Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

s.yimg.com - How do I remove this? Google search unsuccessful


  • This topic is locked This topic is locked
12 replies to this topic

#1 gak1952

gak1952

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 30 September 2015 - 03:41 PM

Whenever, I load Yahoo in Firefox, I notice the site "s.yimg.com" is active in the bottom left hand bar of my Firefox browser.

 

From some initial research on the internet using Google, s.yimg.com seems to be tracking malware that loads advertisements. It may be active in al sites visited or in just particular sites. Yahoo and Amazon are frequently mentioned in posts asking how s.yimg.com can be removed.

 

Some posts also link it to Adobe Flash and You Tube.

 

Some sites give instructions for manual removal. I have tried what seemed to be the most plausible of these, but with no success. Some sites suggest wiping out all browser history including every last cookie. Since I need some of my cookies, as well as those of my wife (and am uncertain which cookies are the ones needed) for purposes of my logins to various websites, this is not an option. Nor am I sure such a drastic approach would work.

 

So, I would be very grateful (as I think would a lot of other people on the internet) if someone would suggest how I can get rid of s.yimg.com.

 

I am running a Dell Dimension 8400 using Windows XP Professional. Security is provided by Norton 360 and Zemana Anti-logger. I also have Malware Professional and Herd installed on my computer. Every so ofter I use these latter two programs to scan my computer to see if anything has slipped by Norton 360.

 

I use Firefox to browse the Internet. However, I somtimes also use Chrome, Internet Explorer and Opera.

 

I thank all respondents for their help in advance.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,266 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:23 PM

Posted 01 October 2015 - 08:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,266 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:23 PM

Posted 07 October 2015 - 08:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,266 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:23 PM

Posted 10 October 2015 - 08:32 AM

This topic has been re-opened at the request of the person who originally posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,266 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:23 PM

Posted 10 October 2015 - 08:33 AM

gak1952

I'm listening.

#6 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 10 October 2015 - 06:06 PM

Dear Nasdaq,

 

Here is the AdWare cleaner report: The FRST report follows.

 

Note: after further research I have decided to delete the following two registry keys

 

HKLM\SOFTWARE\Description

HKU\.DEFAULT\Software\IBUpdaterService

 

I will run Adware again and let it delete. A search with Google suggests they are either unneeded or potentially malignant.

 

Thank you for your help. I very much appreciate it.

 

Sincerely,

 

gak1952

 

# AdwCleaner v5.009 - Logfile created 03/10/2015 at 12:54:02
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : GAK - GAK
# Running from : C:\Program Files\AdwCleaner\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[x] Folder Not Deleted : C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[x] Folder Not Deleted : C:\Documents and Settings\All Users\Application Data\USBSRService
[x] Folder Not Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\SuperEasy Software
[x] Folder Not Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\PDF to Word Converter
[-] Folder Deleted : C:\Documents and Settings\GAK\Local Settings\Application Data\Innovative Solutions
[-] Folder Deleted : C:\Documents and Settings\GAK\Local Settings\Application Data\MalwareProtectionLive
[x] Folder Not Deleted : C:\Documents and Settings\GAK\My Documents\Updater
[x] Folder Not Deleted : C:\Program Files\SuperEasy Software

***** [ Files ] *****

[-] File Deleted : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\hz32imv0.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\hz32imv0.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\hz32imv0.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\nmk1y36l.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\nmk1y36l.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\nmk1y36l.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\searchplugins\safesearch.xml
[-] File Deleted : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Documents and Settings\GAK\Start Menu\Programs\Malware Protection Live.lnk

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[x] Task Not Deleted : Driver Detective-RTMRules
[x] Task Not Deleted : Driver Detective-RTMScan
[x] Task Not Deleted : Driver Detective-RTMUpdater

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper
[x] Key Not Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[x] Key Not Deleted : HKU\.DEFAULT\Software\GoforFiles
[x] Key Not Deleted : HKU\.DEFAULT\Software\IBUpdaterService
[-] Key Deleted : HKCU\Software\Conduit
[x] Key Not Deleted : HKCU\Software\ParetoLogic
[x] Key Not Deleted : HKCU\Software\Uniblue
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[x] Key Not Deleted : HKLM\SOFTWARE\Description
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Toolbar
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-1606980848-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{81675A2E-6191-4130-A937-F55A88BDA63F}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[!] Key Not Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[!] Key Not Deleted : HKU\S-1-5-21-1606980848-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{81675A2E-6191-4130-A937-F55A88BDA63F}
[!] Key Not Deleted : HKU\S-1-5-21-1606980848-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[!] Key Not Deleted : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\hz32imv0.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=926458&fr=spigot-yhp-ff");
[-] [C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\nmk1y36l.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=926458&fr=spigot-yhp-ff");
[-] [C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6891 bytes] ##########
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by GAK (administrator) on GAK (05-10-2015 17:12:29)
Running from C:\Downloads
Loaded Profiles: GAK (Available Profiles: GAK & _ocster_1clk_backup_ & _supereasy_1cbackup_ & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\USB Safely Remove\USBSRService.exe
(FSPro Labs) C:\WINDOWS\system32\fsproflt2.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(FSPro Labs) C:\Program Files\Hide Folders 2012\hf.exe
() C:\Program Files\Ashampoo\Ashampoo HDD Control 3\HDDC3Service.exe
(Microsoft Corporation) C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
(SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.5.2.15\ns.exe
() C:\Program Files\PS-Disk Monitoring Utility\HardDiskMonitoringService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE
(PGWARE LLC) C:\Program Files\PGWARE\SuperRam\SuperRamService.exe
(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp., Veritas Software) C:\WINDOWS\system32\dmadmin.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.5.2.15\ns.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Lamantine Software a.s.) C:\Program Files\Sticky Password\stpass.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\processlasso.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe
(Ashampoo Development GmbH & Co. KG) C:\Program Files\Ashampoo\Ashampoo HDD Control 3\HDDC3Guard.exe
(PGWARE LLC) C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe
(4t Niagara Software) C:\Program Files\4t Tray Minimizer\4t-min.exe
() C:\Program Files\Chaos Manager 2\cm2.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files\FreeCommander\FreeCommander.exe
(Ashampoo) C:\Program Files\Ashampoo\Ashampoo Burning Studio 2015\burningstudio2015.exe
(Ashampoo) C:\Program Files\Ashampoo\Ashampoo Burning Studio 2015\CancelAutoplay2.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [STARTRIGHT] => C:\Program Files\StartRight\StartRight.exe [781824 2007-01-29] (www.joejoesoft.com)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [19456 2007-04-09] (Creative Technology Ltd)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [379672 2013-07-18] (Acronis)
HKLM\...\RunOnce: [STARTRIGHT] => C:\Program Files\StartRight\StartRight.exe [781824 2007-01-29] (www.joejoesoft.com)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoResolveTrack]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\...\Run: [StickyPassword] => C:\Program Files\Sticky Password\stpass.exe [58632 2015-06-08] (Lamantine Software a.s.)
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [634504 2015-09-21] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\...\Policies\Explorer: [NoResolveTrack]
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\...\Policies\Explorer: [NoDrives] 62914560
AppInit_DLLs: C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files\KeyCryptSDK\KeyCrypt32(4).dll [87840 2014-12-13] (Zemana Ltd.)
Lsa: [Authentication Packages] msv1_0 nwprovau
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll [2011-05-09] (Gladinet, INC)
ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll [2011-05-09] (Gladinet, INC)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011-11-24] ()
BootExecute:
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{382AB702-38F6-4784-B97A-37E2BCF6B8EB}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7F7178A5-E3FE-4146-89AE-F6E85D233AF4}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://yahoo.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1606980848-2052111302-839522115-1003 -> {1EB3274A-E248-4969-B2CC-8A4EE7E17AE7} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files\WinZip Courier\wzwmcie.dll [2011-07-19] (WinZip Computing, S.L.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll [2012-02-28] (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1606980848-2052111302-839522115-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-11] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1606980848-2052111302-839522115-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1606980848-2052111302-839522115-1003 -> No Name - {F090BE08-2E7E-4D60-8FAB-98ABFA425136} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2011-05-24] (Belarc, Inc.)
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File []
Handler: AutorunsDisabled\skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: AutorunsDisabled\viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File []
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.yahoo.com/
FF Session Restore: -> is enabled.
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @dymo.com/DymoLabelFramework -> C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2012-10-09] ( Sanford L.P.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2061 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2011-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2122 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2011-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1059 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-08-14] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-10] (VideoLAN)
FF Plugin: @winzip.com/Winzip Courier -> C:\Program Files\WinZip Courier\npwzwmc.dll [2011-07-19] (WinZip Computing, S.L.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1606980848-2052111302-839522115-1003: @stickypassword.com/Sticky Password -> C:\Program Files\Sticky Password\npspAutofill.dll [2015-06-08] (Lamantine Software a.s.)
FF Plugin HKU\S-1-5-21-1606980848-2052111302-839522115-1003: en.pixelplan.pl/PIXELPLANWebViewer -> C:\Documents and Settings\GAK\Application Data\Pixelplan\Pixelplan O4C Viewer Web\1.2.7\npPIXELPLANWebViewer.dll [2012-09-06] (Pixelplan S.C.)
FF Extension: ADB Helper - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\adbhelper@mozilla.org [2015-01-27]
FF Extension: TooManyTabs - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\TooManyTabs@visibotech.com [2013-10-06]
FF Extension: Zotero Word for Windows Integration - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\zoteroWinWordIntegration@zotero.org [2014-05-23]
FF Extension: FireShot - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-12-09]
FF Extension: Amazon Startcenter - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{144D1513-0819-4538-AD26-D515AF443AE7} [2015-09-10]
FF Extension: Home Extension - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259} [2015-09-10]
FF Extension: Amazon Statusbar Button - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{32DD6873-2BC0-4E4B-B9A3-0E602AB0DC14} [2015-09-10]
FF Extension: Lightshot (screenshot tool) - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2013-10-06]
FF Extension: Flashblock - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-03-23]
FF Extension: FEBE - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-03-23]
FF Extension: Preispiraten - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} [2015-09-10]
FF Extension: DeeperWeb for Google - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\bizdom@wizbites.com.xpi [2014-05-23]
FF Extension: Zotero - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\zotero@chnm.gmu.edu.xpi [2014-05-23]
FF Extension: Multirow Bookmarks Toolbar Plus - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2013-10-06]
FF Extension: Adblock Plus - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-06]
FF Extension: Adblock Edge - C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-09-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-08-29]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-08-29]
FF HKLM\...\Firefox\Extensions: [{845257EF-A892-484e-8EB0-47F563D75939}] - C:\Program Files\iSkysoft\Video Converter Ultimate\SVRFirefoxExt
FF Extension: iSkysoft Video Converter Ultimate - C:\Program Files\iSkysoft\Video Converter Ultimate\SVRFirefoxExt [2013-12-14]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFPlgn
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFPlgn [2015-09-08]
FF HKU\S-1-5-21-1606980848-2052111302-839522115-1003\...\Firefox\Extensions: [{54affe52-8223-453b-be1e-2fe2e250045c}] - C:\Documents and Settings\GAK\Application Data\Lamantine\Sticky Password\spAutofill
FF Extension: Sticky Password Autofill Engine - C:\Documents and Settings\GAK\Application Data\Lamantine\Sticky Password\spAutofill [2012-05-09]
FF HKU\S-1-5-21-1606980848-2052111302-839522115-1003\...\Firefox\Extensions: [CaptureSaver@goldgingko.com] - C:\Program Files\CaptureSaver\Firefox
FF Extension: No Name - C:\Program Files\CaptureSaver\Firefox [2013-03-19]

