users\Brett\Desktop\Google Talk Received Files.lnk
    2016-06-07 17:37 - 2011-11-08 07:43 - 00002943 _____ C:\Users\Brett\Desktop\Tomboy Notes.lnk
    2016-06-07 17:37 - 2011-11-02 13:22 - 00001827 _____ C:\Users\Brett\Desktop\The Bat!.LNK
    2016-06-07 17:37 - 2011-09-20 07:45 - 00001230 _____ C:\Users\Brett\Desktop\I.R.I.S. Resource Center.lnk
    2016-06-07 17:37 - 2011-09-12 09:12 - 00001853 _____ C:\Users\Brett\Desktop\WinSCP.lnk
    2016-06-07 17:37 - 2011-08-15 15:56 - 00001269 _____ C:\Users\Brett\Desktop\SQL Manager Lite for SQL Server.lnk
    2016-06-07 17:37 - 2011-08-01 17:09 - 00001035 _____ C:\Users\Brett\Desktop\WinDirStat.lnk
    2016-06-07 17:37 - 2011-08-01 07:17 - 00001172 _____ C:\Users\Brett\Desktop\Repair Network Driver.lnk
    2016-06-07 17:37 - 2011-07-28 13:26 - 00000592 _____ C:\Users\Brett\Desktop\BrettsC (BRETT-RPOWER) (V) - Shortcut.lnk
    2016-06-07 17:37 - 2011-07-27 15:37 - 00001244 _____ C:\Users\Brett\Desktop\Command Prompt.lnk
    2016-06-07 17:33 - 2011-07-28 13:25 - 00000000 ____D C:\Windows\pss
    2016-06-07 16:44 - 2014-08-07 08:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-06-07 16:44 - 2014-08-07 08:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-06-07 15:03 - 2012-04-06 08:56 - 00000000 ____D C:\ProgramData\F-Secure
    2016-06-07 14:28 - 2011-07-28 07:54 - 00075008 _____ C:\Windows\za_mv_raid.ev
    2016-06-07 14:28 - 2011-07-28 07:54 - 00000096 _____ C:\Windows\za_mv_seqnum.ev
    2016-06-07 14:28 - 2011-07-28 07:54 - 00000008 _____ C:\Windows\mvraidver.dat
    2016-06-07 14:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\IME
    2016-06-07 12:06 - 2013-05-07 09:23 - 00000000 ____D C:\ProgramData\Sophos
    2016-06-07 11:59 - 2011-07-27 15:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2016-06-07 11:44 - 2011-07-28 06:51 - 00000000 ____D C:\Users\UpdatusUser
    2016-06-07 09:13 - 2016-01-07 07:28 - 00000000 ____D C:\Users\Brett\.VirtualBox
    2016-06-07 09:11 - 2015-04-01 07:36 - 00047718 _____ C:\Users\Brett\ntuserdirect_MyManager.dat
    2016-06-07 07:08 - 2016-02-22 17:47 - 00056733 _____ C:\Users\Brett\Documents\student loan2.xlsx
    2016-06-06 13:00 - 2016-04-28 07:53 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2016-06-01 16:11 - 2012-04-16 07:55 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-06-01 16:11 - 2011-08-01 15:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-05-25 19:12 - 2016-03-01 19:04 - 00000000 ____D C:\Windows\SysWOW64\GWX
    2016-05-25 19:12 - 2015-04-07 18:47 - 00000000 ___SD C:\Windows\system32\GWX
    2016-05-25 12:15 - 2011-07-27 15:39 - 00000000 ___HD C:\Program Files (x86)\Temp
    2016-05-25 12:12 - 2011-07-27 15:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-05-23 07:19 - 2009-07-13 22:08 - 00032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-05-16 13:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2016-05-16 07:28 - 2009-07-13 22:13 - 01111032 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-16 07:17 - 2011-04-12 01:28 - 00000000 ____D C:\Program Files\Windows Journal

    ==================== Files in the root of some directories =======

    2011-09-22 09:47 - 2011-09-22 09:48 - 0000132 _____ () C:\Users\Brett\AppData\Roaming\Adobe BMP Format CS5 Prefs
    2012-05-17 14:20 - 2016-03-31 10:43 - 0000132 _____ () C:\Users\Brett\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2016-06-07 09:40 - 2016-06-07 09:40 - 6867968 _____ () C:\Users\Brett\AppData\Roaming\agent.dat
    2016-06-07 09:39 - 2016-06-07 09:39 - 0128512 _____ () C:\Users\Brett\AppData\Roaming\Installer.dat
    2016-06-07 09:40 - 2016-06-07 09:40 - 0018432 _____ () C:\Users\Brett\AppData\Roaming\Main.dat
    2011-09-12 09:12 - 2011-09-15 13:08 - 0000600 _____ () C:\Users\Brett\AppData\Roaming\winscp.rnd
    2011-09-12 18:00 - 2016-04-25 14:38 - 0001456 _____ () C:\Users\Brett\AppData\Local\Adobe Save for Web 12.0 Prefs
    2013-01-14 07:29 - 2013-01-14 07:29 - 0000218 _____ () C:\Users\Brett\AppData\Local\recently-used.xbel
    2011-08-02 08:31 - 2016-06-08 17:36 - 0007597 _____ () C:\Users\Brett\AppData\Local\Resmon.ResmonCfg
    2011-08-10 10:59 - 2014-11-11 13:21 - 0021089 _____ () C:\ProgramData\hpzinstall.log
    2015-02-05 07:51 - 2016-04-21 17:30 - 0001483 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    Files to move or delete:
    ====================
    C:\Users\Brett\ntuserdirect_MSManager.dat
    C:\Users\Brett\ntuserdirect_MyManager.dat


