Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue Killer Report Advice Needed for Deletion


  • This topic is locked This topic is locked
12 replies to this topic

#1 garyparrott

garyparrott

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 12 March 2015 - 08:16 PM

After running Rogue Killer the following entries have been found. Please advise me on what needs to be deleted. I am mainly concerned about Registry entries and AntiRootkit. Any help would be appreciated. Thanks

 

 

RogueKiller V10.5.4.0 (x64) [Mar 12 2015] by Adlice Software

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Contacts\Desktop\Utilities\File Managers\RogueKillerX64.exe
Mode : Scan -- Date : 03/12/2015  11:12:54

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] DashlanePlugin.exe(5808) -- C:\Users\Owner\AppData\Roaming\Dashlane\DashlanePlugin.exe[7] -> Killed [TermProc]
[Suspicious.Path] (SVC) WiseTdiFw -- \??\C:\windows\WiseTdiFw64.sys[7] -> ERROR [41c]

¤¤¤ Registry : 28 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FontCache3.0.0.0 (%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WiseHDInfo (\??\C:\Windows\WiseHDInfo64.dll) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WiseTdiFw (\??\C:\windows\WiseTdiFw64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WiseHDInfo (\??\C:\Windows\WiseHDInfo64.dll) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WiseTdiFw (\??\C:\windows\WiseTdiFw64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WiseHDInfo (\??\C:\Windows\WiseHDInfo64.dll) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WiseTdiFw (\??\C:\windows\WiseTdiFw64.sys) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 75.76.84.102 75.76.84.103 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 75.76.84.102 75.76.84.103 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 75.76.84.102 75.76.84.103 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C5B5C7A-B884-4533-A727-254E04E82401} | DhcpNameServer : 75.76.84.102 75.76.84.103 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C51FCF65-66BC-456C-94B6-4240A29BD3BD} | DhcpNameServer : 75.76.84.102 75.76.84.103 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8C5B5C7A-B884-4533-A727-254E04E82401} | DhcpNameServer : 75.76.84.102 75.76.84.103 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C51FCF65-66BC-456C-94B6-4240A29BD3BD} | DhcpNameServer : 75.76.84.102 75.76.84.103 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8C5B5C7A-B884-4533-A727-254E04E82401} | DhcpNameServer : 75.76.84.102 75.76.84.103 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C51FCF65-66BC-456C-94B6-4240A29BD3BD} | DhcpNameServer : 75.76.84.102 75.76.84.103 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-859170578-201559947-259595280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-859170578-201559947-259595280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-859170578-201559947-259595280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-859170578-201559947-259595280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-859170578-201559947-259595280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-859170578-201559947-259595280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-859170578-201559947-259595280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-859170578-201559947-259595280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\Owner -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\Owner\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Owner.nji") -> Found
[Suspicious.Path] \\Owner Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\Owner\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Owner Merge.nji") -> Found

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] Best Buy pc app.lnk -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\PROGRA~3\BESTBU~1\CLICKO~1.EXE "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] tjxke9jw.default-1421376829811 : Roomy Bookmarks Toolbar [ALone-live@ya.ru] -> Found
[PUP][FIREFX:Addon] tjxke9jw.default-1421376829811 : Dashlane [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BPVT-24HXZT1 +++++
--- User ---
[MBR] 89b06e76a6db471207a5b15efc20c653
[BSP] 30cb3965b979c3565ea00dc0ff6dcf32 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 565478 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1158510592 | Size: 29692 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1219319808 | Size: 15109 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate Backup+ Desk USB Device +++++
--- User ---
[MBR] b1eb6ec6e36e3c370964e8ba8a30f28f
[BSP] 4fdf44b145f76026cc74708e3ace8fac : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_03112015_192103.log



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:05 PM

Posted 16 March 2015 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Before I suggest anything I would like you to run these toos.
Let me know also what problem persists with this computer.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?

#3 garyparrott

garyparrott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 16 March 2015 - 11:27 PM

Hi Nasdaq, thanks for helping. I was beginning to think that nobody was going to respond. The computer is running hot and cold. Has been very sluggish and had a two blue screens one on Saturday when my Seagate back up drive decided to give me problems. It had not been completing scheduled back ups.  I worked with a tech from Seagate to reformat only to get 98% along and the drive lost connection so it says...

 

At the moment the computer is running ok but using a lot of resources. There seem to be a lot of files missing when I ran autoruns.

 

My autocheck start up does not work: BootExecute: autocheck autochk /p \??\H:autocheck 黃羰ë退麰Ǧ

That looks suspicious...

Plus when I ran an earlier scan in Malwarebytes on the 8th, I quarantined the following registry entry: HKCR\refile\shell\open\command

And as you will see, there are a lot of entries regarding my zip program, jZip.

 

Noted is the first log request:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/16/2015
Scan Time: 10:35:42 PM
Logfile: Malware Log March 16.txt
Administrator: No

Version: 2.00.4.1028
Malware Database: v2015.03.17.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404274
Time Elapsed: 33 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Bandoo, C:\Users\Owner\Downloads\jZipSetup-r20-n-bf.exe, Quarantined, [682e8db96f1b0d2916a7509336cb817f],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Here is the AdwCleamer report:

# AdwCleaner v4.112 - Logfile created 16/03/2015 at 23:33:32
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Contacts\Desktop\Utilities\Malware Managers\adwcleaner_4.112.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
Folder Found : C:\Program Files (x86)\jZip
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa
Folder Found : C:\Users\Owner\AppData\Local\jZip
Folder Found : C:\Users\Owner\AppData\Local\Temp\jZip

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Found : [x64] HKCU\Software\jZip
Key Found : HKLM\SOFTWARE\Classes\jZip.file
Key Found : HKLM\SOFTWARE\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[tjxke9jw.default-1421376829811] - Line Found : user_pref("extensions.dashlane.safesearchcapable", false);

-\\ Google Chrome v41.0.2272.89

*************************

AdwCleaner[R0].txt - [4571 bytes] - [11/03/2015 20:23:49]
AdwCleaner[R1].txt - [4664 bytes] - [11/03/2015 22:46:12]
AdwCleaner[R2].txt - [4723 bytes] - [11/03/2015 23:50:10]
AdwCleaner[R3].txt - [1671 bytes] - [12/03/2015 14:51:05]
AdwCleaner[R4].txt - [2635 bytes] - [13/03/2015 23:44:37]
AdwCleaner[R5].txt - [1874 bytes] - [16/03/2015 23:33:32]
AdwCleaner[S0].txt - [4244 bytes] - [12/03/2015 00:22:59]
AdwCleaner[S1].txt - [2653 bytes] - [13/03/2015 23:53:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [2051 bytes] ##########
 



#4 garyparrott

garyparrott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 16 March 2015 - 11:28 PM

Included is the FRST scan results.  I have not made any repairs in any of the programs until I hear back from you.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Owner (administrator) on OWNER-PC on 16-03-2015 23:46:03
Running from C:\Users\Owner\Contacts\Desktop\Utilities\Malware Managers
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise System Monitor\WiseSystemMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG64.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Pervasive Software Inc.) C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Sage Software, Inc.) C:\Program Files (x86)\Sage Software\Peachtree\SmartPostingService2014.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
() C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\pmbxcrnmh.exe
() C:\Users\Owner\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Users\Owner\AppData\Roaming\Dashlane\Dashlane.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-01] (Intel® Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-05-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-05-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2015-03-09] (Bitdefender)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-05-18] (Lenovo)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-13] (Seagate Technology LLC)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files (x86)\Sage Software\Peachtree\PeachtreePrefetcher.exe [320816 2013-11-07] (Sage Software, Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bdruninstaller] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"setupdownloader.exe" /args:"/token:antivirus /after_restart"
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391200 2015-02-17] (Mister Group)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1084\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-13] (Seagate Technology LLC)
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2015-03-09] (Bitdefender)
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-05] (Bitdefender)
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-05] (Bitdefender)
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Run: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\system: [NoScrSavPage] 0
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\system: [NoDispApprearancePage] 0
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\system: [NoDispCpl] 0
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-859170578-201559947-259595280-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\SysWOW64\GPhotos.scr [4550656 2013-04-02] (Google Inc.)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2015-03-09] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-05] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-05] (Bitdefender)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk /p \??\H:autocheck 黃羰ë退麰Ǧ

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-859170578-201559947-259595280-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-859170578-201559947-259595280-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-859170578-201559947-259595280-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-859170578-201559947-259595280-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-08-05] (Bitdefender)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-30] (Oracle Corporation)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2010-12-13] (Egis Technology Inc.)
BHO: PDN64BitBookMarkActivator.BookMark64BitActivator -> {887cdc33-0de3-4fd5-a5d3-eccd4b4b396c} -> C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-30] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll [2014-08-05] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-07] (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll [2010-12-13] (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-07] (Oracle Corporation)
Toolbar: HKLM - Post-it® Digital Notes - {735abc4c-9266-4008-9ef6-bc60be8de31f} - C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - Post-it® Digital Notes - {735abc4c-9266-4008-9ef6-bc60be8de31f} - C:\windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Owner\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-02-17] (Dashlane)
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
Tcpip\Parameters: [DhcpNameServer] 75.76.84.102 75.76.84.103