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Pixelplan Web Viewer) - C:\Documents and Settings\GAK\Application Data\Pixelplan\Pixelplan O4C Viewer Web\1.2.7\npPIXELPLANWebViewer.dll (Pixelplan S.C.)
CHR Plugin: (DYMO Label Framework) - C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Sticky Password) - C:\Program Files\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WinZip Courier) - C:\Program Files\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR Profile: C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Wondershare Player) - C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkdegagmpemadclljncealhmmkojfoam [2014-11-28]
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-02]
CHR Extension: (iSkysoft Video Converter Ultimate) - C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlfeafapmnniobpffacckpddijdjgpmj [2014-01-20]
CHR Extension: (Norton Identity Safe) - C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-28]
CHR Extension: (WinZip Courier) - C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk [2013-07-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-28]
CHR HKLM\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\Documents and Settings\All Users\Application Data\Wondershare\Player\Player@Wondershare.com.crx [2014-07-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-23]
CHR HKLM\...\Chrome\Extension: [hlfeafapmnniobpffacckpddijdjgpmj] - C:\Program Files\iSkysoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-12-14]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ilckobikkmajlmhhdenkhonjkoaneclk] - C:\Program Files\WinZip Courier\wzwmcgc.crx [2011-05-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR HKLM\...\Chrome\Extension: [odoegbfnimkkocjoeoelkonmlfpbhlnc] - <no Path\update_url>