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-06-07 00:31

    ==================== End of FRST.txt ============================
     
  16. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
    Ran by Brett (2016-06-14 18:10:50)
    Running from C:\Users\Brett\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) (2011-07-27 22:37:04)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1722142055-1796014379-4179580014-500 - Administrator - Disabled)
    Brett (S-1-5-21-1722142055-1796014379-4179580014-1000 - Administrator - Enabled) => C:\Users\Brett
    Guest (S-1-5-21-1722142055-1796014379-4179580014-501 - Limited - Disabled)
    UpdatusUser (S-1-5-21-1722142055-1796014379-4179580014-1001 - Limited - Disabled) => C:\Users\UpdatusUser
    ZendUser (S-1-5-21-1722142055-1796014379-4179580014-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
    AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @Bios Ver.2.06 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.06 - GIGABYTE)
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    7500_7600_7700_Help1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_e7e6bb3ae60aaa1c5b11aa97d8f15b0) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
    Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
    Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
    Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5 Beta 64-bit (HKLM\...\{652E6883-26B8-4683-BDAA-8AD37D00C045}) (Version: 5.0.0 - Adobe)
    Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
    Advanced IP Scanner 2.4 (HKLM-x32\...\{C3CF783A-5457-4989-966F-7BE08812FB71}) (Version: 2.4.2601 - Famatech)
    AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
    Amazon Music (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
    Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS Gamer OSD (HKLM-x32\...\{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}) (Version: 3.06.0731 - ASUSTeK COMPUTER INC.)
    ASUS Smart Doctor (HKLM-x32\...\InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}) (Version: 5.43 - ASUSTek COMPUTER INC.)
    ASUS Smart Doctor (x32 Version: 5.43 - ASUSTek COMPUTER INC.) Hidden
    ASUS VideoSecurity Online (HKLM-x32\...\InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}) (Version: 3.5.1.3 - ASUSTeK Computer Inc.)
    ASUS VideoSecurity Online (x32 Version: 3.5.1.3 - ASUSTeK Computer Inc.) Hidden
    AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
    AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
    Blio (HKLM-x32\...\{0361F83A-9DFC-483F-BC9E-7A73170612EA}) (Version: 3.3.9721 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
    BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    Brackets (HKLM-x32\...\{EF4E49D9-63EF-4BD4-BAD0-2234C79970D3}) (Version: 1.7 - brackets.io)
    BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
    Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
    Cox TV Connect (HKLM-x32\...\{EA86FAE4-25FE-48B1-89E6-24D51B47C2B1}) (Version: 11.53.00 - Cox Communications)
    Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
    Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
    Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.39.1 - Dropbox, Inc.) Hidden
    Easy Tune 6 B10.0420.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
    Easy Tune 6 B10.0420.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    EMS SQL Manager 2011 Lite for SQL Server (HKLM-x32\...\{D368A75F-913B-4415-947D-F6B1BA9DB2F4}) (Version: 3.7.0.1 - EMS)
    EMS SQL Manager Lite for SQL Server (HKLM-x32\...\{2435A7B0-D45E-4D0F-8F75-D7060CE1B43A}) (Version: 4.1.0.45480 - EMS Database Management Solutions, Ltd.)
    Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
    EPSON WF-3620 Series Printer Uninstall (HKLM\...\EPSON WF-3620 Series) (Version: - SEIKO EPSON Corporation)
    Epson WF-3620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-3620 User’s Guide_is1) (Version: 1.0 - )
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    EZ Fonts (HKLM-x32\...\{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}) (Version: 1.0.0 - EZ Fonts)
    FontForge version 1.0 (HKLM-x32\...\{16CB5DA9-AB24-4F1E-9D55-C088245B8120}_is1) (Version: 1.0 - Download Freely, LLC)
    GDR 2550 for SQL Server 2008 R2 (KB2716440) (64-bit) (HKLM\...\KB2716440) (Version: 10.51.2550.0 - Microsoft Corporation)
    GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
    GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
    Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0001 - GIGABYTE Technologies, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
    Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    GoToMeeting 7.18.0.4962 (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\GoToMeeting) (Version: 7.18.0.4962 - CitrixOnline)
    Gtk# for .Net 2.12.21 (HKLM-x32\...\{71109D19-D8C1-437D-A6DA-03B94F5187FB}) (Version: 2.12.21 - Xamarin, Inc.)
    Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
    HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{A818DAE1-EBBE-4438-B557-8115955D88E4}) (Version: 14.0 - HP)
    HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
    ICQ 8.2 (build 7100) (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\ICQ) (Version: 8.2.7100.0 - ICQ)
    IIS Diagnostics Toolkit January 2006 (AMD64) (HKLM\...\{269F4A2A-D659-4D2F-A6CC-20051225051C}) (Version: 1.5.1225.0 - Microsoft Corporation)
    IIS URL Rewrite Module 2 (HKLM\...\{EB675D0A-2C95-405B-BEE8-B42A65D23E11}) (Version: 7.2.2 - Microsoft Corporation)
    Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
    iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
    Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
    Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    join.me (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\JoinMe) (Version: 2.11.0.1717 - LogMeIn, Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    L7000_Basic (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Marvell MRU V4 (HKLM-x32\...\mv61xxMRU) (Version: 4.1.0.1700 - Marvell)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
    Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C058FC5D-565F-4360-A562-0527A3D993DC}) (Version: 2.3.2211 - Microsoft Corporation)
    Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCELR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
    Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6A0F9093-6EDF-45B2-8783-9EB9D15F8339}) (Version: 10.51.2550.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
    Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
    Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
    Miranda IM 0.10.4 (HKLM-x32\...\Miranda IM) (Version: 0.10.4 - Miranda IM Project)
    Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MySQL Workbench 6.3 CE (HKLM\...\{59958BAC-A61D-4A23-8082-CC2FDF17937F}) (Version: 6.3.6 - Oracle Corporation)
    NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
    NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
    Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
    NVIDIA 3D Vision Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
    NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
    NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
    ON_OFF Charge B10.0422.2 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
    OneClickdigital Media Manager (HKLM-x32\...\{C259BBE2-2531-4387-B5E3-9E6845854272}) (Version: 61.0.0.0 - Recorded Books)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Opera Stable 38.0.2220.29 (HKLM-x32\...\Opera 38.0.2220.29) (Version: 38.0.2220.29 - Opera Software)
    Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
    OverDrive Media Console (HKLM-x32\...\{D647F06F-2908-487E-9CDA-DE52148CBF49}) (Version: 3.2.10 - OverDrive, Inc.)
    Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
    Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
    PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.531.2011 - Realtek)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
    Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )
    Rhapsody (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\8aa854a199af1b36) (Version: 6.17.22.0 - Rhapsody International Inc.)
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
    Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
    ShellFolderFix 1.1.4 (HKLM\...\{3DD823AB-145A-4522-B9F6-A9566121F837}_is1) (Version: - )
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Smart 6 B11.0824.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
    Smart Dual Lan (HKLM-x32\...\{FB238A00-FB43-49C8-8955-6F1F430944B7}) (Version: 1.00.0000 - Realtek)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
    SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Analysis Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 BI Development Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Client Tools (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Integration Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Reporting Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    The Bat! Professional v3.98.4 (HKLM-x32\...\{FCBBBD2E-CAF5-4C80-B73E-4657703EF259}) (Version: 3.98.4 - Ritlabs)
    Tomboy Notes (HKLM-x32\...\{F8AC5942-DB6B-49F1-95F2-76380E1F0A2C}) (Version: 1.14.0.0 - Tomboy Project)
    Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
    TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
    Utility (x32 Version: 1.00.0002 - ASUSTek) Hidden
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
    WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
    Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
    WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
    WinDirStat 1.1.2 (HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\WinDirStat) (Version: - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
    WinSCP 4.3.4 (HKLM-x32\...\winscp3_is1) (Version: 4.3.4 - Martin Prikryl)
    XviD MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - XviD Development Team)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Zend Server (x32 Version: 4.0.1 - Zend Technologies) Hidden
    Zend Server Community Edition (HKLM-x32\...\InstallShield_{DCDC2DF0-7305-4F7F-A78C-F5148819928F}) (Version: 4.0.1 - Zend Technologies)
    Zend Studio 8.0.1 (HKLM-x32\...\{A73D4BEE-2BBE-4285-BF6C-4B8C7C002290}) (Version: 8.0.1 - Zend Technologies Ltd.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Brett\AppData\Local\Citrix\GoToMeeting\4800\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01E726C6-19D1-48AD-8F9E-DC43020B3C6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000Core => C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {1240AB07-C2AF-4063-99DF-08193C89FD08} - System32\Tasks\{312A3800-E54D-4A99-8862-D52255DA01DE} => pcalua.exe -a "C:\Users\Brett\Downloads\QuickTimeInstaller (1).exe" -d C:\Users\Brett\Downloads
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {4237B16E-8A80-4C4E-B1F4-5F668C67384A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-01] (Adobe Systems Incorporated)
    Task: {56F55C45-9BAE-4A77-BCD8-B586E5E5157F} - System32\Tasks\{652E52A9-B828-4BD9-B6A7-D7F30BC4FD3A} => pcalua.exe -a C:\Users\Brett\Downloads\New_PC_Studio_1.4.1_AD2.exe -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {5D8DFBF9-9413-400A-86B8-04BCF7BF7CF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {64775044-053F-4C2A-8F55-C9D6651B4373} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {80ECE277-D76D-4CD6-BF70-EF74F6445067} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {86E9C180-AD73-4B09-8900-291C2BD7FB60} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {8FF9DB0C-085D-4797-BB71-DF431F9BD127} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000UA => C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {9599A4A6-2F6C-435B-B759-CC53F1DB9CB0} - System32\Tasks\{0D8B5A9C-86CB-4FAA-BCFB-F4D0D3B90AC0} => pcalua.exe -a C:\Users\Brett\Downloads\SQLSRV20(1).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {96BDBB7C-1CC7-4A1D-8E9E-A8EEAD7B086B} - System32\Tasks\EPSON WF-3620 Series Update {6CF4039E-DC58-4C2B-8298-29E30609319C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {97CB488C-26AF-4CD8-8FBB-58C813B40290} - System32\Tasks\Opera scheduled Autoupdate 1422540934 => C:\Program Files (x86)\Opera\launcher.exe [2016-06-06] (Opera Software)
    Task: {A3F9F643-C953-470F-8D01-67C516EB7720} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
    Task: {A611CD2E-1AC1-4546-89B8-E14721D7984B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {AF027826-30AC-4B64-8562-382AD03B5765} - System32\Tasks\AdobeAAMUpdater-1.0-Brett-PC-Brett => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
    Task: {B4409CBE-B5B7-4DEE-8BCB-A364791DE27F} - System32\Tasks\EPSON WF-3620 Series Invitation {6CF4039E-DC58-4C2B-8298-29E30609319C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
    Task: {BFDD5801-3B60-4C2F-99CF-1B84140E720C} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {EBAB9099-D565-4457-9C7F-020AEF23EFC1} - System32\Tasks\{394F9D8C-063A-4DBF-B6BC-D724F85595D4} => pcalua.exe -a C:\Users\Brett\Downloads\windirstat1_1_2_setup.exe -d C:\Users\Brett\Downloads
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\EPSON WF-3620 Series Invitation {6CF4039E-DC58-4C2B-8298-29E30609319C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
    Task: C:\Windows\Tasks\EPSON WF-3620 Series Update {6CF4039E-DC58-4C2B-8298-29E30609319C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{6CF4039E-DC58-4C2B-8298-29E30609319C} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000Core.job => C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1722142055-1796014379-4179580014-1000UA.job => C:\Users\Brett\AppData\Local\Google\Update\GoogleUpdate.exe
     