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjxke9jw.default-1421376829811
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-07-07] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2011-07-07] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-859170578-201559947-259595280-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-16] (Citrix Online)
FF Extension: iCloud Bookmarks - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjxke9jw.default-1421376829811\Extensions\firefoxdav@icloud.com [2015-01-22]
FF Extension: BlackFox V2 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjxke9jw.default-1421376829811\Extensions\zigboom@hotmail.com [2015-01-22]
FF Extension: FireFTP - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjxke9jw.default-1421376829811\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-17]
FF Extension: Roomy Bookmarks Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjxke9jw.default-1421376829811\Extensions\ALone-live@ya.ru.xpi [2015-01-15]
FF Extension: Copy Plain Text 2 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjxke9jw.default-1421376829811\Extensions\copyplaintext@teo.pl.xpi [2015-01-17]
FF Extension: Quit Firefox - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjxke9jw.default-1421376829811\Extensions\{22f6d978-67ce-4738-9201-d22df1c32896}.xpi [2015-01-22]
FF Extension: Stylish - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjxke9jw.default-1421376829811\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-01-22]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjxke9jw.default-1421376829811\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-15]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-05-18]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2015-03-09]
FF Extension: Dashlane - C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2015-02-18]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/?gws_rd=ssl
CHR StartupUrls: Default -> "hxxp://www.goodskins.com/beauty_of_nature/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-16]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-16]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Bitdefender Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2015-01-16]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-21]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (Dashlane) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-01-16]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-16]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-01-16]
CHR Extension: (SmallringFX DarkBlue Theme) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk [2015-03-12]
CHR Extension: (Clock and Weather forecast combo [FVD]) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgcejfcgcnbhiijhlfeilijbjenogpkp [2015-01-24]
CHR Extension: (Roomy Bookmarks Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfbpoigddhdibjcilijiejaidggonfc [2015-01-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-03-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-28]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-01-28]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-28]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-28]
CHR Extension: (Bitdefender Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2015-02-28]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-28]
CHR Extension: (Dashlane) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-02-28]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-28]
CHR Extension: (Adblock Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-02-28]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-28]
CHR HKU\S-1-5-21-859170578-201559947-259595280-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2015-03-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACT! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [81920 2009-08-24] (Sage Software, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2644816 2011-05-17] (Diskeeper Corporation)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
R2 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1084\G2AC_Service.exe [310080 2015-03-16] (Citrix Online, a division of Citrix Systems, Inc.)
R2 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [344056 2013-04-01] (Verizon) [File not signed]
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 psqlWGE; C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [436040 2013-01-08] (Pervasive Software Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)
R2 Sage 50 SmartPosting 2014; C:\Program Files (x86)\Sage Software\Peachtree\SmartPostingService2014.exe [335664 2013-11-07] (Sage Software, Inc.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
S3 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-13] (Seagate Technology LLC)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-05] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2015-03-09] (Bitdefender)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580648 2012-07-17] (WiseCleaner.com) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-08] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-12-08] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-16] (Malwarebytes Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2012-12-05] (CACE Technologies, Inc.)
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-03-09] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2015-02-12] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2015-02-12] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2015-02-12] (IBM Corp.)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-03-12] ()
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2015-03-09] (BitDefender S.R.L.)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-05-16] (Acronis International GmbH)
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-06-14] (Acronis)
R3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [11304 2014-10-11] (wisecleaner.com)
R1 WiseTdiFw; C:\windows\WiseTdiFw64.sys [31272 2015-01-12] (WiseCleaner.com)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SoftwareService; No ImagePath
U2 Stereo Service; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys 823133D7546AF73154B2CB90CC51F795
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 257E0B830D4C369FF615C75E696D4D8E
C:\Windows\System32\Drivers\RapportKE64.sys 3A6E6D55966C2349CA27924440FDBE1B
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 033255B28400ABD893837AD79BC8BEAA
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpdispm.sys BDF2DB2F19945AFAF102A2C03062EFB1
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUVStor.sys E54A5586A28D0630A79A68BBAB84BFCF
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Apsx64.sys C10D453B07E3E7E00E5103BBA9BAD524
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 8DF6C536ECE3B538978B53C223AB905D
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tifsfilt.sys 3E24B7FE52BC455DA8D6E2CC2B4CA23F
C:\Windows\System32\DRIVERS\ApsHM64.sys 74868C001C7214FBD88B1A57EBB04811
C:\Windows\System32\drivers\Tppwr64v.sys 7165B5A9B4867F64A6D6935F57D4196B
C:\Windows\System32\drivers\TrueSight.sys 531121E7ED50084B493A69F8F8A7A927
C:\Windows\System32\DRIVERS\trufos.sys 3E75A47D2DEFD2683DCA409572FBE8B2
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vididr.sys 35E8A18D1C558D5C2FF2FFED2FD396F6
C:\Windows\System32\DRIVERS\vidsflt.sys 0DCD5C8F2E0B3650C4A29F6569C074FD
C:\Windows\System32\DRIVERS\vsflt61.sys 2DFD1EB9DE564460003DE1605A275E8D
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917
C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C
C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20
C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\WDKMD.sys 94DC2BF6CBAAA95E369C3756D3115A76
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\WiseHDInfo64.dll BA191DC6E622D192D32141CA06D81624
C:\windows\WiseTdiFw64.sys CC67C0673022F03894EF29AEC852E590
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== Three Months Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 23:44 - 2015-03-16 23:44 - 00000000 ___SH () C:\DkHyperbootSync
2015-03-16 19:18 - 2015-03-16 23:03 - 00000544 _____ () C:\windows\Tasks\Owner.job
2015-03-16 17:41 - 2015-03-16 19:18 - 00003012 _____ () C:\windows\System32\Tasks\Owner
2015-03-16 17:41 - 2015-03-16 17:41 - 00003720 _____ () C:\windows\System32\Tasks\Owner Merge
2015-03-16 16:45 - 2015-03-16 16:45 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-03-16 16:44 - 2015-03-16 16:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Citrix
2015-03-16 16:10 - 2015-03-16 16:10 - 00132592 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-16 16:08 - 2015-03-16 23:27 - 00054264 _____ () C:\windows\WindowsUpdate.log
2015-03-16 16:08 - 2015-03-16 23:16 - 00000168 _____ () C:\windows\setupact.log
2015-03-16 16:08 - 2015-03-16 16:08 - 00000000 _____ () C:\windows\setuperr.log
2015-03-16 16:06 - 2015-03-16 23:15 - 00000712 _____ () C:\windows\PFRO.log
2015-03-16 16:06 - 2015-03-16 16:08 - 00555504 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-16 12:19 - 2015-03-16 12:19 - 00000269 _____ () C:\windows\pvsw.log
2015-03-16 09:52 - 2015-03-16 09:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Wise PC 1stAid
2015-03-16 09:52 - 2015-03-16 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise PC 1stAid
2015-03-16 09:49 - 2015-03-16 09:50 - 38267440 _____ () C:\Users\Owner\Downloads\iPhoneCarePro32trial(616270).exe
2015-03-16 09:44 - 2015-03-16 09:44 - 03784904 _____ (WiseCleaner.com ) C:\Users\Owner\Downloads\WPCASetup.exe
2015-03-16 02:21 - 2015-03-16 02:21 - 00000999 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
2015-03-16 02:20 - 2015-03-16 02:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\jZip
2015-03-16 02:20 - 2015-03-16 02:21 - 00000000 ____D () C:\Program Files (x86)\jZip
2015-03-16 02:12 - 2015-03-16 02:13 - 00588816 _____ () C:\Users\Owner\Downloads\Autoruns(1).zip
2015-03-16 00:29 - 2015-03-16 01:44 - 00000000 ____D () C:\Program Files\Soluto
2015-03-14 17:44 - 2015-03-14 17:44 - 00881846 _____ (Xtreme-LAb® ) C:\Users\Owner\Downloads\tr161_setup.exe
2015-03-13 11:24 - 2015-03-13 11:24 - 03549696 _____ (Acronis) C:\Users\Owner\Downloads\atih_cleanup_tool_s_e.exe
2015-03-13 09:48 - 2015-03-13 09:48 - 01376768 _____ () C:\Users\Owner\Downloads\7z920-x64.msi
2015-03-13 09:39 - 2015-03-13 09:39 - 12682411 _____ () C:\Users\Owner\Downloads\seagate-firmware-updater-1.2.2.dmg
2015-03-13 09:36 - 2015-03-13 09:37 - 00865928 _____ () C:\Users\Owner\Downloads\drivedetect(1).exe
2015-03-13 02:03 - 2015-03-13 02:03 - 00000000 ____D () C:\ProgramData\bdch
2015-03-12 20:53 - 2015-03-12 20:53 - 00000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2015-03-12 20:41 - 2015-03-12 20:41 - 00000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2015-03-12 20:41 - 2013-09-27 22:56 - 00285208 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2015-03-12 20:17 - 2015-03-12 20:17 - 00227178 _____ () C:\Users\Owner\Downloads\kavremvr 2015-03-12 20-17-23 (pid 1352).log
2015-03-12 20:14 - 2015-03-12 20:14 - 00009374 _____ () C:\Users\Owner\Downloads\startuplist.txt
2015-03-12 16:36 - 2015-03-12 16:38 - 00052963 _____ () C:\Users\Owner\Downloads\Addition.txt
2015-03-12 16:34 - 2015-03-16 23:46 - 00000000 ____D () C:\FRST
2015-03-12 16:34 - 2015-03-13 11:53 - 00082503 _____ () C:\Users\Owner\Downloads\FRST.txt
2015-03-12 15:38 - 2015-03-12 15:38 - 00000000 _____ () C:\autoexec.bat
2015-03-12 15:36 - 2015-03-12 15:36 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-11 22:24 - 2015-03-13 01:53 - 00000000 ____D () C:\ProgramData\SystemExplorer
2015-03-11 22:24 - 2015-03-11 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-03-11 22:24 - 2015-03-11 22:24 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2015-03-11 20:23 - 2015-03-16 23:44 - 00000000 ____D () C:\AdwCleaner