Opera:
=======
OPR Extension: (Sticky Password Autofill Engine) - C:\Documents and Settings\GAK\Application Data\Opera Software\Opera Stable\Extensions\ggepjhbdgijjkbelnggboeoehacbphed [2015-10-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [777016 2013-07-18] (Acronis)
S4 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [37280 2011-10-25] (ArcSoft Inc.) [File not signed]
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-04-21] (Adobe Systems) [File not signed]
S3 Adobe Version Cue CS2; C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated) [File not signed]
S4 advschedulerbsc; C:\Program Files\Advanced Task Scheduler\advscheduler_service.exe [1357856 2015-04-04] (Southsoftware.com)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3869688 2015-05-03] (Acronis)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-02-10] () [File not signed]
S4 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [29912 2015-03-19] (AOMEI Tech Co., Ltd.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S4 ctm; C:\Program Files\Convar\TaskManager\ctm.exe [98304 2004-04-02] (Convar Deutschland GmbH) [File not signed]
S4 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2011-06-04] (Nuance Communications, Inc.)
S4 DymoPnpService; C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe [32368 2012-10-09] (Sanford, L.P.)
S4 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S4 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S3 ESLoadService; C:\Program Files\EaseUS\EaseUS EverySync\bin\ESLoadService.exe [43048 2015-04-21] (TODO: <Company name>)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-09-06] (Macrovision Europe Ltd.) [File not signed]
S4 FLService; C:\Program Files\idoo\File Encryption\FLService.exe [86016 2011-06-09] () [File not signed]
R2 fsproflt2; C:\WINDOWS\system32\fsproflt2.exe [69408 2014-10-06] (FSPro Labs)
S4 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [313360 2013-11-03] (Genie9)
S4 GladFileMonSvc; C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29552 2011-05-09] (Gladinet, INC)
S4 GSService; C:\WINDOWS\system32\GSService.exe [252416 2012-07-05] () [File not signed]
R2 HDDC3Service; C:\Program Files\Ashampoo\Ashampoo HDD Control 3\HDDC3Service.exe [322920 2014-11-17] ()
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 KooRaRooMediaServer; C:\Program Files\KooRaRoo Media\KooRaRooMediaServer.exe [5383736 2014-01-17] (Programming Sunrise)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 MCDefragService; C:\Program Files\Common Files\MC Common\AMDSrv.exe [5663856 2011-09-08] (mobile concepts)
R2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S2 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
R2 NetBalancer Windows Service; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [10240 2012-02-16] (SeriousBit) [File not signed]
R2 NS; C:\Program Files\Norton Security\Engine\22.5.4.24\NS.exe [282016 2015-09-24] (Symantec Corporation)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
S4 ocster_1clk_backup; c:\Program Files\Ocster 1-Click Backup\bin\backupService-ox1c.exe [20832 2014-01-29] ()
S4 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-11] (Nuance Communications, Inc.)
S4 PDSvc; C:\Program Files\Cybertron\Privacy Drive\pdsvc.exe [333288 2014-10-03] (Cybertron Software, Co., Ltd.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
S4 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 PS-Disk Monitoring Utility; C:\Program Files\PS-Disk Monitoring Utility\HardDiskMonitoringService.exe [53248 2008-08-12] () [File not signed]
S4 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-08-15] (Puran Software) [File not signed]
S4 reaConverter_service; C:\Program Files\reaConverter 7 Standard\rc_service.exe [2129408 2015-06-19] () [File not signed]
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [253776 2014-08-25] ()
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012.SP5c\RpcAgentSrv.exe [68760 2008-09-05] (SiSoftware) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [137352 2015-09-21] (Sandboxie Holdings, LLC)
S4 SpeedBoosterSvc; C:\Program Files\Common Files\MC Common\BoostService.exe [2236528 2011-09-08] (mobile concepts)
R2 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S4 supereasy_1cbackup; c:\Program Files\SuperEasy Software\1-Click Backup\bin\backupService-sez1cb.exe [21600 2014-02-04] ()
R2 SuperRam; C:\Program Files\PGWARE\SuperRam\SuperRamService.exe [1939608 2015-08-09] (PGWARE LLC)
R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7142320 2013-10-22] (Acronis)
S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [67056 2007-03-03] (Ulead Systems, Inc.)
R2 USBSafelyRemoveService; C:\Program Files\USB Safely Remove\USBSRService.exe [257880 2011-08-04] ()
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580144 2015-08-06] (WiseCleaner.com)
S4 Roxio UPnP Renderer 9; no ImagePath
S4 Roxio Upnp Server 9; no ImagePath
S4 RoxLiveShare9; no ImagePath
S4 stllssvr; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aflfile; C:\WINDOWS\System32\drivers\aflfile.sys [22984 2012-08-25] (Giant Matrix Limited)
R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [26424 2015-02-26] () [File not signed]
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [129720 2015-02-26] () [File not signed]
S3 ampa; C:\WINDOWS\system32\ampa.sys [12656 2013-12-18] ()
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [14392 2015-02-26] () [File not signed]
R3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26032 2013-06-02] (Wondershare)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-05-22] (AVG Technologies)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20150928.001\BHDrvx86.sys [1181936 2015-07-23] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ccSet_NS; C:\WINDOWS\system32\drivers\NS\1605040.018\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation)
R3 CLVirtualBus01; C:\WINDOWS\System32\DRIVERS\CLVirtualBus01.sys [79496 2014-03-12] (CyberLink)
S3 COMMONFX.DLL; C:\WINDOWS\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
R1 CSN5PDTS82; C:\WINDOWS\System32\Drivers\CSN5PDTS82.sys [28184 2010-05-20] (Colasoft Co., Ltd.)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
S3 CTAUDFX.DLL; C:\WINDOWS\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\WINDOWS\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
S3 CTSBLFX.DLL; C:\WINDOWS\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [10936 2011-06-15] () [File not signed]
R2 DgiVecp; C:\WINDOWS\System32\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.) [File not signed]
S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [163616 2015-06-27] (Digiarty Software, Inc.)
R2 DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [35128 2006-08-08] (Sonic Solutions)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [32504 2006-08-08] (Sonic Solutions)
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [12952 2006-08-01] (Sonic Solutions)
R2 DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [9432 2006-08-08] (Sonic Solutions)
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [104504 2006-08-08] (Sonic Solutions)
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [26136 2006-08-08] (Sonic Solutions)
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [14552 2006-08-08] (Sonic Solutions)
R1 DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [28216 2006-08-01] (Sonic Solutions)
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94680 2006-08-08] (Sonic Solutions)
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [97880 2006-08-08] (Sonic Solutions)
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [51800 2006-08-01] (Sonic Solutions)
R3 dvdfab; C:\WINDOWS\System32\drivers\dvdfab.sys [54144 2011-08-15] (Fengtao Software Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-27] (Symantec Corporation)
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [14944 2014-11-18] ()
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-07-27] (Symantec Corporation)
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52008 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40744 2014-12-15] ()
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14888 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [188328 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2014-11-18] ()
R1 FileDisk; C:\WINDOWS\system32\Drivers\FileDisk.sys [12928 2013-04-23] (Bo Brantén) [File not signed]
R0 FileLock; C:\WINDOWS\System32\DRIVERS\FileLock.sys [35456 2012-01-22] (Gili Soft Inc.) [File not signed]
R0 FSProFilter2; C:\WINDOWS\System32\Drivers\FSPFltd2.sys [51760 2011-06-04] (FSPro Labs)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30464 2013-05-30] ()
R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [57112 2012-02-02] (Paragon Software Group)
R3 IDSxpx86; C:\Program Files\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20151002.004\IDSxpx86.sys [548528 2015-09-22] (Symantec Corporation)
R3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt32.sys [110504 2014-12-13] (Zemana Ltd.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 mcdevice; C:\WINDOWS\System32\DRIVERS\mcdevice.sys [331072 2011-05-19] (ShiningMorning Inc.)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [18200 2013-02-25] ()
R3 NAVENG; C:\Program Files\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20151005.001\NAVENG.SYS [104440 2015-08-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20151005.001\NAVEX15.SYS [1645432 2015-08-23] (Symantec Corporation)
R3 Nbdrv; C:\WINDOWS\System32\DRIVERS\nbdrv.sys [31016 2011-05-18] (SeriousBit)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [21784 2011-08-10] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-08-23] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-23] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1330048 2003-09-22] (Creative Technology Ltd.)
R1 PCLEPCI; C:\WINDOWS\system32\Drivers\PCLEPCI.SYS [14564 2003-08-18] (Pinnacle Systems GmbH) [File not signed]
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2011-10-28] (VSO Software) [File not signed]
S3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [16168 2007-04-10] (Creative Technology Ltd.)
R2 PrivacyDrive; C:\Program Files\Cybertron\Privacy Drive\Drivers\pdv.sys [179320 2014-12-30] (Cybertron Software, Co., Ltd.)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [11264 2014-06-06] () [File not signed]
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
S3 RRNetCap; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [32936 2014-04-28] (RapidSolution Software AG)
R3 RRNetCapMP; C:\WINDOWS\System32\DRIVERS\rrnetcap.sys [32936 2014-04-28] (RapidSolution Software AG)
R1 SafDskNT; C:\WINDOWS\system32\drivers\SAFDSKNT.SYS [78336 2009-12-07] (PC Dynamics, Inc.) [File not signed]
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012.SP5c\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [165000 2015-09-21] (Sandboxie Holdings, LLC)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [116320 2015-02-18] (Power Software Ltd)
R2 SCRCAMNETDRIVER; C:\WINDOWS\System32\DRIVERS\SCRCAMNETDRIVER.sys [233096 2012-05-09] (Windows ® Server 2003 DDK provider)
R2 Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [64512 1996-12-12] () [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NS\1605020.00F\SRTSP.SYS [711408 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NS\1605040.018\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NS\1605040.018\SYMEFASI.SYS [1286896 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [103152 2015-07-23] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NS\1605040.018\Ironx86.SYS [234744 2015-07-10] (Symantec Corporation)
R3 SYMTDI; C:\WINDOWS\System32\Drivers\NS\1605020.00F\SYMTDI.SYS [388440 2015-07-10] (Symantec Corporation)
R3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [39048 2014-04-28] (RapidSolution Software AG)
S3 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [889888 2015-05-03] (Acronis International GmbH)
R2 thdudf; C:\WINDOWS\System32\DRIVERS\thdudf.sys [66944 2012-09-27] (TOSHIBA Corporation) [File not signed]
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [736192 2013-11-01] (Acronis International GmbH)
R0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [143648 2015-05-03] (Acronis International GmbH)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2011-04-23] (Acronis)
R1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [95368 2015-05-19] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\DRIVERS\uim_devim.sys [20616 2015-05-19] ()
R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [540808 2015-05-19] ()
S1 Uim_Vim; C:\WINDOWS\System32\Drivers\Uim_Vim.sys [283472 2012-10-31] (Paragon)
R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [116000 2015-05-03] (Acronis International GmbH)
R0 vidsflt; C:\WINDOWS\System32\DRIVERS\vidsflt.sys [85280 2015-05-03] (Acronis International GmbH)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo32.dll [13264 2015-09-28] (wisecleaner.com)
S3 EUBAKUP0; \??\C:\WINDOWS\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\WINDOWS\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\WINDOWS\system32\drivers\EUFDDISK0.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S4 SIODRV; no ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U2 TMAgent; no ImagePath