  17. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2012-11-18 03:06 - 2013-09-12 00:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2009-07-27 11:13 - 2009-07-27 11:13 - 00061440 _____ () C:\Windows\SysWOW64\ASDR.exe
    2011-07-27 17:38 - 2009-07-02 20:49 - 00449024 _____ () C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
    2012-12-12 21:37 - 2012-12-12 21:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
    2016-06-08 08:53 - 2016-06-03 18:01 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
    2016-06-08 08:53 - 2016-06-03 18:01 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
    2015-12-10 15:00 - 2015-12-10 15:00 - 00392192 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\base.wr.dll
    2015-12-10 14:48 - 2015-12-10 14:48 - 00336384 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\base.dll
    2015-11-03 10:18 - 2015-11-03 10:18 - 00176128 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\pcre.dll
    2015-12-10 15:10 - 2015-12-10 15:10 - 05436416 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wbprivate.wr.dll
    2015-12-10 14:47 - 2015-12-10 14:47 - 00660480 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\mysqlcppconn.dll
    2015-11-03 10:18 - 2015-11-03 10:18 - 05288960 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\libmysql.dll
    2015-12-10 14:51 - 2015-12-10 14:51 - 01016832 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\mysql.forms.dll
    2015-11-03 10:18 - 2015-11-03 10:18 - 00177152 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\libpng.dll
    2015-11-03 10:18 - 2015-11-03 10:18 - 00078336 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\zlib.dll
    2015-12-10 14:49 - 2015-12-10 14:49 - 00481280 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\mysql.canvas.dll
    2015-12-10 14:48 - 2015-12-10 14:48 - 00857088 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\grt.dll
    2015-11-03 10:18 - 2015-11-03 10:18 - 01503744 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\libxml2.dll
    2015-12-10 15:08 - 2015-12-10 15:08 - 05814784 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wbprivate.be.dll
    2015-11-05 17:16 - 2015-11-05 17:16 - 00084480 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\libzip.dll
    2015-12-10 14:49 - 2015-12-10 14:49 - 00109056 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\cdbc.dll
    2015-12-10 14:55 - 2015-12-10 14:55 - 40894464 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\mysql.parser.dll
    2015-12-10 14:59 - 2015-12-10 14:59 - 09229312 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wbpublic.be.dll
    2015-12-10 14:47 - 2015-12-10 14:47 - 00402944 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\libctemplate.dll
    2015-11-03 10:18 - 2015-11-03 10:18 - 05765632 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\gdal.dll
    2015-11-03 10:18 - 2015-11-03 10:18 - 00666112 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\sqlite3.dll
    2015-12-10 15:00 - 2015-12-10 15:00 - 04821504 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\mforms.wr.dll
    2015-12-10 15:02 - 2015-12-10 15:02 - 05521920 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wbpublic.wr.dll
    2015-12-10 15:10 - 2015-12-10 15:10 - 00028160 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\db.grt.dll
    2015-12-10 15:11 - 2015-12-10 15:11 - 00539648 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\db.mysql.grt.dll
    2015-12-10 15:24 - 2015-12-10 15:24 - 00757248 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\db.mysql.parser.grt.dll
    2015-12-10 15:24 - 2015-12-10 15:24 - 00120832 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\db.mysql.query.grt.dll
    2015-12-10 15:22 - 2015-12-10 15:22 - 02334720 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\db.mysql.sqlparser.grt.dll
    2015-12-10 15:24 - 2015-12-10 15:24 - 00047616 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wb.fabric.interface.grt.dll
    2015-12-10 15:16 - 2015-12-10 15:16 - 00297472 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wb.model.grt.dll
    2015-12-10 15:17 - 2015-12-10 15:17 - 00268288 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wb.mysql.import.grt.dll
    2015-12-10 15:23 - 2015-12-10 15:23 - 00067072 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wb.utils.native.grt.dll
    2015-12-10 15:15 - 2015-12-10 15:15 - 01319424 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\_mforms.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00032256 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\Python\DLLs\_multiprocessing.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00058368 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\Python\DLLs\_sqlite3.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00047616 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\Python\DLLs\_socket.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00012800 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\python\site-packages\Crypto\Random\OSRNG\winrandom.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00012800 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\python\site-packages\Crypto\Util\_counter.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00032256 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\python\site-packages\Crypto\Cipher\_AES.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00054784 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\python\site-packages\Crypto\Cipher\_DES3.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00010752 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\Python\DLLs\select.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00022528 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\python\site-packages\Crypto\Cipher\_Blowfish.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00011776 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\python\site-packages\Crypto\Cipher\_ARC4.pyd
    2015-11-03 10:18 - 2015-11-03 10:18 - 00109568 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\Python\DLLs\_ctypes.pyd
    2015-12-10 15:15 - 2015-12-10 15:15 - 00201728 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\_cairo.pyd
    2015-12-10 15:15 - 2015-12-10 15:15 - 00239104 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\db.mysql.diff.reporting.wbp.dll
    2015-12-10 15:14 - 2015-12-10 15:14 - 01027072 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\db.mysql.wbp.dll
    2015-12-10 15:11 - 2015-12-10 15:11 - 00447488 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\db.mysql.editors.wbp.be.dll
    2015-12-10 15:17 - 2015-12-10 15:17 - 00262144 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\db.search.wbp.dll
    2015-12-10 15:18 - 2015-12-10 15:18 - 00136704 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wb.model.editors.wbp.be.dll
    2015-12-10 15:23 - 2015-12-10 15:23 - 00101888 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wb.model.snippets.wbp.dll
    2015-12-10 15:23 - 2015-12-10 15:23 - 00077824 _____ () C:\Program Files\MySQL\MySQL Workbench 6.3 CE\wb.printing.wbp.be.dll
    2016-06-08 08:53 - 2016-06-03 18:01 - 31491736 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll
    2016-05-16 09:13 - 2016-05-16 09:13 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\36228373a740e360eb9e81fe1e54615e\IsdiInterop.ni.dll
    2011-07-27 15:41 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00036878 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00310443 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00092285 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00201726 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00106712 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00373657 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00150086 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00116583 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00171090 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00055804 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00416065 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00237138 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00047391 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00028276 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00023851 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
    2014-02-02 17:19 - 2014-02-02 17:19 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
    2014-02-02 17:18 - 2014-02-02 17:18 - 00486400 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
    2014-07-23 06:26 - 2014-07-23 06:26 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
    2012-12-12 20:30 - 2012-12-12 20:30 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
    2016-06-01 16:09 - 2016-06-01 16:11 - 19427520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll
    2016-06-08 12:34 - 2016-06-08 12:34 - 48942256 _____ () C:\Program Files (x86)\Brackets\libcef.dll
    2016-06-08 12:34 - 2016-06-08 12:34 - 00120832 _____ () C:\Program Files (x86)\Brackets\www\filesystem\impls\appshell\node\node_modules\fsevents_win\build\Release\fswatch_win.node