2015-03-11 14:00 - 2015-03-12 21:44 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-03-11 14:00 - 2015-03-11 14:09 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-11 00:49 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 00:49 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 00:49 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 00:49 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 00:49 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 00:49 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 00:49 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 00:49 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 00:49 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 00:49 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 00:49 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 00:49 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 00:49 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 00:49 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 00:49 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 00:49 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 00:49 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 00:49 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 00:49 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-11 00:49 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-11 00:49 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 00:49 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-11 00:49 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-11 00:49 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-11 00:49 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-11 00:49 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-11 00:49 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-11 00:49 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-11 00:49 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-11 00:49 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-11 00:49 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-11 00:49 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 00:49 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 00:49 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-03-11 00:49 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 00:49 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 00:49 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-03-11 00:48 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 00:48 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-11 00:48 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 00:48 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-11 00:48 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 00:48 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 00:48 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 00:48 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 00:48 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 00:48 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 00:48 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 00:48 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 00:48 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 00:48 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 00:48 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 00:48 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 00:48 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 00:48 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 00:48 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 00:48 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 00:48 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-11 00:48 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-11 00:48 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-11 00:48 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-11 00:48 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-11 00:48 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-11 00:48 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-11 00:48 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-11 00:48 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-11 00:48 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 00:48 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 00:48 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-11 00:48 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-11 00:47 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 00:47 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-11 00:46 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 00:46 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 00:46 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 00:46 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 00:46 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-11 00:46 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 00:46 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-11 00:46 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-11 00:46 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 00:46 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 00:46 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 00:46 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 00:46 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 00:46 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-11 00:45 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 00:45 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 00:45 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-11 00:45 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 00:45 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 00:45 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-11 00:45 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 00:45 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 00:45 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 00:45 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 00:45 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 00:45 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 00:45 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 00:45 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 00:45 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 00:45 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 00:45 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 00:45 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 00:45 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 00:45 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 00:45 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 00:45 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 00:45 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 00:45 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 00:45 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 00:45 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-11 00:45 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 00:45 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 00:45 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 00:45 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 00:45 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-03-11 00:45 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-03-11 00:45 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-11 00:45 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 00:45 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 00:45 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-11 00:45 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-03-11 00:45 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-11 00:45 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-03-11 00:45 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-11 00:45 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 00:45 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 00:45 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 00:45 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 00:45 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 00:45 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 00:45 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-03-11 00:45 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 00:45 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 00:45 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 00:45 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 00:45 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-03-11 00:45 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 00:45 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 00:45 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 00:45 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 00:45 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-11 00:45 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 00:45 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 00:36 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 00:36 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-09 18:30 - 2015-02-12 10:00 - 00535576 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
2015-03-09 18:28 - 2015-03-09 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-03-09 18:28 - 2015-03-09 18:28 - 00000000 ____D () C:\Program Files (x86)\Trusteer
2015-03-09 17:48 - 2015-03-09 17:49 - 00436504 _____ (IBM Corp.) C:\Users\Owner\Downloads\RapportSetup(1).exe
2015-03-09 11:48 - 2015-03-09 11:48 - 00480985 _____ () C:\ProgramData\1425915670.bdinstall.bin
2015-03-09 11:48 - 2015-03-09 11:48 - 00000684 ____H () C:\bdr-cf01
2015-03-09 11:48 - 2015-03-09 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender
2015-03-09 11:47 - 2015-03-09 11:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Bitdefender
2015-03-09 11:45 - 2015-03-09 11:48 - 00253404 ____H () C:\bdr-ld01
2015-03-09 11:45 - 2015-03-09 11:48 - 00009216 ____H () C:\bdr-ld01.mbr
2015-03-09 11:45 - 2013-09-24 16:38 - 46879860 ____H () C:\bdr-im01.gz
2015-03-09 11:45 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01
2015-03-09 11:44 - 2015-03-09 12:40 - 00452040 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2015-03-09 11:44 - 2015-03-09 11:44 - 00000000 ____D () C:\Program Files\Bitdefender
2015-03-09 11:44 - 2013-08-23 13:48 - 00150256 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys
2015-03-09 11:39 - 2015-03-09 11:39 - 02868840 _____ () C:\Users\Owner\Downloads\bitdefender_antivirus.exe
2015-03-08 23:07 - 2015-03-08 23:07 - 00573697 _____ () C:\Users\Owner\Downloads\Autoruns.zip
2015-03-08 20:22 - 2015-03-08 20:27 - 00560240 _____ () C:\Users\Owner\Downloads\kavremvr 2015-03-08 20-22-07 (pid 1476).log
2015-03-08 19:27 - 2015-03-08 19:27 - 00000000 ____D () C:\Program Files\ReviverSoft
2015-03-08 19:07 - 2015-03-16 23:22 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 19:07 - 2015-03-08 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-08 19:07 - 2015-03-08 19:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-08 19:07 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-08 19:07 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-03-08 19:07 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-08 19:03 - 2015-03-08 19:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-08 17:45 - 2015-03-16 17:23 - 00007597 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2015-03-08 17:34 - 2015-03-08 17:35 - 02864440 _____ () C:\Users\Owner\Downloads\bitdefender_tsecurity_ADRLPrypkl2cVvXNvPlN4NXQJHw.exe
2015-03-08 17:24 - 2015-03-08 17:52 - 00000000 ____D () C:\ProgramData\Dumps
2015-03-07 12:35 - 2015-03-07 12:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Innovative Solutions
2015-03-07 12:35 - 2015-03-07 12:35 - 00000000 ____D () C:\Program Files (x86)\Innovative Solutions
2015-03-07 12:33 - 2015-03-07 12:33 - 01222976 _____ (Innovative Solutions ) C:\Users\Owner\Downloads\System_Tray_Cleaner.exe
2015-03-07 12:03 - 2015-03-07 12:09 - 108052480 _____ () C:\windows\system32\config\software.efr
2015-03-06 16:46 - 2015-03-06 16:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-04 17:32 - 2015-03-04 17:32 - 05325696 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup.exe
2015-02-28 16:06 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-28 16:06 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-28 16:06 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-28 16:06 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-28 10:28 - 2015-02-28 11:27 - 00000000 ___RD () C:\Users\Owner\Google Drive
2015-02-28 10:23 - 2015-02-28 10:23 - 00880208 _____ (Google Inc.) C:\Users\Owner\Downloads\googledrivesync (1).exe
2015-02-27 19:00 - 2015-02-27 19:00 - 04577045 _____ () C:\Users\Owner\Downloads\updraftplus.zip
2015-02-27 10:34 - 2015-02-28 19:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 10:33 - 2015-02-27 10:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-02-27 10:30 - 2015-02-27 10:30 - 26771088 _____ () C:\Users\Owner\Downloads\SeaToolsforWindowsSetup.exe
2015-02-27 10:21 - 2015-02-27 10:21 - 00865928 _____ () C:\Users\Owner\Downloads\drivedetect.exe
2015-02-26 21:39 - 2015-02-26 21:39 - 04693975 _____ () C:\Users\Owner\Downloads\updraftplus.1.9.60.zip
2015-02-26 09:15 - 2015-02-26 09:15 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-02-26 09:15 - 2015-02-26 09:15 - 00000000 ____D () C:\ProgramData\Nero