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\DRIVERS\afcdp.sys DF139E5866C19E0B3217EF210198D875
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\System32\drivers\aflfile.sys 15049386EDD269B3DD626F8425AE90B9
C:\WINDOWS\System32\ambakdrv.sys DEB88D6B0D7CE5FB78FC4AB88E6B0C43
C:\WINDOWS\system32\ammntdrv.sys 9059308FD5FE4317B6C489CA570567CB
C:\WINDOWS\system32\ampa.sys 7677D6E2FEB694866C8D4BC7CAB63028
C:\WINDOWS\system32\amwrtdrv.sys 9D6956A382EE791013B3FE4B7206D8C7
C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys C1C6EA3F8ACD2A9818C0A73A5F63B9B6
C:\WINDOWS\System32\DRIVERS\arp1394.sys B5B8A80875C1DEDEDA8B02765642C32F
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\ati2mtag.sys A7DD7088E2C987DBCB3F4D6D56F723BD
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\system32\drivers\avgtpx86.sys 543E3EA927AD7FCBCFAB9617CED8ED67
C:\WINDOWS\System32\DRIVERS\b57xp32.sys 2ACF06176B9D011567D7F25B83DDD066
C:\WINDOWS\System32\Drivers\BANTExt.sys 5D7BE7B19E827125E016325334E58FF1
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Program Files\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20150928.001\BHDrvx86.sys A1D0D73834A90B9CC93BF60449E68C70
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C
C:\WINDOWS\system32\drivers\NS\1605040.018\ccSetx86.sys AEC565D88F32D950F13951526CED215E
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\System32\DRIVERS\CLVirtualBus01.sys CFF5FCF21DEF3D7B541081D6A0B2BB73
C:\WINDOWS\System32\COMMONFX.DLL 1EF05B641E9A67DED74AC8AD40055DBF
C:\WINDOWS\System32\Drivers\CSN5PDTS82.sys 89CA27ED0EBD13FB0FF00DDCD5B48C39
C:\WINDOWS\System32\CT20XUT.DLL 6191A973461852A09D643609E1D5F7C6
C:\WINDOWS\System32\drivers\ctac32k.sys 8AC5F77E30E37D2D11BD99EFF0C53D8C
C:\WINDOWS\System32\drivers\ctaud2k.sys 673241D314E932F4890509AE8EBF26DB
C:\WINDOWS\System32\CTAUDFX.DLL 472B82D7E549E7FAB428852E4D16F21D
C:\WINDOWS\System32\drivers\ctdvda2k.sys ED316D4C3D39C5B6C23DE067E275C183
C:\WINDOWS\System32\CTEAPSFX.DLL 6A57F82009563AEE8826F117E1D3C72C
C:\WINDOWS\System32\CTEDSPFX.DLL C8AC1FFAEADD655193D7B1811A572D8D
C:\WINDOWS\System32\CTEDSPIO.DLL 44495D9DAF675257D00B25B041EE6667
C:\WINDOWS\System32\CTEDSPSY.DLL 8E90B1762CB42E2FC76DAC9210C83C66
C:\WINDOWS\System32\CTERFXFX.DLL D3FBD9983325435B06795F29CB57ED3D
C:\WINDOWS\System32\CTEXFIFX.DLL 2C48E9D8CA703964463F27AE341115B7
C:\WINDOWS\System32\CTHWIUT.DLL F7657C598E7C29C6683C1E4A8DD68884
C:\WINDOWS\System32\drivers\ctprxy2k.sys 34E7F8A499FD8361DF14FEDB724C0AD3
C:\WINDOWS\System32\CTSBLFX.DLL 679AE21EB7F48A08184813AEBABDEC7C
C:\WINDOWS\System32\drivers\ctsfm2k.sys B459AE4AFCA570088ADDDBE55EABBC92
C:\WINDOWS\System32\DRIVERS\dc3d.sys B7EF38C2C22A7805DE919CFF5E16A372
C:\WINDOWS\system32\ddmdrv.sys D0811482B2C7B46E9011DD21CA78AA96
C:\WINDOWS\System32\Drivers\DgiVecp.sys A5034F77B278F07E224FE07CF98A8B76
C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys 74C79938AA7B65B17D8E7722BD602095
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\DLA\DLABMFSM.SYS 7A1E8F722479EF934D71798AC3617ED7
C:\WINDOWS\System32\DLA\DLABOIOM.SYS 2281B5C596C04645426B3771A3BD5657
C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 43749294A1D9F22FE164A62C1A42919D
C:\WINDOWS\System32\DLA\DLADResM.SYS 54A3F9EBD1DDC975736F8E18A9B8FCE9
C:\WINDOWS\System32\DLA\DLAIFS_M.SYS E0FBAF0146BFCEEC29F31F07452DB4AD
C:\WINDOWS\System32\DLA\DLAOPIOM.SYS D3CE0C76496A5332032399639485774F
C:\WINDOWS\System32\DLA\DLAPoolM.SYS FCE1882364D4C324B937A841EF9C58AC
C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 14183A8EFF683EB0C1774802578ED0F4
C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 2EF8C92AB8411589387845F58534C7D9
C:\WINDOWS\System32\DLA\DLAUDF_M.SYS A2096FD7B5037085A3DC580E2891D2C4
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\System32\drivers\drvmcdb.sys 1FB11E1EAC27668754FD18A079CCCFB3
C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 9628DFA16B1A47615C65318F8776F233
C:\WINDOWS\System32\drivers\dvdfab.sys 12986452237021FD48B08F8E23F6A7AB
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 9281F8E827D4A326D9F1FA9EA99F65A7
C:\WINDOWS\System32\DRIVERS\el90xbc5.sys 6E883BF518296A40959131C2304AF714
C:\WINDOWS\System32\drivers\emupia2k.sys 2885F72D2DAFFD0329272F12E16D6579
C:\WINDOWS\system32\epmntdrv.sys AF3B8A2BFFCDB60F402078B819E98DF8
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 5D9228ED8C671FACC734EC00C6169673
C:\WINDOWS\System32\drivers\eubakup.sys 61D2F85D27EBA2CD155A011A9B8FE03F
C:\WINDOWS\System32\drivers\EUBKMON.sys 7C41BF67799EF253BAF98C90E4D22374
C:\WINDOWS\system32\drivers\eudskacs.sys A7AEF41F01E8DCF964C5CFBE0563BDA3
C:\WINDOWS\system32\drivers\EuFdDisk.sys 1D5DD3F87FBE6BC82C42D48F20B4780D
C:\WINDOWS\system32\EuGdiDrv.sys 886CDC85E0B6C9AC2547F919E5B224A3
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\system32\Drivers\FileDisk.sys 093913A016845FE257ED9B7FC8E28ED8
C:\WINDOWS\System32\DRIVERS\FileLock.sys 5894E959EF6D8784A4B7E39E4997B103
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\System32\DRIVERS\fltsrv.sys 25A6A4FE918BE28B75C5CD3F32A46B3C
C:\WINDOWS\System32\Drivers\FSPFltd2.sys 213B080590BF65E2285C232D7937885C
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\gameenum.sys 065639773D8B03F33577F6CDAEA21063
C:\WINDOWS\System32\giveio.sys 77EBF3E9386DAA51551AF429052D88D0
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\drivers\ha10kx2k.sys DA2C735B66D2E7B739F9A46146581A9D
C:\WINDOWS\System32\drivers\hap16v2k.sys 5C7D6D68796E4621B4168C879908DAE0
C:\WINDOWS\System32\drivers\hap17v2k.sys A595B88AD16D8B5693DDF08113CAF30E
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\system32\drivers\hitmanpro37.sys 05E0D8EE7D6FAB5CB672FEC3AAD93AA0
C:\WINDOWS\System32\DRIVERS\hotcore3.sys 29CA49EC2CC4E00CFF88F7C8250F1DAE
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\Program Files\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20151002.004\IDSxpx86.sys 6FD5B26009E444849FAD8ABD107FBBE8
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\WINDOWS\System32\DRIVERS\KeyCrypt32.sys B20717C2220E4878AB956E47D5CB3F8A