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\...\rhapsody.com -> hxxps://rhap-app-4-0.rhapsody.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2016-06-14 08:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: BBSvc => 2
    MSCONFIG\Services: BBUpdate => 3
    MSCONFIG\Services: dbupdate => 2
    MSCONFIG\Services: dbupdatem => 3
    MSCONFIG\Services: DES2 Service => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: JMB36X => 2
    MSCONFIG\Services: MRUWebService => 2
    MSCONFIG\Services: SDLService => 2
    MSCONFIG\Services: WeatherChiknSrvr => 2
    MSCONFIG\Services: Zonekix => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Zend Controller.lnk => C:\Windows\pss\Zend Controller.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Brett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Launch Jawbone Updater.lnk => C:\Windows\pss\Launch Jawbone Updater.lnk.Startup
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: ASUSGamerOSD => C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
    MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: Breakaway => "C:\Program Files (x86)\Breakaway1.4\breakaway.exe" force
    MSCONFIG\startupreg: Digital Coupon Print Driver => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
    MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
    MSCONFIG\startupreg: EasyTuneVI => C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
    MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
    MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: icq => C:\Users\Brett\AppData\Roaming\ICQM\icq.exe -CU
    MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    MSCONFIG\startupreg: MRUTray => C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{649583B8-782C-4637-8133-8BABE4A8C42B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    FirewallRules: [{AE057E5C-EBC2-47FE-858C-E35523707451}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    FirewallRules: [TCP Query User{2DF62BF5-E760-45B3-B0ED-341608D6D32C}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe
    FirewallRules: [UDP Query User{0E455E0E-9E5A-42A7-91A2-601E45047F96}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe
    FirewallRules: [TCP Query User{A46F6428-EBF8-4102-83A6-A01B51D70A2E}C:\program files (x86)\miranda im\miranda32.exe] => (Allow) C:\program files (x86)\miranda im\miranda32.exe
    FirewallRules: [UDP Query User{BB71072D-839E-497C-B16C-9EE4DE3254FB}C:\program files (x86)\miranda im\miranda32.exe] => (Allow) C:\program files (x86)\miranda im\miranda32.exe
    FirewallRules: [TCP Query User{0789E310-FD0B-48AC-A3EE-33217A1072FB}C:\program files (x86)\zend\zend studio - 8.0.1\zendstudio.exe] => (Allow) C:\program files (x86)\zend\zend studio - 8.0.1\zendstudio.exe
    FirewallRules: [UDP Query User{20107522-1B21-436A-B606-BCC85A875E23}C:\program files (x86)\zend\zend studio - 8.0.1\zendstudio.exe] => (Allow) C:\program files (x86)\zend\zend studio - 8.0.1\zendstudio.exe
    FirewallRules: [TCP Query User{745A4974-A7C0-48AF-8324-6AFEA5798357}C:\program files (x86)\miranda im\miranda32.exe] => (Block) C:\program files (x86)\miranda im\miranda32.exe
    FirewallRules: [UDP Query User{04C862C6-12A1-4B7C-A9BE-709170773012}C:\program files (x86)\miranda im\miranda32.exe] => (Block) C:\program files (x86)\miranda im\miranda32.exe
    FirewallRules: [{834A22ED-8961-49B7-8B05-E61F744DA264}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{6EB43CB6-2E21-46EC-9ADF-D077B6AF32DE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{76EC055C-F944-4353-985B-52585AFD35E5}] => (Allow) D:\WinTemp\AppData\Local\Temp\7zS7291\OJProL7X00_Basic_14\setup\hpznui40.exe
    FirewallRules: [{C5007291-6BC3-4C38-9043-378D6460C86D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{F58395D4-C1D9-4993-BF53-E3449C5192DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{97B1C1A4-2758-4B04-9106-51AA12430877}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{A85B3D9B-7EC1-49F6-AAEE-93A885C5476E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{59907EAB-8C4E-4E9F-9878-BAB889850735}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{34E547A1-8E53-4ADD-A29D-13509827036F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{BDC0EC3C-0FC4-4037-8218-09D48FD015FD}] => (Allow) LPort=2869
    FirewallRules: [{43EDDC3B-2289-41D2-A406-F01F9239D881}] => (Allow) LPort=1900
    FirewallRules: [{15E2DFF1-3E9E-40A6-BABF-4F9B9752ADB9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{9B791286-7E80-4A89-B97D-41F601DE4649}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{862CAB1A-0BF0-4958-9C91-8052AD2855BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{9B9027A7-8357-4F1A-AF97-E8661A8D3D66}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{A2E88E58-DD7F-4615-A9D9-03B585BD88A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{B62240A2-CD4D-41C4-B057-86EA8072FC82}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{60A25641-E516-4519-9763-D8A2619BD3BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{11038C88-C553-47A2-83F5-F71828B9AD72}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{040F9044-E413-431B-8328-2706EE8087E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{34689BE3-8474-4A03-B402-BCD341019A92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{729920C3-3726-484D-AB76-57B013728627}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{A3575ADE-80D1-4217-BAF0-DE0DA2F43DFC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{13DFDBBA-85B9-47FC-94DE-D0043C1559B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{A46918E8-BC79-4505-BD15-915AC9F4CCCC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{D837C17B-B21B-424E-BA68-AEC8AF7365EC}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [TCP Query User{4CB2FE52-7047-48A2-88DE-C4970E009DFD}C:\program files (x86)\gigabyte\smart6\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\smart6\gbtupd.exe
    FirewallRules: [UDP Query User{2F64B26B-6BE6-429D-962C-BB894C865936}C:\program files (x86)\gigabyte\smart6\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\smart6\gbtupd.exe
    FirewallRules: [TCP Query User{E5DA35C3-FAEF-4BE7-A727-AB36B0409395}C:\program files (x86)\gigabyte\smart6\updexe.exe] => (Block) C:\program files (x86)\gigabyte\smart6\updexe.exe
    FirewallRules: [UDP Query User{9574B8C4-726A-4918-A4F1-7FB41B3FF396}C:\program files (x86)\gigabyte\smart6\updexe.exe] => (Block) C:\program files (x86)\gigabyte\smart6\updexe.exe
    FirewallRules: [TCP Query User{85C0522B-719D-43D3-8ED4-2345C93C0834}C:\program files (x86)\napster\napster.exe] => (Allow) C:\program files (x86)\napster\napster.exe
    FirewallRules: [UDP Query User{8A95B0D4-DC7C-42AA-9FE8-474A43B93887}C:\program files (x86)\napster\napster.exe] => (Allow) C:\program files (x86)\napster\napster.exe
    FirewallRules: [TCP Query User{7E6436E1-F198-4496-A000-7FAA99713980}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
    FirewallRules: [UDP Query User{5F9C77ED-2408-4271-9A74-09E3140A0D09}C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs5.5\dreamweaver.exe
    FirewallRules: [{93A87AAC-D985-4A1C-A9A4-B6E5CAF78076}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