2015-02-26 09:15 - 2015-02-26 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-02-25 10:36 - 2015-02-25 11:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 03:02 - 2015-01-08 19:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 03:02 - 2015-01-08 19:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-24 21:20 - 2015-02-24 21:21 - 00033941 _____ () C:\Users\Owner\Downloads\smooth-page-scroll-updown-buttons.1.2.zip
2015-02-24 21:11 - 2015-02-24 21:11 - 00006264 _____ () C:\Users\Owner\Downloads\easy-scroll-up.zip
2015-02-21 18:15 - 2015-02-21 18:15 - 00075855 _____ () C:\Users\Owner\Downloads\google-maps-widget.2.20.zip
2015-02-20 20:38 - 2015-02-20 20:38 - 01011912 _____ () C:\Users\Owner\Downloads\make.1.4.9(1).zip
2015-02-20 20:34 - 2015-02-20 20:35 - 01011912 _____ () C:\Users\Owner\Downloads\make.1.4.9.zip
2015-02-20 20:03 - 2015-02-20 20:04 - 00479647 _____ () C:\Users\Owner\Downloads\make-plus-1.5.0.zip
2015-02-18 12:23 - 2015-02-18 12:23 - 00004096 ____H () C:\Users\Owner\AppData\Local\keyfile3.drm
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\windows\SysWOW64\FM20.DLL
2015-02-12 13:53 - 2015-03-16 23:20 - 00000000 ___RD () C:\Users\Owner\iCloudDrive
2015-02-12 13:53 - 2015-02-12 13:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Inc
2015-02-10 20:58 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 20:58 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 20:58 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 20:58 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 20:58 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 20:58 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-10 20:58 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 20:58 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-10 20:55 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 20:55 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-10 20:54 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 20:54 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-09 20:55 - 2015-02-09 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-09 20:54 - 2015-02-09 20:55 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-09 20:54 - 2015-02-09 20:55 - 00000000 ____D () C:\Program Files\iTunes
2015-02-09 20:54 - 2015-02-09 20:54 - 00000000 ____D () C:\Program Files\iPod
2015-02-09 20:54 - 2015-02-09 20:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-09 20:47 - 2015-02-09 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-02-05 09:21 - 2015-02-05 09:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Wise Auto Shutdown
2015-02-05 09:21 - 2015-02-05 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Auto Shutdown
2015-02-04 22:25 - 2015-02-04 22:25 - 05070512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-02 19:59 - 2015-03-16 23:17 - 00000462 _____ () C:\windows\Tasks\Wise System Monitor.job
2015-02-02 19:59 - 2015-02-02 20:30 - 00002888 _____ () C:\windows\System32\Tasks\Wise System Monitor
2015-02-02 19:58 - 2015-02-02 20:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Wise System Monitor
2015-02-02 19:58 - 2015-02-02 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise System Monitor
2015-02-02 19:58 - 2015-01-12 16:27 - 00031272 _____ (WiseCleaner.com) C:\windows\WiseTDIFw64.sys
2015-02-02 19:58 - 2015-01-12 16:27 - 00024616 _____ (WiseCleaner.com) C:\windows\WiseTDIFw.sys
2015-02-02 19:58 - 2014-10-11 11:36 - 00011304 _____ (wisecleaner.com) C:\windows\WiseHDInfo64.dll
2015-02-02 19:58 - 2014-10-11 11:36 - 00010792 _____ () C:\windows\WiseHDInfo32.dll
2015-02-01 23:28 - 2015-02-01 23:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live Writer
2015-02-01 23:28 - 2015-02-01 23:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Windows Live Writer
2015-01-30 15:07 - 2015-01-30 15:07 - 00000000 ____D () C:\Users\Owner\AppData\Temp
2015-01-30 15:03 - 2015-01-30 15:03 - 00000000 ____D () C:\windows\en
2015-01-30 15:02 - 2015-01-30 15:02 - 00001374 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-01-30 15:02 - 2015-01-30 15:02 - 00001305 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-01-30 14:59 - 2015-03-09 09:00 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-30 14:58 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2015-01-30 14:58 - 2010-06-02 05:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2015-01-30 14:58 - 2010-06-02 05:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2015-01-30 14:58 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2015-01-30 14:58 - 2010-05-26 12:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2015-01-30 14:58 - 2010-05-26 12:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2015-01-30 14:58 - 2010-05-26 12:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2015-01-30 14:58 - 2010-05-26 12:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2015-01-30 14:57 - 2009-09-04 18:29 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2015-01-30 14:57 - 2009-09-04 18:29 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll
2015-01-30 14:56 - 2015-01-30 14:56 - 00002170 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-30 14:56 - 2015-01-30 14:56 - 00002096 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-30 14:56 - 2015-01-30 14:56 - 00002096 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-30 14:56 - 2015-01-30 14:56 - 00000000 ___RD () C:\Users\Owner\OneDrive
2015-01-30 14:56 - 2015-01-30 14:56 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-30 14:56 - 2015-01-30 14:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-30 14:56 - 2006-11-29 14:06 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll
2015-01-30 14:56 - 2006-11-29 14:06 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll
2015-01-30 14:51 - 2015-01-30 14:51 - 01239752 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-web.exe
2015-01-30 10:37 - 2015-01-30 10:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\{A324FEA6-8622-49E9-A5F9-225CBD3BF4A2}
2015-01-29 11:13 - 2015-01-29 11:13 - 00000000 ____D () C:\Users\Owner\AppData\Local\{9647AF14-363A-48C7-A6D3-6A44B7C1AA7F}
2015-01-28 16:22 - 2015-01-28 16:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\{63316599-CCE6-4479-848A-69071DF491EB}
2015-01-28 10:27 - 2015-01-28 10:27 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-28 01:07 - 2015-01-28 01:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\{8689DA4A-EFE8-49AF-AEF0-6BB5BC7C99E7}
2015-01-26 19:32 - 2015-01-26 19:32 - 00000056 _____ () C:\windows\system32\bdsandbox.txt
2015-01-24 10:55 - 2015-01-24 14:29 - 00000000 ____D () C:\Users\Owner\Documents\Bookmarks
2015-01-23 13:20 - 2015-01-23 13:20 - 00000000 ____D () C:\Users\Owner\AppData\Local\{142C4344-2F3F-4C80-A38D-4A77793B6E67}
2015-01-21 12:38 - 2015-01-21 13:42 - 00000000 ____D () C:\Program Files (x86)\Spamihilator
2015-01-21 12:37 - 2015-01-21 12:37 - 00970912 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120.dll
2015-01-21 12:37 - 2015-01-21 12:37 - 00455328 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120.dll
2015-01-21 12:37 - 2015-01-21 12:37 - 00247984 _____ (Microsoft Corporation) C:\windows\SysWOW64\vccorlib120.dll
2015-01-21 01:10 - 2015-01-21 01:22 - 00000000 ____D () C:\ProgramData\Cloudmark
2015-01-21 00:38 - 2015-01-21 13:32 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Spamihilator
2015-01-21 00:36 - 2015-01-21 00:36 - 00963232 _____ (Microsoft Corporation) C:\windows\system32\msvcr120.dll
2015-01-21 00:36 - 2015-01-21 00:36 - 00660128 _____ (Microsoft Corporation) C:\windows\system32\msvcp120.dll
2015-01-21 00:36 - 2015-01-21 00:36 - 00356528 _____ (Microsoft Corporation) C:\windows\system32\vccorlib120.dll
2015-01-16 12:09 - 2015-01-16 12:09 - 00000000 ____D () C:\Users\Owner\AppData\Local\Skype
2015-01-16 12:08 - 2015-02-09 12:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2015-01-16 12:08 - 2015-01-16 12:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-16 12:08 - 2015-01-16 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-16 12:06 - 2015-01-16 12:06 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Owner\Downloads\SkypeSetup.exe
2015-01-16 11:17 - 2015-01-16 11:17 - 00000000 ____D () C:\Users\Owner\Documents\Google
2015-01-16 10:31 - 2015-01-16 10:31 - 00880784 _____ (Google Inc.) C:\Users\Owner\Downloads\googledrivesync.exe
2015-01-16 09:26 - 2015-01-16 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-16 09:25 - 2015-03-16 23:37 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 09:25 - 2015-03-16 23:18 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 09:25 - 2015-03-08 21:06 - 00003652 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-16 09:25 - 2015-02-03 19:32 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-16 09:23 - 2015-01-16 09:24 - 00880784 _____ (Google Inc.) C:\Users\Owner\Downloads\ChromeSetup.exe
2015-01-14 13:06 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 13:06 - 2014-12-18 21:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 13:06 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 13:06 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 13:06 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 13:06 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-07 15:38 - 2015-01-07 15:38 - 00002042 _____ () C:\Users\Public\Desktop\FreeStyle CoPilot Health Management System.lnk
2015-01-07 15:38 - 2015-01-07 15:38 - 00001938 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeStyle CoPilot Health Management System.lnk
2015-01-07 15:38 - 2015-01-07 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeStyle CoPilot Health Management System
2015-01-07 15:38 - 2015-01-07 15:38 - 00000000 ____D () C:\ProgramData\AbbottDiabetesCare
2015-01-07 15:38 - 2015-01-07 15:38 - 00000000 ____D () C:\Program Files (x86)\CoPilot Health Management System
2015-01-07 15:36 - 2015-01-07 15:36 - 23908188 _____ () C:\Users\Owner\Downloads\CoPilot_Setup.exe
2015-01-01 22:50 - 2015-03-16 01:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-12-30 13:22 - 2014-12-30 13:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\{739BF5CC-D9C7-4669-9FCD-50072420A281}
2014-12-30 09:56 - 2015-03-08 16:28 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-12-29 15:19 - 2015-02-13 09:10 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-29 15:17 - 2014-12-29 15:17 - 00324112 _____ (Dropbox, Inc.) C:\Users\Owner\Downloads\DropboxInstaller.exe
2014-12-27 15:56 - 2014-12-27 15:56 - 00021673 _____ () C:\HijackPatrol.log
2014-12-27 13:43 - 2015-02-26 19:24 - 00000000 ____D () C:\Program Files (x86)\ATT
2014-12-27 13:37 - 2014-12-27 13:37 - 00094000 _____ () C:\Users\Owner\Downloads\windows__df179868-9988-43b5-a346-22978465abc7__.exe
2014-12-25 14:53 - 2014-12-25 14:53 - 00657408 _____ () C:\Users\Owner\Downloads\MicrosoftFixit50463.msi
2014-12-24 11:50 - 2014-12-24 11:50 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-21 10:25 - 2014-12-21 10:26 - 11061527 _____ () C:\Users\Owner\Documents\Firefox 34.0.5 (x86 en-US) - 2014-12-21.pcv
2014-12-20 19:23 - 2014-12-24 11:48 - 00000000 ____D () C:\Program Files (x86)\CodeStuff
2014-12-20 19:21 - 2014-12-20 19:22 - 00680340 _____ () C:\Users\Owner\Downloads\StarterSetup.zip
2014-12-19 22:06 - 2014-12-19 22:13 - 00000000 ____D () C:\Program Files (x86)\Eusing Free Registry Defrag
2014-12-19 22:06 - 2014-12-19 22:06 - 00001039 _____ () C:\Users\Owner\Desktop\Eusing Free Registry Defrag.lnk
2014-12-19 22:06 - 2014-12-19 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Defrag
2014-12-19 22:05 - 2014-12-19 22:06 - 01154356 _____ () C:\Users\Owner\Downloads\EFRDSetup.exe
2014-12-19 13:24 - 2014-12-19 13:24 - 00002560 _____ () C:\windows\_MSRSTRT.EXE
2014-12-19 13:13 - 2014-12-19 13:26 - 00000000 ____D () C:\Program Files (x86)\Eusing Utilities
2014-12-19 13:13 - 2014-12-19 13:13 - 00001014 _____ () C:\Users\Owner\Desktop\Eusing Utilities.lnk
2014-12-19 13:07 - 2014-12-19 13:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Eusing
2014-12-19 13:06 - 2014-12-19 13:06 - 00983039 _____ () C:\Users\Owner\Downloads\EFRCSetup.exe
2014-12-18 17:37 - 2014-12-18 17:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\{4EB47F54-9CC9-4CE7-98CF-A622B74B1AE2}
2014-12-16 23:06 - 2014-12-16 23:06 - 01261288 _____ (WiseCleaner.com ) C:\Users\Owner\Downloads\WMOSetup(1).exe
2014-12-16 18:59 - 2014-12-16 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Soluto
2014-12-16 17:59 - 2014-12-16 17:59 - 01514048 _____ (Soluto Inc) C:\Users\Owner\Downloads\solutoinstaller-k91jb56fq48n_s423690405.exe
2014-12-16 17:57 - 2015-03-16 01:44 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-12-16 17:57 - 2014-12-24 17:46 - 00000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-12-16 17:56 - 2015-03-16 01:44 - 00000000 ____D () C:\ProgramData\Soluto