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\system32\drivers\mbam.sys AB73A39A5E45F465B02C11C500BB0278
C:\WINDOWS\System32\DRIVERS\mcdevice.sys D7D9D30F7C21A7CA3A28C109AF59456A
C:\WINDOWS\system32\MDA_NTDRV.sys 894B552E5579E5BA740B597F9642006C
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB
C:\Program Files\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20151005.001\NAVENG.SYS 18AD0AC87FF266B5E5616FCD6C577311
C:\Program Files\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20151005.001\NAVEX15.SYS 9EDB941A9FA181C4C3DEFF0A0559A056
C:\WINDOWS\System32\DRIVERS\nbdrv.sys C9DEAC695B5107C31B451F254DF7E3A4
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\System32\DRIVERS\nic1394.sys E9E47CFB2D461FA0FC75B7A74C6383EA
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\System32\DRIVERS\NuidFltr.sys 37BE10FF10A92031FC5A01E8363925CC
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys 8B8B1BE2DBA4025DA6786C645F77F123
C:\WINDOWS\System32\DRIVERS\nwlnknb.sys 56D34A67C05E94E16377C60609741FF8
C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys C0BB7D1615E1ACBDC99757F6CEAF8CF0
C:\WINDOWS\System32\DRIVERS\nwrdr.sys 36B9B950E3D2E100970A48D8BAD86740
C:\WINDOWS\System32\DRIVERS\ohci1394.sys CA33832DF41AFB202EE7AEB05145922F
C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS CEC7E2C6C1FA00C7AB2F5434F848AE51
C:\WINDOWS\System32\drivers\ctoss2k.sys C720C25B2D0C93DC425155F5B6A707F3
C:\WINDOWS\System32\drivers\P16X.sys F051107FF80F132882E71E3A5D302EC1
C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\system32\Drivers\PCLEPCI.SYS 14D4FE0A208CDD66E5A97AF26B1F54E5
C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\System32\Drivers\pcouffin.sys 5B6C11DE7E839C05248CED8825470FEF
C:\WINDOWS\System32\drivers\pfc.sys 444F122E68DB44C0589227781F3C8B3F
C:\WINDOWS\system32\drivers\PfModNT.sys 6DABB70783EF470492ADB7B9A6E60BF3
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\Program Files\Cybertron\Privacy Drive\Drivers\pdv.sys FB13A4B493BC36B70B50063A611C71DA
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\system32\pwdrvio.sys F82C40D312F956952D3AC9F39E469DC5
C:\WINDOWS\system32\pwdspio.sys E0E181D58EBA5690511FAEF69D333B5D
C:\WINDOWS\System32\Drivers\PxHelp20.sys 1962166E0CEB740704F30FA55AD3D509
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\WINDOWS\System32\DRIVERS\rrnetcap.sys 6A04044D443DD392F234218A23DBBF1C
C:\WINDOWS\System32\DRIVERS\rrnetcap.sys 6A04044D443DD392F234218A23DBBF1C
C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys 3529828EC571FB2F64F6B142F9109993
C:\WINDOWS\system32\drivers\SAFDSKNT.SYS B002949486A5186471803E4DDFA42502
C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012.SP5c\WNt500x86\Sandra.sys 230FD3749904CA045EA5EC0AA14006E9
C:\Program Files\Sandboxie\SbieDrv.sys 83F4D68DF0538951F357429FAA5D2E02
C:\WINDOWS\system32\Drivers\SCDEmu.sys A0B34043F24D3189F98621F412EDEA37
C:\WINDOWS\System32\DRIVERS\SCRCAMNETDRIVER.sys AEF3E22FA127579F6160B435D59BE994
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\drivers\senfilt.sys B9C7617C1E8AB6FDFF75D3C8DAFCB4C8
C:\WINDOWS\System32\Drivers\SENTINEL.SYS 05F03D7F2999431C53CE254DA1301B31
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14
C:\WINDOWS\System32\drivers\smwdm.sys C6D9959E493682F872A639B6EC1B4A08
C:\WINDOWS\System32\DRIVERS\snapman.sys AF0C80CBC0A2C29462F84FBF74BE59BD
C:\WINDOWS\System32\speedfan.sys 3FA2E254BFBCE52B3C6F1BF23AAB6911
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\Drivers\NS\1605020.00F\SRTSP.SYS 8242E141362551E18C866A9DE74F2969
C:\WINDOWS\system32\drivers\NS\1605040.018\SRTSPX.SYS 19676873F68D12EAE8224B5EF4F14B3F
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\NS\1605040.018\SYMEFASI.SYS 382C092AB911475DA6AF1C09C32CBE7E
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 649B20996B62B0E76DC2B93976D32B72
C:\WINDOWS\system32\drivers\NS\1605040.018\Ironx86.SYS EC714F7D571AC5CCC7E5F5427316C261
C:\WINDOWS\System32\Drivers\NS\1605020.00F\SYMTDI.SYS AC849D9CAB03687CCC2F6C29F334E771
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\drivers\tbhsd.sys A31C02A9BF05BCFF9004185CCC112008
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\System32\DRIVERS\tdrpman.sys D6755D59F40B082AD04109F34C909E04
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\System32\DRIVERS\thdudf.sys 9D4BBD6E27B5562AEA8295DE7134E386
C:\WINDOWS\System32\DRIVERS\tib.sys D8101E21C746F8234B3DB6AACC3A55BB
C:\WINDOWS\System32\DRIVERS\tib_mounter.sys 02CF2A181BC2DEF83166CFF678575185
C:\WINDOWS\System32\DRIVERS\tifsfilt.sys 6DCB8DDB481CD3C40FA68593723B4D89
C:\WINDOWS\System32\drivers\truecrypt.sys 746B8CF9CEDEDDD865472544EDF626DA
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\UimBus.sys 56CB69D56E7E9058FA971F8E6EF6D7FD
C:\WINDOWS\System32\DRIVERS\uim_devim.sys EB7011FAE1EA53F3E8100C1313F772A0
C:\WINDOWS\System32\Drivers\Uim_IM.sys 503D0D94BE118480727B5663F1AA601D
C:\WINDOWS\System32\Drivers\Uim_Vim.sys 25EB385F490E24D87D009337C12CFAAA
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\drivers\usbaudio.sys 65898A183FBF1D1F7759D5CCB364DCD4
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC
C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbohci.sys 0DAECCE65366EA32B162F85F07C6753B
C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\System32\DRIVERS\vididr.sys 32CE9263994A4C714FBA8AA5408741CD
C:\WINDOWS\System32\DRIVERS\vidsflt.sys 1DD53BB11BDAB317E065FFE429831751
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\DRIVERS\wdcsam.sys D6EFAF429FD30C5DF613D220E344CCE7
C:\WINDOWS\System32\Drivers\wdf01000.sys D918617B46457B9AC28027722E30F647
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\DRIVERS\wimmount.sys 05FB36A51E04A6C6B3A5F125FA692E6B
C:\WINDOWS\WiseHDInfo32.dll AEE7F2C1260173250269357FE6DB8124
C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8
C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78
C:\WINDOWS\System32\DRIVERS\WudfPf.sys EAA6324F51214D2F6718977EC9CE0DEF
C:\WINDOWS\System32\DRIVERS\wudfrd.sys F91FF1E51FCA30B3C3981DB7D5924252