    FirewallRules: [{DAADEBB8-B19F-4CCE-8F14-E388BCD1C548}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
    FirewallRules: [{F14F80CE-664B-4A1D-B657-FD525A40AB89}] => (Allow) D:\menuImports\npsasvr.exe
    FirewallRules: [{A598D455-8A9B-410E-A5CA-A57C97C99860}] => (Allow) D:\menuImports\npsasvr.exe
    FirewallRules: [{6EA71E0A-6DAA-405E-B518-223B5338FCD8}] => (Allow) D:\menuImports\npsvsvr.exe
    FirewallRules: [{764230B1-02F9-4BB1-A2FC-00BB148BD198}] => (Allow) D:\menuImports\npsvsvr.exe
    FirewallRules: [TCP Query User{90AE0930-856D-43C9-929A-CACFE2A77AF0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{CAA43023-926E-4FAA-B2F6-0E14424D0CC1}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{9643E137-9216-4AD9-963C-6F9466650ADA}C:\users\brett\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Block) C:\users\brett\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [UDP Query User{4E65DEB1-4C45-422C-95B2-7776D3F8FFD2}C:\users\brett\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Block) C:\users\brett\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
    FirewallRules: [TCP Query User{E7CF8502-1255-418B-B467-2A519A70ABA9}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [UDP Query User{7A8A49CD-7712-47DF-9072-B5F4FF328419}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [TCP Query User{A141A18F-515D-4123-9E30-47100336D942}C:\program files (x86)\mono-2.10.6\bin\mono.exe] => (Block) C:\program files (x86)\mono-2.10.6\bin\mono.exe
    FirewallRules: [UDP Query User{9D9ECF9B-6D8D-4767-A091-3EB81519741E}C:\program files (x86)\mono-2.10.6\bin\mono.exe] => (Block) C:\program files (x86)\mono-2.10.6\bin\mono.exe
    FirewallRules: [{F3301210-993C-4426-96FF-72535428B379}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{C28FAA86-9720-4667-95A8-494A63EE3862}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{3735DDDD-C0A3-4933-A42A-2AA9567A98DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B699AFB0-9371-4D67-8827-19B4B914622A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{88FE09D0-AD97-4A8C-9211-61EE37CC8088}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A9AA9173-013B-41A2-B5AE-F6811F139BC4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{F27F095D-9AD4-46C4-8C89-F5978277AD0F}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe
    FirewallRules: [UDP Query User{A7D28249-24A7-486D-A2D1-7962B5E3FBC3}C:\program files (x86)\pidgin\pidgin.exe] => (Allow) C:\program files (x86)\pidgin\pidgin.exe
    FirewallRules: [TCP Query User{F443CF85-E735-4099-B6D7-74B1173E1C6A}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{A554BF97-1797-4A13-A74B-1558AC11E0DB}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{0126BDB0-1DA9-4962-ACF5-6B4A71EB3428}C:\users\brett\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\brett\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{A4A80D1E-D9CE-4B29-8B08-CE79242E57FE}C:\users\brett\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\brett\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{132C56E7-7048-4586-AE0E-0EC308D490A5}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
    FirewallRules: [{7A62AE34-5DE6-4478-BF0D-A741AE27EB4C}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
    FirewallRules: [{7EA61E59-D11E-4021-8624-D82ABBDCF7B3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{8B6A5293-D25E-4B31-999D-064746B6FE25}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{5598F752-2883-4151-87B0-CB06DD9D8B2F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [TCP Query User{B6751A6A-8842-4C3E-AC0F-A682315B67D9}D:\wintemp\appdata\local\temp\lmiecd7.tmp\logmein client.exe] => (Allow) D:\wintemp\appdata\local\temp\lmiecd7.tmp\logmein client.exe
    FirewallRules: [UDP Query User{6C1AEE32-022C-4683-A2EC-3CF0C834D6F5}D:\wintemp\appdata\local\temp\lmiecd7.tmp\logmein client.exe] => (Allow) D:\wintemp\appdata\local\temp\lmiecd7.tmp\logmein client.exe
    FirewallRules: [TCP Query User{19573729-EA8F-49F7-BE17-02D3E3AE309E}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Block) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
    FirewallRules: [UDP Query User{76509D7D-228C-4208-B780-01A93FF4E4ED}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe] => (Block) C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe
    FirewallRules: [{08EC233A-4B19-4746-8FA6-80653197F689}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe
    FirewallRules: [{F78EEA93-13E4-4506-8821-685BA5A09D8E}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe
    FirewallRules: [{630F0C54-0EBC-4415-ABE0-4380C3F58525}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F17F4FD4-D307-49DC-94DA-62C2F276B1C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{41BEC0C4-FFAE-48CD-850A-476D2F635A85}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{78A332BC-884F-4FF6-981C-829EA5834718}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    FirewallRules: [{594BE973-5E26-44C8-8C0D-5721D0F501EE}] => (Allow) D:\WinTemp\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [{138F7B78-C77E-49AE-BA6B-9B4BA2826913}] => (Allow) D:\WinTemp\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
    FirewallRules: [TCP Query User{474ED91E-4452-4415-84BD-8ED23ED55D64}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{3024AC85-4C99-4685-B58F-4C23531F2693}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{6B0C6014-4B71-41C3-9A7F-A16FAAFB7DFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{20967EFA-BA50-4DF1-B066-746356011ADB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3C2D47A2-88B3-4963-A7BF-3C901E05F9FA}] => (Allow) C:\Users\Brett\AppData\Local\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{B23C61D9-12D9-4D4C-8411-9AE53FDADA22}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
    FirewallRules: [UDP Query User{21545605-F341-4381-9223-120B06E95625}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
    FirewallRules: [TCP Query User{911ED9B9-4E28-4767-A264-0DF87287B56A}D:\wintemp\appdata\local\temp\joicd55.tmp\join.me.exe] => (Allow) D:\wintemp\appdata\local\temp\joicd55.tmp\join.me.exe
    FirewallRules: [UDP Query User{14465195-93A7-4C7F-BE13-472213A3C565}D:\wintemp\appdata\local\temp\joicd55.tmp\join.me.exe] => (Allow) D:\wintemp\appdata\local\temp\joicd55.tmp\join.me.exe
    FirewallRules: [TCP Query User{F90B5FAD-EE46-4523-9C45-F51D8486B1E1}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
    FirewallRules: [UDP Query User{56F9C9DD-0262-486C-875E-CEE19407D29D}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
    FirewallRules: [TCP Query User{522D584E-B632-4BB7-83A9-E5F7722D5213}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
    FirewallRules: [UDP Query User{6970C9AA-BB95-4B18-A12D-26026BD21E2A}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
    FirewallRules: [{D25746A4-E1FE-489A-8A68-25C82B2A73A0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{AFA55E27-D170-4FEE-A7C0-F34AAE08A5B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
    FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
    FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
    FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe

    ==================== Restore Points =========================

    08-06-2016 14:09:39 Automatic creation
    09-06-2016 11:25:05 Automatic creation
    13-06-2016 15:17:03 Automatic creation
    14-06-2016 08:10:01 Automatic creation

    ==================== Faulty Device Manager Devices =============

    Name: Officejet Pro L7600
    Description: Officejet Pro L7600
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: HP
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: LogMeIn Kernel Information Provider
    Description: LogMeIn Kernel Information Provider
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: LMIInfo
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Officejet Pro L7600
    Description: Officejet Pro L7600
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: HP Officejet Pro 8620
    Description: HP Officejet Pro 8620
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/14/2016 08:32:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80004005

    Error: (06/14/2016 08:09:59 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {f85ba869-4cd1-4424-995c-1703305ca296}

    Error: (06/14/2016 08:07:35 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SmartDoctor.exe, version: 5.4.3.7, time stamp: 0x4a74e69d
    Faulting module name: SmartDoctor.exe, version: 5.4.3.7, time stamp: 0x4a74e69d
    Exception code: 0xc0000005
    Fault offset: 0x0002cddd
    Faulting process id: 0x16ec
    Faulting application start time: 0xSmartDoctor.exe0
    Faulting application path: SmartDoctor.exe1
    Faulting module path: SmartDoctor.exe2
    Report Id: SmartDoctor.exe3

    Error: (06/14/2016 08:07:17 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
    Description: The Desktop Window Manager has encountered a fatal error (0x88980406)

    Error: (06/14/2016 07:41:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/14/2016 07:40:52 AM) (Source: MSSQLServerOLAPService) (EventID: 0) (User: )
    Description: The service cannot be started: XML parsing failed at line 1, column 1: Incorrect document syntax.
    .

    Error: (06/14/2016 07:40:41 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 8355) (User: )
    Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

    Error: (06/14/2016 07:40:41 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 3414) (User: )
    Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

    Error: (06/14/2016 07:40:39 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 9003) (User: )
    Description: The log scan number (335:456:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (06/13/2016 07:31:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (06/14/2016 08:54:10 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/14/2016 08:53:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (06/14/2016 08:46:14 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/14/2016 07:43:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    The service did not start due to a logon failure.


    Error: (06/14/2016 07:43:20 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    Logon failure: account currently disabled.


    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (06/14/2016 07:42:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

    Error: (06/14/2016 07:41:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (06/14/2016 07:41:04 AM) (Source: SNMP) (EventID: 1500) (User: )
    Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error: (06/14/2016 07:40:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Marvell RAID Event Agent service depends on the MRU Web Service service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Error: (06/14/2016 07:40:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
    The system cannot find the path specified.