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 23:25 - 2012-06-18 07:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-16 23:24 - 2009-07-14 00:45 - 00037024 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-16 23:24 - 2009-07-14 00:45 - 00037024 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-16 23:20 - 2013-02-23 01:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Wise Care 365
2015-03-16 23:20 - 2011-05-18 22:33 - 00000000 ____D () C:\ProgramData\VeriFace
2015-03-16 23:18 - 2011-05-18 22:37 - 02240256 _____ () C:\windows\system32\TPHDLOG0.LOG
2015-03-16 23:18 - 2011-05-18 22:33 - 06855675 _____ () C:\FaceProv.log
2015-03-16 23:18 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2015-03-16 23:17 - 2013-02-23 01:31 - 00000422 _____ () C:\windows\Tasks\Wise Care 365.job
2015-03-16 23:17 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-16 23:15 - 2011-05-18 22:19 - 00000000 ____D () C:\windows\Options
2015-03-16 23:11 - 2011-05-18 22:37 - 00587456 _____ () C:\windows\system32\TPAPSLOG.LOG
2015-03-16 20:08 - 2011-07-15 00:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\MailWasherPro
2015-03-16 19:17 - 2011-07-17 00:07 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D57D7154-C8C1-42F2-9DDB-B93E99556431}
2015-03-16 16:09 - 2011-12-18 09:40 - 00000466 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2015-03-16 11:15 - 2011-07-16 12:16 - 00000000 ____D () C:\Users\Owner\Documents\Personal
2015-03-16 11:00 - 2011-12-18 09:40 - 00003492 _____ () C:\windows\System32\Tasks\SystemToolsDailyTest
2015-03-16 11:00 - 2011-12-18 09:40 - 00003448 _____ () C:\windows\System32\Tasks\PCDEventLauncher
2015-03-16 11:00 - 2009-07-14 01:13 - 00007162 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-16 09:52 - 2013-02-22 00:38 - 00000000 ____D () C:\Program Files (x86)\Wise
2015-03-16 08:39 - 2012-10-23 01:09 - 00001022 _____ () C:\windows\BRCALIB.INI
2015-03-16 01:30 - 2013-05-16 14:43 - 00000000 ____D () C:\windows\Minidump
2015-03-15 23:35 - 2011-07-14 02:09 - 00003204 _____ () C:\windows\System32\Tasks\{A8E62B8A-882D-4B94-AE0E-3A1B35D5983A}
2015-03-15 20:25 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2015-03-15 19:23 - 2014-01-08 11:46 - 00269312 ___SH () C:\Users\Owner\Downloads\Thumbs.db
2015-03-13 23:09 - 2014-12-12 12:32 - 00000000 ____D () C:\ProgramData\InstallMate
2015-03-12 18:36 - 2013-08-27 18:53 - 00003290 _____ () C:\windows\System32\Tasks\{978D68CB-BC8C-411B-B624-401118682AED}
2015-03-12 18:36 - 2013-01-22 09:59 - 00003124 _____ () C:\windows\System32\Tasks\{91384A3C-E652-4AA5-A769-557EBC6110CC}
2015-03-12 18:36 - 2012-03-07 13:29 - 00003138 _____ () C:\windows\System32\Tasks\{23350F9C-0FA8-484B-B815-FA9AC5E459E3}
2015-03-12 18:36 - 2012-03-07 13:17 - 00003158 _____ () C:\windows\System32\Tasks\{A5EB4EE5-B961-4153-91B8-BE7C7CE9F40C}
2015-03-12 18:36 - 2011-09-05 16:24 - 00003242 _____ () C:\windows\System32\Tasks\{A101592A-85FF-4579-9E01-4BDE1DF6CA7B}
2015-03-12 18:36 - 2011-09-05 15:17 - 00003204 _____ () C:\windows\System32\Tasks\{730170B9-C15C-4CDC-9B45-AAB2BB5D2529}
2015-03-12 18:36 - 2011-08-08 10:05 - 00003232 _____ () C:\windows\System32\Tasks\{0AFF3E7E-BFA8-4F7B-9353-FAC3D29B837E}
2015-03-12 18:36 - 2011-07-21 16:37 - 00003196 _____ () C:\windows\System32\Tasks\{57FB7647-B4B5-499B-8411-7CBD35C8E539}
2015-03-12 01:05 - 2014-07-27 14:12 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\WiseUpdate
2015-03-11 01:29 - 2011-07-14 01:36 - 00000000 ___RD () C:\Users\Owner\Virtual Machines
2015-03-11 01:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-11 01:09 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-11 01:05 - 2011-07-14 02:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-09 11:50 - 2014-05-24 16:30 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-03-09 11:44 - 2014-05-24 16:21 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-03-09 09:04 - 2011-05-18 22:41 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-03-09 09:00 - 2011-05-18 22:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-08 17:25 - 2014-05-24 16:39 - 00000000 ____D () C:\ProgramData\BDLogging
2015-03-08 17:09 - 2013-07-22 23:38 - 00000000 ____D () C:\windows\system32\MRT
2015-03-08 16:47 - 2011-07-07 15:12 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-08 16:28 - 2011-11-03 10:42 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-03-07 09:49 - 2012-05-03 10:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 11:56 - 2011-07-22 01:24 - 00000000 ____D () C:\Users\Owner\Documents\Youcam
2015-03-04 17:33 - 2011-07-17 00:44 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-01 09:21 - 2011-12-18 09:40 - 00000528 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-02-28 21:33 - 2011-12-18 09:40 - 00004232 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-28 21:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\tracing
2015-02-28 11:44 - 2011-07-07 14:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-02-28 11:44 - 2011-05-18 22:43 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-28 10:28 - 2011-07-07 13:44 - 00000000 ____D () C:\Users\Owner
2015-02-28 10:10 - 2011-07-14 02:26 - 00000000 ____D () C:\Users\Owner\Documents\Ferro Arte
2015-02-27 10:33 - 2014-10-22 10:12 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-02-26 19:25 - 2012-05-25 10:31 - 00000000 ____D () C:\Program Files\Common Files\Motive
2015-02-26 09:16 - 2013-07-15 23:25 - 00003492 _____ () C:\windows\System32\Tasks\Owner DBAgent 2 0
2015-02-26 09:16 - 2013-07-15 23:24 - 00003504 _____ () C:\windows\System32\Tasks\Seagate_Install_Launch
2015-02-18 22:33 - 2013-12-25 16:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dashlane