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-05 17:11 - 2015-10-05 17:12 - 00000000 ____D C:\FRST
2015-10-05 17:06 - 2015-10-05 17:07 - 00000000 ____D C:\Security
2015-10-05 17:04 - 2015-10-05 17:05 - 00000000 ____D C:\Internet
2015-10-05 17:02 - 2015-10-05 17:02 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\New Folder
2015-10-05 16:52 - 2015-10-05 16:52 - 00000000 ____D C:\Copy of Utilities
2015-10-05 16:50 - 2015-10-05 16:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
2015-10-02 15:13 - 2015-10-03 20:46 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-10-02 15:10 - 2015-10-02 15:10 - 01190616 _____ (Adobe Systems Incorporated) C:\Documents and Settings\GAK\My Documents\flashplayer19pp_fa_install.exe
2015-10-02 14:59 - 2015-10-02 14:59 - 00000000 ____D C:\Documents and Settings\GAK\Local Settings\Application Data\Opera Software
2015-10-02 14:58 - 2015-10-05 15:02 - 00000392 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1443812322.job
2015-10-02 14:58 - 2015-10-02 14:58 - 00000669 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera 32.lnk
2015-10-02 14:58 - 2015-10-02 14:58 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\Opera Software
2015-09-30 17:54 - 2015-09-30 17:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinUtilities
2015-09-30 17:53 - 2015-09-30 17:59 - 00000000 ____D C:\Program Files\WinUtilities
2015-09-28 19:54 - 2015-09-28 19:54 - 00013264 _____ (wisecleaner.com) C:\WINDOWS\WiseHDInfo32.dll
2015-09-26 19:38 - 2015-09-26 19:43 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\Smart CD Catalog PRO
2015-09-26 19:37 - 2015-09-26 19:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Smart CD Catalog PRO
2015-09-26 19:37 - 2011-12-09 08:56 - 01923064 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.Controls.v15.2.1.ocx
2015-09-26 19:37 - 2011-12-09 08:56 - 00837624 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.DockingPane.v15.2.1.ocx
2015-09-26 19:37 - 2011-12-09 08:55 - 02734072 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.CommandBars.v15.2.1.ocx
2015-09-26 19:37 - 2008-08-22 07:35 - 00538544 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.SkinFramework.Unicode.v12.0.2.ocx
2015-09-26 19:36 - 2015-09-26 19:41 - 00000000 ____D C:\Program Files\Smart CD Catalog PRO
2015-09-26 19:36 - 2000-02-09 14:30 - 00081920 _____ (Visual Coders) C:\WINDOWS\system32\vcDateTimePicker.ocx
2015-09-23 19:43 - 2015-09-23 19:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo PCTrans 8.0
2015-09-15 20:07 - 2015-09-15 20:07 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\Pixarra
2015-09-11 19:58 - 2015-09-11 19:58 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\MAGIX
2015-09-11 19:57 - 2015-09-11 19:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MAGIX
2015-09-11 19:57 - 2015-09-11 19:57 - 00000000 ____D C:\Documents and Settings\GAK\Local Settings\Application Data\Xara
2015-09-11 19:54 - 2015-09-11 19:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Xara
2015-09-11 19:53 - 2015-09-11 19:53 - 00000000 ___RD C:\Documents and Settings\GAK\My Documents\Xara
2015-09-11 19:53 - 2015-09-11 19:53 - 00000000 ____D C:\Program Files\Xara
2015-09-11 19:53 - 2015-09-11 19:53 - 00000000 ____D C:\Program Files\Common Files\Xara Services
2015-09-11 19:53 - 2015-09-11 19:53 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2015-09-11 19:53 - 2015-09-11 19:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Xara
2015-09-10 17:52 - 2015-09-10 17:52 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\CapSystems
2015-09-10 16:58 - 2015-09-10 16:58 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\Smart PC Utilities
2015-09-10 16:00 - 2015-09-10 16:00 - 00000000 ____D C:\Program Files\CapSystems
2015-09-10 16:00 - 2015-09-10 16:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CapSystems
2015-09-10 15:54 - 2015-09-10 18:18 - 00000000 ____D C:\Program Files\Cookie Monster
2015-09-10 15:54 - 2015-09-10 15:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Lexun Designs
2015-09-10 15:52 - 2015-09-10 15:54 - 00000000 ____D C:\Program Files\Expired Cookies Cleaner
2015-09-10 15:08 - 2015-09-10 15:08 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\metaspinner net GmbH
2015-09-10 15:05 - 2015-09-10 15:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Pricepirates
2015-09-10 15:04 - 2015-09-10 15:11 - 00000000 ____D C:\Program Files\Pricepirates7
2015-09-09 20:26 - 2015-09-09 20:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Zoom Player
2015-09-07 20:04 - 2015-09-07 20:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SmartSHOW
2015-09-07 20:02 - 2015-09-07 20:03 - 00000000 ____D C:\Program Files\SmartSHOW
2015-09-06 08:15 - 2015-09-06 08:15 - 00000000 ____D C:\Program Files\Laplink
2015-09-06 08:15 - 2015-09-06 08:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Laplink PCmover Express - Personal Use
2015-09-05 14:34 - 2015-09-05 19:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Informer Technologies, Inc
2015-09-04 23:23 - 2015-10-04 22:48 - 00016931 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-04 19:58 - 2011-09-03 12:36 - 00000732 _____ C:\Documents and Settings\GAK\desktop\MicroSoft Autoruns.lnk
2015-09-04 11:27 - 2015-09-04 11:27 - 00000002 __RSH C:\WINDOWS\48903338352
2015-09-04 11:24 - 2015-09-04 11:24 - 00000000 _____ C:\WINDOWS\fdtest
2015-09-04 11:23 - 2015-09-04 11:28 - 00000000 ____D C:\Program Files\First Draft
2015-09-03 19:38 - 2015-09-03 19:39 - 00000000 ____D C:\Program Files\Nektra SpyStudio
2015-09-03 09:26 - 2015-09-03 09:26 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\WinOrganizer
2015-09-03 09:25 - 2015-09-03 09:25 - 00000000 ____D C:\Documents and Settings\GAK\Start Menu\Programs\WinOrganizer
2015-09-03 09:21 - 2015-09-03 19:34 - 00000000 ____D C:\Program Files\WinOrganizer
2015-09-02 10:15 - 2015-09-02 10:15 - 00644040 RSHOT (Auslogics) C:\WINDOWS\system32\ActionCenterForms.dll
2015-09-01 06:10 - 2015-09-01 06:10 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 06:09 - 2015-09-01 06:09 - 00000000 ____D C:\Documents and Settings\GAK\.oracle_jre_usage
2015-09-01 06:01 - 2015-09-01 06:01 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\Oracle
2015-08-29 19:13 - 2015-08-29 19:13 - 00000000 ____D C:\Program Files\PGWARE
2015-08-29 19:13 - 2015-08-29 19:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SuperRam
2015-08-29 11:07 - 2015-10-03 15:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-28 17:53 - 2015-09-04 19:50 - 00000610 _____ C:\WINDOWS\Tasks\Auslogics BoostSpeed Scan and Repair.job
2015-08-28 17:53 - 2015-09-04 19:50 - 00000384 _____ C:\WINDOWS\Tasks\Auslogics BoostSpeed Start BoostSpeed оn GAK logon.job