    CodeIntegrity:
    ===================================
    Date: 2016-06-14 08:53:39.102
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-06-14 08:53:39.055
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-04-06 08:56:57.369
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\WinTemp\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2012-04-06 08:56:57.360
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\WinTemp\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
    Percentage of memory in use: 48%
    Total physical RAM: 16382.27 MB
    Available physical RAM: 8485.93 MB
    Total Virtual: 32762.73 MB
    Available Virtual: 23531.61 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.51 GB) (Free:264.02 GB) NTFS
    Drive d: (SDD) (Fixed) (Total:59.52 GB) (Free:22.04 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 62191A89)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: EECF37B9)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  19. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2016
    Ran by Brett (2016-06-15 08:00:41) Run:1
    Running from C:\Users\Brett\Desktop
    Loaded Profiles: Brett (Available Profiles: Brett & UpdatusUser & Classic .NET AppPool & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    GroupPolicyScripts: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
    FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
    CHR Extension: (LogMeIn) - C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj [2014-11-11] [UpdateUrl: hxxps://secure.logmein.com/activex/update_chrome.xml] <==== ATTENTION
    C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj
    S4 LMIRfsClientNP; no ImagePath
    U3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2011-09-22 09:47 - 2011-09-22 09:48 - 0000132 _____ () C:\Users\Brett\AppData\Roaming\Adobe BMP Format CS5 Prefs
    2012-05-17 14:20 - 2016-03-31 10:43 - 0000132 _____ () C:\Users\Brett\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2016-06-07 09:40 - 2016-06-07 09:40 - 6867968 _____ () C:\Users\Brett\AppData\Roaming\agent.dat
    2016-06-07 09:39 - 2016-06-07 09:39 - 0128512 _____ () C:\Users\Brett\AppData\Roaming\Installer.dat
    2016-06-07 09:40 - 2016-06-07 09:40 - 0018432 _____ () C:\Users\Brett\AppData\Roaming\Main.dat
    2011-09-12 09:12 - 2011-09-15 13:08 - 0000600 _____ () C:\Users\Brett\AppData\Roaming\winscp.rnd
    2011-09-12 18:00 - 2016-04-25 14:38 - 0001456 _____ () C:\Users\Brett\AppData\Local\Adobe Save for Web 12.0 Prefs
    2013-01-14 07:29 - 2013-01-14 07:29 - 0000218 _____ () C:\Users\Brett\AppData\Local\recently-used.xbel
    2011-08-02 08:31 - 2016-06-08 17:36 - 0007597 _____ () C:\Users\Brett\AppData\Local\Resmon.ResmonCfg
    2011-08-10 10:59 - 2014-11-11 13:21 - 0021089 _____ () C:\ProgramData\hpzinstall.log
    2015-02-05 07:51 - 2016-04-21 17:30 - 0001483 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    C:\Users\Brett\ntuserdirect_MSManager.dat
    C:\Users\Brett\ntuserdirect_MyManager.dat
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Brett\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {64775044-053F-4C2A-8F55-C9D6651B4373} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {86E9C180-AD73-4B09-8900-291C2BD7FB60} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
    HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKU\S-1-5-21-1722142055-1796014379-4179580014-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
    "HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
    "HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npchrome" => key removed successfully
    C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj <==== ATTENTION => not found
    C:\Users\Brett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgnihglilniboicepgjclfiageofdfj => moved successfully
    LMIRfsClientNP => service removed successfully
    catchme => service removed successfully
    LMIInfo => service removed successfully
    VGPU => service removed successfully
    C:\Users\Brett\AppData\Roaming\Adobe BMP Format CS5 Prefs => moved successfully
    C:\Users\Brett\AppData\Roaming\Adobe PNG Format CS5 Prefs => moved successfully
    C:\Users\Brett\AppData\Roaming\agent.dat => moved successfully
    C:\Users\Brett\AppData\Roaming\Installer.dat => moved successfully
    C:\Users\Brett\AppData\Roaming\Main.dat => moved successfully
    C:\Users\Brett\AppData\Roaming\winscp.rnd => moved successfully
    C:\Users\Brett\AppData\Local\Adobe Save for Web 12.0 Prefs => moved successfully
    C:\Users\Brett\AppData\Local\recently-used.xbel => moved successfully
    C:\Users\Brett\AppData\Local\Resmon.ResmonCfg => moved successfully
    C:\ProgramData\hpzinstall.log => moved successfully
    C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => moved successfully
    C:\Users\Brett\ntuserdirect_MSManager.dat => moved successfully
    C:\Users\Brett\ntuserdirect_MyManager.dat => moved successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
    "HKU\S-1-5-21-1722142055-1796014379-4179580014-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64775044-053F-4C2A-8F55-C9D6651B4373}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64775044-053F-4C2A-8F55-C9D6651B4373}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86E9C180-AD73-4B09-8900-291C2BD7FB60}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86E9C180-AD73-4B09-8900-291C2BD7FB60}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully


    The system needed a reboot.

    ==== End of Fixlog 08:00:41 ====
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  21. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Results of screen317's Security Check version 1.014 --- 12/23/15
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    JavaFX 2.1.1
    Java 8 Update 91
    Java version 32-bit out of Date!
    Adobe Flash Player 21.0.0.242
    Mozilla Firefox (47.0)
    Google Chrome (50.0.2661.102)
    Google Chrome (51.0.2704.84)
    Google Chrome (SetupMetrics.pma..)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  22. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    When I try to run Sophos Virus Removal tool Installer, I get Error 1606 Could not access network location data.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  24. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    I shut down my computer last night, and 11 Windows Updates installed. I tried Sophos Tool again after reboot, and still the same error. I reviewed the installer log and noticed an older installation date, so I uninstalled the previous installation. I tried again and the installation was successful... so perhaps only a scare. I wanted to let you know in case you encounter that error again, it's possible to get an error that doesn't indicate that a previous installation of the tool is the culprit. The Sophos Tool scan returned ZERO threats!
     
  25. aleph8

    aleph8 TS Rookie Topic Starter Posts: 20

    Running ESET scan and is reporting 2 infected files... will post log as soon as the scan finishes.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...