==================== Files in the root of some directories =======

2013-06-21 19:26 - 2013-12-11 09:05 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2011-07-14 16:44 - 2011-07-14 16:44 - 21046160 _____ (Sage Software                                                ) C:\Users\Owner\AppData\Roaming\ACT1200HotFix_SS.exe
2011-07-14 16:52 - 2011-07-14 16:52 - 0000000 ____H () C:\Users\Owner\AppData\Roaming\ActUpdate.log
2011-07-14 16:49 - 2011-07-14 16:49 - 0030546 _____ () C:\Users\Owner\AppData\Roaming\NGEN_AppLog_Install.txt
2011-07-16 01:22 - 2011-07-16 01:22 - 0000060 _____ () C:\Users\Owner\AppData\Roaming\WebThread.log
2015-03-12 20:41 - 2015-03-12 20:41 - 0000036 _____ () C:\Users\Owner\AppData\Local\housecall.guid.cache
2015-02-18 12:23 - 2015-02-18 12:23 - 0004096 ____H () C:\Users\Owner\AppData\Local\keyfile3.drm
2015-03-08 17:45 - 2015-03-16 17:23 - 0007597 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2015-03-12 20:53 - 2015-03-12 20:53 - 0000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2012-06-18 16:33 - 2012-06-18 16:52 - 0017408 _____ () C:\Users\Owner\AppData\Local\WebpageIcons.db
2014-05-24 16:41 - 2014-05-24 16:41 - 0577071 _____ () C:\ProgramData\1400963340.bdinstall.bin
2015-03-09 11:48 - 2015-03-09 11:48 - 0480985 _____ () C:\ProgramData\1425915670.bdinstall.bin
2013-04-11 12:20 - 2013-04-11 12:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-07-14 16:52 - 2011-07-14 16:52 - 0000088 __RSH () C:\ProgramData\CDA5616F81.sys
2013-08-15 15:27 - 2013-08-15 17:53 - 0008956 _____ () C:\ProgramData\hpzinstall.log
2011-07-14 16:52 - 2015-02-09 10:11 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-12-16 17:57 - 2014-12-24 17:46 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {95a8ae8b-81fd-11e0-a841-f0def15ca230}
displayorder            {current}
toolsdisplayorder       {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
                        {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {95a8ae8d-81fd-11e0-a841-f0def15ca230}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {95a8ae8b-81fd-11e0-a841-f0def15ca230}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {95a8ae8d-81fd-11e0-a841-f0def15ca230}
device                  ramdisk=[C:]\Recovery\95a8ae8d-81fd-11e0-a841-f0def15ca230\Winre.wim,{95a8ae8e-81fd-11e0-a841-f0def15ca230}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\95a8ae8d-81fd-11e0-a841-f0def15ca230\Winre.wim,{95a8ae8e-81fd-11e0-a841-f0def15ca230}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {95a8ae8b-81fd-11e0-a841-f0def15ca230}
device                  partition=C:
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Real-mode Boot Sector
---------------------
identifier              {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
device                  partition=C:
path                    \bdr-ld01.mbr
description             Bitdefender Rescue Mode - Windows 7 Professional SP 1 (x64)

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {95a8ae8e-81fd-11e0-a841-f0def15ca230}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\95a8ae8d-81fd-11e0-a841-f0def15ca230\boot.sdi



LastRegBack: 2015-03-15 20:18

==================== End Of Log ============================



#5 garyparrott

garyparrott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 16 March 2015 - 11:30 PM

And the Addistions report:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Owner at 2015-03-16 23:47:33
Running from C:\Users\Owner\Contacts\Desktop\Utilities\Malware Managers
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

123 PDF to Image Professional v1.5 (HKLM-x32\...\123 PDF to Image Professional_is1) (Version:  - FreePDFtoImage.com)
123 PDF to Image v1.5 (HKLM-x32\...\123 PDF to Image_is1) (Version:  - FreePDFtoImage.com)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ACT! by Sage 2010 (HKLM-x32\...\InstallShield_{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}) (Version: 12.0.0.0 - Sage Software, Inc.)
ACT! by Sage 2010 (x32 Version: 12.0.0.0 - Sage Software, Inc.) Hidden
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.11 - Lenovo)
AddressGrabber Standard 2010 (HKLM-x32\...\{C825FC48-5DB7-478F-89ED-8613C966153C}) (Version: 1.0 - eGrabber)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 17.28.0.1191 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
CardScan 8.0.5 (HKLM-x32\...\{8A3E7E93-7749-4D37-8975-75BEB9A47ECC}) (Version: 8.0.5 - CardScan, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
CompanionLink (HKLM-x32\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 5.00.5050 - CompanionLink Software, Inc.)
Crystal Reports 2008 Runtime SP1 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Dashlane) (Version: 3.2.4.78888 - Dashlane SAS)
Diskeeper 2011 Home (HKLM\...\{F846539C-D2D6-44FF-9AAD-E833FCE964DA}) (Version: 15.0.956.64 - Diskeeper Corporation)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Dropbox (HKU\S-1-5-21-859170578-201559947-259595280-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden
Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version:  - Eusing Software)
Eusing Free Registry Defrag (HKLM-x32\...\Eusing Free Registry Defrag) (Version:  - )
FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
File Shredder 2.0 (HKLM-x32\...\File Shredder_is1) (Version:  - WipeSoft)
FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
Free Internet Window Washer (HKLM-x32\...\Free Internet Window Washer) (Version:  - )
FreeStyle CoPilot Health Management System (HKLM-x32\...\{B6977866-8AD6-46A1-9A85-F232BB6A25F6}) (Version: 4.2.596 - Abbott Diabetes Care)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.2.0.1084 - Citrix Online, a division of Citrix Systems, Inc.)
HL-4150CDN (HKLM-x32\...\{123DE6D6-9566-4777-AC81-E6D86FFA95DA}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{2BAAD87E-2E30-4107-A5D3-42E83C0C4AB4}) (Version: 1.8.89 - Verizon)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.1000 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 2 Runtime Environment, SE v1.4.1_07 (HKLM-x32\...\{CA532E73-1BB7-11D8-9D6A-00010240CE95}) (Version:  - )
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
jZip (HKU\S-1-5-21-859170578-201559947-259595280-1000\...\jZip) (Version: 2.0.0.135670 - Bandoo Media Inc) <==== ATTENTION
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.00.0000 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.20.0001 - Lenovo Group Limited)
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
LogoDesignStudio (HKLM-x32\...\{7543145B-8139-474F-94E7-0A3FF524F509}) (Version: 4.0 - Summitsoft Corporation)
MailWasher Pro (HKLM-x32\...\MailWasher Pro_is1) (Version:  - FireTrust Limited)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-859170578-201559947-259595280-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFax® Print-to-Fax Assistant (HKLM\...\{8887AEF8-2603-4A9A-9580-631616E49ED7}) (Version: 2.3.0 - Protus IP Solutions)
MyFax® Print-to-Fax Assistant 64bit (HKLM\...\{746006B4-6350-4820-B9BA-4C09AFA908F4}) (Version: 2.6.0 - Protus IP Solutions)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Passwords Max (HKU\S-1-5-21-859170578-201559947-259595280-1000\...\{1BD28A80-2A50-11DC-72AE-0554DBBF2CD6}) (Version: 5.00.0000 - Author Direct)
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 8.0 - PlotSoft LLC)
Peachtree Accounting 2010 (x32 Version: 17.00.00 - Sage Software, Inc.) Hidden
Pervasive PSQL v11 Workgroup (32-bit) (x32 Version: 11.30.057 - Pervasive Software) Hidden
Pervasive PSQL v11 Workgroup (32-bit) SP3 (HKLM-x32\...\Pervasive PSQL v11 Workgroup (32-bit)) (Version: 11.30.057 - Pervasive Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Post-it® Digital Notes (HKLM-x32\...\{97B999ED-37CE-433C-8495-530EB679E35D}) (Version: 5.3.0190 - 3M)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.3.11 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Rapport (Version: 3.5.1205.20 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1404.75 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sage 50 Accounting 2013 (x32 Version: 20.00.00 - Sage Software, Inc.) Hidden
Sage 50 Accounting 2014 (HKLM-x32\...\InstallShield_{D2ADA6F5-F155-4A37-87CA-599E81F6C6C0}) (Version: 21.01.00 - Sage Software, Inc.)
Sage 50 Accounting 2014 (x32 Version: 21.01.00 - Sage Software, Inc.) Hidden
Sage 50 Accounting Tax Forms (x32 Version: 12.4.15 - Sage Software SB, Inc.) Hidden
Sage 50 Accounting Update (x32 Version: 19.01.001 - Sage Software, Inc.) Hidden
Sage Exchange (HKU\S-1-5-21-859170578-201559947-259595280-1000\...\f269fca5d8764803) (Version: 1.0.6.8 - Sage Payment Solutions)
Sage Integration Services (HKLM-x32\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
Sage Message Center (x32 Version: 2.00.0000 - Sage Software Inc.) Hidden
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{AAD476D7-FC64-40BC-85EA-0C1FD98D8375}) (Version: 13.0.3.612 - SAP)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.1902.0 - Seagate)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 11.1.0.2691 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for ACT! 7.0 - 13.0 (x32 Version: 8.8.0.1510 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Microsoft Outlook 97-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Outlook 2000-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com support for ACT! 7.0 - 13.0 (HKLM-x32\...\Stamps.com support for ACT! 7.0 - 13.0) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Outlook 2000-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 2000-2010) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Outlook 97-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 97-2010) (Version:  - Stamps.com, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
System Explorer 6.3.2 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.64 - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.75 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
Wise Auto Shutdown 1.44 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 1.44 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.25 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 3.5.7 - WiseCleaner.com, Inc.)
Wise Memory Optimizer 3.33 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.33 - WiseCleaner.com, Inc.)
Wise PC 1stAid 1.36 (HKLM-x32\...\Wise PC 1stAid_is1) (Version: 1.36 - WiseCleaner.com, Inc.)
Wise Program Uninstaller 1.51 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.51 - WiseCleaner.com, Inc.)
Wise System Monitor 1.29 (HKLM-x32\...\Wise System Monitor_is1) (Version: 1.29 - WiseCleaner.com, Inc.)
YouSendIt Express (HKLM-x32\...\InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}) (Version: 2.13.2 - YouSendIt)
YouSendIt Express (x32 Version: 2.13.2 - YouSendIt) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-859170578-201559947-259595280-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