2015-08-25 20:34 - 2015-08-25 20:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CyberLink PowerDirector 12
2015-08-24 11:07 - 2015-08-24 11:07 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\WinCatalog
2015-08-23 20:27 - 2015-08-23 20:27 - 00000000 ____D C:\Program Files\DoYourData
2015-08-23 20:27 - 2015-08-23 20:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Do Your Data Recovery 3.0.0
2015-08-21 10:10 - 2015-08-21 10:10 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\Apowersoft
2015-08-18 09:43 - 2015-08-18 09:43 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\DVDFab Passkey
2015-08-17 19:43 - 2011-08-15 14:51 - 00054144 _____ (Fengtao Software Inc.) C:\WINDOWS\system32\Drivers\dvdfab.sys
2015-08-17 19:42 - 2015-08-25 01:06 - 00000000 ____D C:\Program Files\DVDFab Passkey
2015-08-17 19:42 - 2015-08-17 19:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DVDFab Passkey
2015-08-16 09:46 - 2015-08-16 09:46 - 00000000 ____D C:\Program Files\WinCatalog
2015-08-15 18:50 - 2015-08-15 18:50 - 00000000 ____D C:\Documents and Settings\GAK\Local Settings\Application Data\PDF_Helper
2015-08-15 18:49 - 2015-08-15 18:49 - 00000000 ____D C:\Program Files\PDF Helper
2015-08-15 18:49 - 2015-08-15 18:49 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\PDF Helper
2015-08-15 18:49 - 2015-08-15 18:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PDF Helper
2015-08-14 11:58 - 2015-08-14 11:58 - 00000000 ____D C:\Documents and Settings\GAK\Projects Series
2015-08-14 11:58 - 2015-08-14 11:58 - 00000000 ____D C:\Documents and Settings\GAK\PhotoBuzzer Projects 1
2015-08-14 11:30 - 2015-08-14 11:30 - 00000000 ____D C:\Program Files\Franzis
2015-08-14 11:30 - 2015-08-14 11:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Franzis
2015-08-14 11:24 - 2015-08-14 11:56 - 00000000 ____D C:\Program Files\PDF Eraser
2015-08-14 11:24 - 2015-08-14 11:25 - 00000008 _____ C:\Documents and Settings\GAK\Application Data\pecodec.dll
2015-08-14 11:24 - 2015-08-14 11:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PDF Eraser
2015-08-12 09:47 - 2015-08-13 07:23 - 00000000 ____D C:\Program Files\TimeBell
2015-08-12 09:47 - 2015-08-12 09:47 - 00000000 ____D C:\Documents and Settings\GAK\Start Menu\Programs\TimeBell
2015-08-12 09:47 - 2015-08-12 09:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TimeBell
2015-08-09 20:19 - 2015-08-09 20:19 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\DxO Labs
2015-08-09 20:16 - 2015-08-09 20:16 - 00000000 ____D C:\Documents and Settings\GAK\Local Settings\Application Data\DxO_Labs
2015-08-09 20:15 - 2005-07-27 13:43 - 00150224 _____ (Microsoft Corporation) C:\WINDOWS\system32\RGB9Rast_1.dll
2015-08-09 20:14 - 2015-08-09 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DxO Optics Pro 8
2015-08-07 17:52 - 2015-08-07 17:53 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\XnSketch
2015-08-07 17:46 - 2015-08-07 17:51 - 00000000 ____D C:\Program Files\XlSketch
2015-08-07 09:16 - 2015-08-07 09:16 - 00000262 _____ C:\Documents and Settings\GAK\Application Data\FotoSketcher.ini
2015-08-07 09:14 - 2015-08-07 09:14 - 00000000 ____D C:\Program Files\FotoSketcher
2015-08-07 09:14 - 2015-08-07 09:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FotoSketcher
2015-08-06 19:52 - 2015-08-06 19:52 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\Floor Plan Maker
2015-08-06 19:51 - 2015-08-06 19:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Floor Plan Maker 7.9
2015-08-06 19:50 - 2015-08-06 19:52 - 00000000 ____D C:\Program Files\Floor Plan Maker
2015-08-03 09:37 - 2015-08-03 09:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\StrongRecovery
2015-08-02 20:16 - 2015-08-02 20:16 - 00000000 ____D C:\Documents and Settings\GAK\Start Menu\Programs\AoaoPhoto Digital Studio
2015-08-02 20:12 - 2015-08-02 20:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Paragon Go Virtual™ 2015
2015-07-31 20:11 - 2015-07-31 20:11 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\fbm4
2015-07-31 20:11 - 2013-09-06 17:26 - 00103944 _____ C:\WINDOWS\system32\KVPrinterMon.dll
2015-07-30 10:21 - 2015-07-30 10:21 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\iiCreator
2015-07-30 10:21 - 2015-07-30 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iiCreator
2015-07-30 10:20 - 2015-07-30 10:21 - 00000000 ____D C:\Program Files\iiCreator
2015-07-21 19:45 - 2015-07-21 19:45 - 00000000 ____D C:\Documents and Settings\GAK\Local Settings\Application Data\4kdownload.com
2015-07-21 19:40 - 2015-07-21 19:40 - 00000000 ____D C:\Program Files\4KDownload
2015-07-21 19:40 - 2015-07-21 19:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\4K Download
2015-07-19 17:06 - 2015-07-19 17:06 - 00000000 ____D C:\Program Files\Spy Studio
2015-07-19 15:49 - 2015-08-29 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Image Cartoonizer Premium
2015-07-19 15:48 - 2015-07-19 17:02 - 00000000 ____D C:\Program Files\Image Cartoonizer Premium
2015-07-18 16:24 - 2015-07-18 16:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Eassos Recovery
2015-07-18 16:08 - 2015-07-18 16:08 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\Coolmuster
2015-07-18 16:08 - 2015-07-18 16:08 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\Coolmuster
2015-07-18 16:07 - 2015-07-18 16:07 - 00000000 ____D C:\Documents and Settings\GAK\Start Menu\Programs\Coolmuster
2015-07-18 16:07 - 2015-07-18 16:07 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\Coolmuster files
2015-07-18 16:06 - 2015-07-18 16:06 - 00000000 ____D C:\Program Files\Coolmuster
2015-07-17 11:56 - 2015-08-29 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Artensoft Photo Collage Maker
2015-07-13 17:32 - 2015-07-13 17:32 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\PPT2DVD
2015-07-13 17:25 - 2015-07-13 17:25 - 00000000 ____D C:\Documents and Settings\All Users\LEAWO
2015-07-13 16:54 - 2015-07-13 16:54 - 00000000 ____D C:\Documents and Settings\GAK\Start Menu\Programs\Balabolka
2015-07-13 16:54 - 2015-07-13 16:54 - 00000000 ____D C:\Documents and Settings\GAK\My Documents\Balabolka
2015-07-13 16:54 - 2015-07-13 16:54 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\Balabolka
2015-07-13 16:53 - 2015-07-13 16:54 - 00000000 ____D C:\Program Files\Balabolka
2015-07-10 19:21 - 2015-07-10 19:21 - 00000000 ____D C:\Program Files\Apex Text to Speech
2015-07-10 19:21 - 2015-07-10 19:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Apex Text to Speech
2015-07-09 19:50 - 2015-07-09 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PartitionGuru
2015-07-09 12:57 - 2015-07-09 12:58 - 00000000 ____D C:\Program Files\ALLCapture 3.0
2015-07-09 12:57 - 2015-07-09 12:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ALLCapture 3.0