12-02-2015 02:43:37 Windows Update
15-02-2015 23:05:35 Windows Update
24-02-2015 02:14:30 Scheduled Checkpoint
25-02-2015 03:01:38 Windows Update
26-02-2015 09:13:23 Installed Seagate Dashboard.
27-02-2015 09:24:07 Installed Rapport
27-02-2015 10:33:15 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
28-02-2015 10:50:40 Removed Google Drive
28-02-2015 11:42:03 Removed Google Drive
28-02-2015 19:24:23 Windows Update
07-03-2015 21:00:00 Scheduled Checkpoint
08-03-2015 16:46:04 Windows Update
08-03-2015 21:03:57 Removed Soluto
09-03-2015 08:57:50 Windows Live Essentials
09-03-2015 08:58:57 WLSetup
09-03-2015 17:54:07 Removed Rapport
09-03-2015 18:06:36 Installed Rapport
09-03-2015 18:27:27 Installed Rapport
11-03-2015 00:52:43 Windows Update
11-03-2015 23:12:11 Tuesday Evening 3/11
12-03-2015 09:21:41 Thursday March 12
12-03-2015 20:18:53 Thursday March 12 PM Backup
13-03-2015 09:50:05 Installed 7-Zip 9.20 (x64 edition)
13-03-2015 10:06:53 Removed 7-Zip 9.20 (x64 edition)
15-03-2015 23:50:11 Windows Update
16-03-2015 01:41:28 Removed Soluto

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {042A88A0-8E3E-46AF-B0E3-598DEDA18635} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {05A31F2D-4D4A-4A42-A2E4-D4706C9CFFB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {075F369C-A073-49C0-9F24-4C8DB35A0C56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {0B78724A-2FA4-4073-9585-611F6A7C69EF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0CA1D3FD-7211-4075-9888-21FD4C272C73} - System32\Tasks\{C0B103B5-EB00-4CB7-9E3E-E81197DA0AC7} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {13071E58-00AA-4ECC-A08B-F707971852A5} - System32\Tasks\{9BD0ED4E-45E0-4E50-A114-FD8E2335D9A1} => pcalua.exe -a "C:\Program Files (x86)\Mail Box Dispatcher 2\unins000.exe"
Task: {17C9FB60-A5BE-422B-8EF0-03DE53CC25C5} - System32\Tasks\{A5EB4EE5-B961-4153-91B8-BE7C7CE9F40C} => pcalua.exe -a C:\Users\Owner\Downloads\swftools-2012-02-04-0819.exe -d C:\Users\Owner\Downloads
Task: {17F582FF-E7D4-4E14-9112-41B4573632B5} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1F4360EE-687C-43BB-8E8C-2C0D2BDA7EF0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {21240672-159C-429E-BB3E-076746F06563} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2015-03-09] (WiseCleaner.com)
Task: {22FA6B73-FE3F-433F-BC91-66B54D8BC05E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {2FF6A95F-3C62-4E32-9CDE-76DF438FDD15} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {398AB3FC-9423-4C84-857B-71B13629D495} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {3BB527DA-7C9C-4219-B713-6D856B7543E7} - System32\Tasks\{91384A3C-E652-4AA5-A769-557EBC6110CC} => pcalua.exe -a C:\Users\Owner\Downloads\rdxt_en.exe -d C:\Users\Owner\Downloads
Task: {4590AA47-8A0B-48AB-B119-91159DB34367} - System32\Tasks\{0AFF3E7E-BFA8-4F7B-9353-FAC3D29B837E} => pcalua.exe -a C:\Users\Owner\Contacts\Desktop\ConstantContactInfoTransfer_ACT!_v1.2_installer.exe -d C:\Users\Owner\Contacts\Desktop
Task: {594EB11E-172C-430D-B00D-AD3F16F10218} - System32\Tasks\{978D68CB-BC8C-411B-B624-401118682AED} => pcalua.exe -a "C:\Program Files (x86)\Sage Software\Peachtree\Company\Updates\PTXA2014.1.exe" -d "C:\Program Files (x86)\Sage Software\Peachtree\Company\Updates"
Task: {606AEE60-BA27-423E-8139-8227E6AC7389} - System32\Tasks\{FA8CF556-824C-4C27-BF16-8F7F25BF8B21} => pcalua.exe -a C:\Users\Owner\Downloads\IN12STW51WW5.exe -d C:\Users\Owner\Downloads
Task: {6316A84B-A105-458D-A9E9-4B37E479F679} - System32\Tasks\{A101592A-85FF-4579-9E01-4BDE1DF6CA7B} => pcalua.exe -a C:\Users\Owner\Downloads\ConstantContactInfoTransfer_ACT!_v1.2_installer(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {6E14FEFC-BDAC-4762-8148-2CE60162F476} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {77E8F12C-88EB-4405-ADC0-BBE489C4F201} - System32\Tasks\{EEFE2AE0-86BB-4E46-AA20-963408E8F003} => pcalua.exe -a C:\Users\Owner\Downloads\HijackThis.exe -d C:\Users\Owner\Downloads
Task: {92059A77-E81E-4784-BDA7-380504CB957A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9935A44E-8424-403D-BE65-F437F2FEC324} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-16] (Google Inc.)
Task: {9D7F284F-68F5-4763-8273-98C463D79239} - System32\Tasks\Owner Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {AABFDF92-836A-4EFE-908D-617D66D71BB7} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-10-04] (Lenovo Group Limited)
Task: {AF3222FA-DF74-47F2-B3B1-40B936D95179} - System32\Tasks\{57FB7647-B4B5-499B-8411-7CBD35C8E539} => pcalua.exe -a C:\Users\Owner\Desktop\ConstantContactInfoTransfer_ACT!_v1.2_installer.exe -d C:\Users\Owner\Desktop
Task: {B9CE3845-83F4-40CB-963D-4F42B3FC7DC4} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-13] (Seagate Technology LLC)
Task: {CA867972-E6F0-45D7-8E6D-20182BC55457} - System32\Tasks\{730170B9-C15C-4CDC-9B45-AAB2BB5D2529} => pcalua.exe -a C:\Users\Owner\Downloads\ConstantContactInfoTransfer_ACT!_v1.2_installer.exe -d C:\Users\Owner\Downloads
Task: {EF5B3271-679B-4025-9325-C310EAB294A2} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {F0D0F787-D132-4AAA-AFDF-7C6B8AE3C2C5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {F71E2C1A-0278-4B8B-ABA9-3F024B5AB96D} - System32\Tasks\Owner DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-02-13] (Seagate Technology LLC)
Task: {F918D826-7518-4098-9EFC-FBC2CDF77F89} - System32\Tasks\Owner => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-02-13] (Seagate Technology LLC)
Task: {F9B77ED0-D586-4130-AB33-C85C175819D7} - System32\Tasks\Wise System Monitor => C:\Program Files (x86)\Wise\Wise System Monitor\WiseSystemMonitor.exe [2015-01-12] (WiseCleaner.com)
Task: {FD3EB576-FB0D-430C-A514-C0807C25C7F2} - System32\Tasks\{A8E62B8A-882D-4B94-AE0E-3A1B35D5983A} => pcalua.exe -a "F:\Office Enterprise Edition 2007\setup.exe" -d "F:\Office Enterprise Edition 2007" -c /adminfile IU.MSP
Task: {FEC76B02-4041-4040-88B8-5C3B3DFF2A2E} - System32\Tasks\{23350F9C-0FA8-484B-B815-FA9AC5E459E3} => pcalua.exe -a C:\Users\Owner\Downloads\swftools-0.9.1.exe -d C:\Users\Owner\Downloads
Task: {FF1F5F39-B0D6-4D07-9DFD-DDD4FB6DBA04} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Owner.job => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exeOC:\Users\Owner\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\Owner.nji
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\windows\Tasks\Wise System Monitor.job => C:\Program Files (x86)\Wise\Wise System Monitor\WiseSystemMonitor.exe
Task: C:\windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) ==============

2010-11-02 08:58 - 2010-11-02 08:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-03-09 11:47 - 2014-09-01 11:00 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2015-03-09 11:47 - 2014-10-13 15:21 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2015-03-09 11:47 - 2014-10-13 15:21 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2015-03-09 12:18 - 2015-03-09 12:18 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_002\ashttpbr.mdl
2015-03-09 12:18 - 2015-03-09 12:18 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_002\ashttpdsp.mdl
2015-03-09 12:18 - 2015-03-09 12:18 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_002\ashttpph.mdl
2015-03-09 12:18 - 2015-03-09 12:18 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00050_002\ashttprbl.mdl
2010-11-02 08:58 - 2010-11-02 08:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-06-06 10:20 - 2010-06-06 10:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-15 01:28 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-19 23:20 - 2011-05-18 22:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 23:20 - 2011-05-18 22:45 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-11-02 09:39 - 2010-11-02 09:39 - 00340240 _____ () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
2011-12-18 13:07 - 2011-10-04 04:04 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2014-02-18 16:52 - 2015-02-17 07:49 - 00232632 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\DashlanePlugin.exe
2013-12-25 16:28 - 2015-02-17 07:49 - 00227000 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\Dashlane.exe
2012-10-23 01:04 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-06-04 14:26 - 2013-11-07 13:42 - 00397104 ____R () C:\Program Files (x86)\Sage Software\Peachtree\pchqb.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-09 11:47 - 2014-09-01 10:59 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2011-05-18 22:33 - 2011-05-18 22:33 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2015-03-13 01:00 - 2015-03-07 02:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-13 01:00 - 2015-03-07 02:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-13 01:00 - 2015-03-07 02:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 05730488 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00442040 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00307384 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00418488 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 30961336 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 12115640 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00266936 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 02047672 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00183992 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 06726840 _____ () C:\Users\Owner\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.4.78888.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerInstaller.exe:BDU
AlternateDataStreams: C:\windows\SysWOW64\GPhotos.scr:AGC
AlternateDataStreams: C:\Users\Owner\Downloads\atih_cleanup_tool_s_e.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\ccsetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\CoPilot_Setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\drivedetect(1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\drivedetect.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\EFRCSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\EFRDSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\FSResizerSetup32.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\googledrivesync (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\googledrivesync.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\iPhoneCarePro32trial(616270).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\jxpiinstall(2).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\pictureresizer_setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\RapportSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\SeaToolsforWindowsSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\solutoinstaller-k91jb56fq48n_s423690405.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\System_Tray_Cleaner.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\tr161_setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\windows__df179868-9988-43b5-a346-22978465abc7__.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\wlsetup-web.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\WMOSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\WPCASetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\wpsetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\YouSendItExpressSetup2_13_2.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-859170578-201559947-259595280-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.76.84.102 - 75.76.84.103

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: PeachtreePrefetcher.exe => C:\Program Files (x86)\Sage Software\Peachtree\PeachtreePrefetcher.exe /configfile:peachtreeprefetcher.winstart.config
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

==================== Accounts: =============================

Administrator (S-1-5-21-859170578-201559947-259595280-500 - Administrator - Disabled)
ASPNET (S-1-5-21-859170578-201559947-259595280-1005 - Limited - Enabled)
Guest (S-1-5-21-859170578-201559947-259595280-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-859170578-201559947-259595280-1007 - Limited - Enabled)
Owner (S-1-5-21-859170578-201559947-259595280-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: Officejet 7400 series
Description: Officejet 7400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2015 11:18:23 PM) (Source: MSSQL$ACT7) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (03/16/2015 11:18:23 PM) (Source: MSSQL$ACT7) (EventID: 8313) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

Error: (03/16/2015 11:18:18 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (03/16/2015 11:17:52 PM) (Source: ACT! Scheduler) (EventID: 0) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.
   at Act.Scheduler.SchedulerService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/16/2015 10:28:05 PM) (Source: MSSQL$ACT7) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (03/16/2015 10:28:05 PM) (Source: MSSQL$ACT7) (EventID: 8313) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

Error: (03/16/2015 10:27:55 PM) (Source: MSSQLServerADHelper) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (03/16/2015 10:26:41 PM) (Source: ACT! Scheduler) (EventID: 0) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.
   at Act.Scheduler.SchedulerService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/16/2015 04:11:33 PM) (Source: MSSQL$ACT7) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (03/16/2015 04:11:33 PM) (Source: MSSQL$ACT7) (EventID: 8313) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.


System errors:
=============
Error: (03/16/2015 11:31:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (03/16/2015 11:19:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sage 50 SmartPosting 2014 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/16/2015 11:19:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2015 11:19:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TPPWRIF

Error: (03/16/2015 11:19:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cisco EnergyWise Enabler service failed to start due to the following error:
%%1053

Error: (03/16/2015 11:19:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Cisco EnergyWise Enabler service to connect.

Error: (03/16/2015 11:18:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (03/16/2015 11:18:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (03/16/2015 11:18:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (03/16/2015 11:18:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server Active Directory Helper service terminated with service-specific error %%-1073741724.


Microsoft Office Sessions:
=========================
Error: (08/30/2012 10:19:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 370 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/15/2011 02:00:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 246 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (11/25/2011 05:29:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 913 seconds with 660 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-11-10 13:45:16.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-11-10 13:45:16.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2011-07-16 01:28:07.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2011-07-16 01:26:51.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 34%
Total physical RAM: 6058.17 MB
Available physical RAM: 3979.3 MB
Total Pagefile: 12114.53 MB
Available Pagefile: 8645.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:552.22 GB) (Free:310.15 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.21 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#6 garyparrott

garyparrott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 16 March 2015 - 11:52 PM

I actually run BitDefender antivirus. I had to download a newer version last week due to issues with the program. Windows does not recognize the antivirus program even though it seems to be running. Next time round I am going back to Webroot.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:05 PM

Posted 17 March 2015 - 08:39 AM


Using the Add/Remove programs applet delete these old version of Java.
Java 2 Runtime Environment, SE v1.4.1_07
Java 7 Update 45 (64-bit)
Java 7 Update 45
Java 8 Update 25

===

Please run the AdwCleaner tool and clean everything.
==


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-859170578-201559947-259595280-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-03-13]
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SoftwareService; No ImagePath
U2 Stereo Service; No ImagePath

AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerInstaller.exe:BDU
AlternateDataStreams: C:\windows\SysWOW64\GPhotos.scr:AGC
AlternateDataStreams: C:\Users\Owner\Downloads\atih_cleanup_tool_s_e.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\ccsetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\CoPilot_Setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\drivedetect(1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\drivedetect.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\EFRCSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\EFRDSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\FSResizerSetup32.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\googledrivesync (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\googledrivesync.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\iPhoneCarePro32trial(616270).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\jxpiinstall(2).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\pictureresizer_setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\RapportSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\SeaToolsforWindowsSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\solutoinstaller-k91jb56fq48n_s423690405.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\System_Tray_Cleaner.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\tr161_setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\windows__df179868-9988-43b5-a346-22978465abc7__.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\wlsetup-web.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\WMOSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\WPCASetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\wpsetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\YouSendItExpressSetup2_13_2.exe:BDU

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

My autocheck start up does not work: BootExecute: autocheck autochk /p \??\H:autocheck

Try the suggested fix on this page.

http://www.thewindowsclub.com/check-disk-will-not-run-at-startup
===

How is the computer running now?

#8 garyparrott

garyparrott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 17 March 2015 - 09:36 AM

A couple of questions.

I noticed that Java ™ 6 Update 31 was still installed. Shall I delete that as well?

 

I had created a folder FRST on my desktop. In the folder is the execution file, and I saved the FRST.txt file. Is this where I save the fixlist.txt ?



#9 garyparrott

garyparrott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 17 March 2015 - 11:02 AM

Followed your instructions, listed is the Fixlog.txt

 

The computer seems to be running much better. Will now follow the link to the check disk. 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Owner at 2015-03-17 11:49:15 Run:1
Running from C:\Users\Owner\Contacts\Desktop\FRST
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-859170578-201559947-259595280-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-03-13]
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SoftwareService; No ImagePath
U2 Stereo Service; No ImagePath

AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerInstaller.exe:BDU
AlternateDataStreams: C:\windows\SysWOW64\GPhotos.scr:AGC
AlternateDataStreams: C:\Users\Owner\Downloads\atih_cleanup_tool_s_e.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\ccsetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\CoPilot_Setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\drivedetect(1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\drivedetect.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\EFRCSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\EFRDSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\FSResizerSetup32.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\googledrivesync (1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\googledrivesync.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\iPhoneCarePro32trial(616270).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\jxpiinstall(2).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\pictureresizer_setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\RapportSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\SeaToolsforWindowsSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\solutoinstaller-k91jb56fq48n_s423690405.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\System_Tray_Cleaner.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\tr161_setup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\windows__df179868-9988-43b5-a346-22978465abc7__.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\wlsetup-web.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\WMOSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\WPCASetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\wpsetup.exe:BDU
AlternateDataStreams: C:\Users\Owner\Downloads\YouSendItExpressSetup2_13_2.exe:BDU

End
*****************

Processes closed successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-859170578-201559947-259595280-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value deleted successfully.
HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => Key not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa => Moved successfully.
BcmSqlStartupSvc => Service deleted successfully.
CLKMSVC10_3A60B698 => Service deleted successfully.
CLKMSVC10_C3B3B687 => Service deleted successfully.
DriverService => Service deleted successfully.
IAStorDataMgrSvc => Service deleted successfully.
iATAgentService => Service deleted successfully.
idealife Update Service => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
nvUpdatusService => Service deleted successfully.
Oasis2Service => Service deleted successfully.
PCCarerService => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
RtLedService => Service deleted successfully.
SoftwareService => Service deleted successfully.
Stereo Service => Service deleted successfully.
C:\windows\SysWOW64\FlashPlayerInstaller.exe => ":BDU" ADS removed successfully.
C:\windows\SysWOW64\GPhotos.scr => ":AGC" ADS removed successfully.
C:\Users\Owner\Downloads\atih_cleanup_tool_s_e.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\ccsetup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\ChromeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\CoPilot_Setup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\drivedetect(1).exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\drivedetect.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\DropboxInstaller.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\EFRCSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\EFRDSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\FSResizerSetup32.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\googledrivesync (1).exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\googledrivesync.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\iPhoneCarePro32trial(616270).exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\jxpiinstall(2).exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\pictureresizer_setup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\RapportSetup(1).exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\SeaToolsforWindowsSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\SkypeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\solutoinstaller-k91jb56fq48n_s423690405.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\System_Tray_Cleaner.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\tr161_setup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\windows__df179868-9988-43b5-a346-22978465abc7__.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\wlsetup-web.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\WMOSetup(1).exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\WPCASetup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\wpsetup.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Downloads\YouSendItExpressSetup2_13_2.exe => ":BDU" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 11:49:19 ====



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:05 PM

Posted 17 March 2015 - 12:56 PM

I noticed that Java ™ 6 Update 31 was still installed. Shall I delete that as well?

No. This is the latest version.

#11 garyparrott

garyparrott
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 17 March 2015 - 04:51 PM

As far as I can tell, the check disk has been repaired. I modified regedit as suggested and the error message was not present when I rebooted. I am going to re-start the system and check it again.

Thanks



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:05 PM

Posted 18 March 2015 - 07:09 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:05 PM

Posted 24 March 2015 - 10:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users