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-05 17:14 - 2011-04-21 11:56 - 00000000 ____D C:\Documents and Settings\GAK\Local Settings\Temp
2015-10-05 16:41 - 2014-12-09 17:26 - 00000000 ____D C:\WINDOWS\system32\Drivers\NS
2015-10-05 16:26 - 2014-01-24 12:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-05 16:16 - 2014-02-13 11:10 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-05 14:29 - 2012-08-29 17:56 - 00001966 _____ C:\WINDOWS\Sandboxie.ini
2015-10-05 13:18 - 2012-12-03 11:07 - 00000499 _____ C:\Documents and Settings\GAK\Application Data\burnaware.ini
2015-10-05 13:11 - 2014-08-13 12:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CDRWIN 10
2015-10-05 13:10 - 2012-06-28 15:03 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-10-05 13:08 - 2014-07-24 20:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Wondershare Player
2015-10-05 12:04 - 2011-07-30 13:47 - 00000000 ____D C:\Program Files\Chaos Manager 2
2015-10-05 11:54 - 2015-07-01 14:39 - 00000000 ____D C:\Program Files\CDRWIN 10
2015-10-05 10:59 - 2012-05-09 09:13 - 00000000 ___SD C:\Documents and Settings\GAK\My Documents\Sticky Passwords
2015-10-05 10:40 - 2012-09-28 08:43 - 00000000 ____D C:\Program Files\Process Lasso
2015-10-05 10:40 - 2012-08-29 17:53 - 00000000 ____D C:\Program Files\Sandboxie
2015-10-05 10:40 - 2012-02-18 07:34 - 00000000 ____D C:\Program Files\NetBalancer
2015-10-05 10:40 - 2011-10-15 23:03 - 00000000 ____D C:\Program Files\PS-Disk Monitoring Utility
2015-10-05 10:21 - 2013-12-09 20:03 - 00000000 ____D C:\Documents and Settings\GAK\Start Menu\Programs\Norton
2015-10-05 10:21 - 2013-12-09 20:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2015-10-05 10:20 - 2011-08-22 13:34 - 00000000 ____D C:\Program Files\4t Tray Minimizer
2015-10-05 10:18 - 2014-02-27 11:39 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\Wise Care 365
2015-10-05 10:18 - 2001-08-23 16:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-05 10:16 - 2015-05-26 15:47 - 00219754 _____ C:\Documents and Settings\LocalService\objsrv.log
2015-10-05 10:16 - 2014-04-04 06:48 - 00000393 _____ C:\WINDOWS\wiadebug.log
2015-10-05 10:16 - 2014-04-04 06:48 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-10-05 10:16 - 2014-03-26 11:18 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-05 10:16 - 2014-02-13 11:10 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-05 10:16 - 2011-04-20 19:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-05 10:16 - 2011-04-20 18:51 - 00000000 ____D C:\WINDOWS\Registration
2015-10-04 22:48 - 2013-05-30 06:20 - 00032508 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-04 22:48 - 2011-04-21 11:56 - 00000178 ___SH C:\Documents and Settings\GAK\ntuser.ini
2015-10-04 22:47 - 2011-04-21 11:56 - 00000000 ____D C:\Documents and Settings\GAK
2015-10-04 14:29 - 2013-06-05 05:55 - 00000000 ____D C:\Program Files\FRST
2015-10-03 12:57 - 2013-05-22 18:22 - 00000000 _____ C:\WINDOWS\MEMORY.DMP
2015-10-03 12:54 - 2013-10-04 19:48 - 00000000 ____D C:\AdwCleaner
2015-10-03 12:51 - 2011-09-22 18:39 - 00000000 ____D C:\Registry Backups
2015-10-02 23:01 - 2013-10-28 19:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Auslogics
2015-10-02 23:01 - 2011-11-23 16:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2015-10-02 15:13 - 2014-07-11 13:58 - 00000000 ____D C:\Documents and Settings\GAK\Local Settings\Application Data\Adobe
2015-10-02 15:13 - 2012-04-14 09:18 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-02 15:13 - 2011-12-15 22:33 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-02 15:02 - 2011-11-26 21:43 - 00000000 ____D C:\Program Files\Opera
2015-10-02 00:48 - 2013-06-03 18:52 - 00000000 ____D C:\Program Files\AdwCleaner
2015-09-30 20:23 - 2011-11-18 15:18 - 00000000 ____D C:\Program Files\Process Explorer
2015-09-30 18:15 - 2012-08-15 20:21 - 00000212 _____ C:\WINDOWS\system32\_WKERNEL.SYL
2015-09-30 12:54 - 2014-06-22 08:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Bytesignals
2015-09-28 19:51 - 2014-02-16 13:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Wise Care 365
2015-09-23 19:42 - 2012-01-11 22:58 - 00000000 ____D C:\Program Files\EASEUS
2015-09-23 00:02 - 2014-07-28 17:16 - 00065536 _____ C:\WINDOWS\system32\config\D3D Vide.evt
2015-09-20 20:35 - 2011-04-21 16:55 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2015-09-17 20:53 - 2012-09-28 08:43 - 00000000 ____D C:\Documents and Settings\GAK\Application Data\ProcessLasso
2015-09-17 10:18 - 2014-12-12 21:07 - 00118648 ____H C:\WINDOWS\system32\mlfcache.dat
2015-09-15 20:09 - 2013-08-02 18:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-09-15 20:02 - 2014-11-18 18:25 - 00000262 _____ C:\Documents and Settings\GAK\Application Data\1119HOTK.dat
2015-09-12 07:40 - 2014-04-03 09:27 - 00159104 _____ C:\Documents and Settings\GAK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-09-12 07:38 - 2014-04-04 06:47 - 00487184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-11 19:57 - 2007-04-27 04:43 - 00120200 _____ () C:\WINDOWS\system32\DLLDEV32i.dll
2015-09-10 18:06 - 2015-03-25 12:42 - 00000754 _____ C:\WINDOWS\WORDPAD.INI
2015-09-10 16:09 - 2011-10-04 21:11 - 00000000 ____D C:\Shortcuts
2015-09-10 16:05 - 2011-09-08 21:59 - 00000000 ____D C:\Documents and Settings\GAK\Local Settings\Application Data\Downloaded Installations
2015-09-09 20:32 - 2014-12-23 17:54 - 00000000 ____D C:\Program Files\MadVR
2015-09-09 20:29 - 2012-02-16 14:49 - 00000000 ____D C:\Program Files\LAV Filters
2015-09-09 20:28 - 2014-12-23 17:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\LAV Filters
2015-09-09 20:26 - 2014-05-12 19:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Zoom Player
2015-09-09 20:26 - 2012-02-16 14:46 - 00000000 ____D C:\Program Files\Zoom Player
2015-09-08 15:11 - 2014-11-06 21:31 - 00000000 ____D C:\Program Files\Hide Folders 2012
2015-09-08 15:11 - 2012-05-09 09:13 - 00000000 ____D C:\Program Files\Sticky Password
2015-09-08 15:00 - 2014-03-26 11:17 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2012-10-07 05:16 - 2012-10-07 05:43 - 6733824 _____ (OptWin Software) C:\Program Files\AllMySongsDatabase.exe
2012-12-02 15:26 - 2012-12-02 15:26 - 0000007 _____ () C:\Program Files\amsd20.dat
2011-05-18 18:56 - 2003-04-01 09:35 - 0122880 _____ (vbAccelerator) C:\Program Files\cPopMenu6.ocx
2012-10-07 05:16 - 2011-05-16 09:06 - 0438272 _____ () C:\Program Files\default.dat
2012-11-08 17:35 - 2012-11-08 17:38 - 0037383 __RSH () C:\Program Files\DLS8Uninstall.log
2012-10-07 05:16 - 2008-02-25 16:25 - 0017436 _____ () C:\Program Files\freeimage-license.txt
2012-10-07 05:16 - 2007-11-19 15:10 - 1937408 _____ (FreeImage) C:\Program Files\FreeImage.dll
2012-10-07 05:16 - 2012-05-12 19:03 - 0007952 _____ () C:\Program Files\LICENSE.rtf
2012-10-07 05:16 - 2012-05-12 18:52 - 0001603 _____ () C:\Program Files\license.txt
2012-10-07 05:16 - 2012-10-07 05:44 - 0001033 _____ () C:\Program Files\options.dat
2012-10-07 05:16 - 2014-04-20 12:30 - 0000078 _____ () C:\Program Files\options.ini
2012-10-07 05:16 - 2012-05-12 18:53 - 0001418 _____ () C:\Program Files\ReadMe.txt
2012-10-07 05:16 - 2014-04-20 12:30 - 0000000 _____ () C:\Program Files\search.ini
2011-05-18 18:56 - 2004-01-21 18:35 - 0040960 _____ (vbAccelerator) C:\Program Files\SSubTmr6.dll
2011-11-28 13:17 - 2011-11-28 13:17 - 0000008 _____ () C:\Program Files\SysResources Managersys112.dat
2013-03-27 14:49 - 2013-03-27 14:49 - 0000848 _____ () C:\Program Files\System Restore Daily Backup.vbs
2011-05-18 18:56 - 2004-02-28 15:05 - 0266240 _____ (vbAccelerator) C:\Program Files\vbalTreeView6.ocx
2012-12-02 15:51 - 2014-04-20 12:30 - 0000037 _____ () C:\Program Files\visiblefields.dat
2011-01-12 03:00 - 2011-01-12 03:00 - 0146944 _____ () C:\Program Files\Common Files\dsfFLACDecoder.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0221184 _____ () C:\Program Files\Common Files\dsfFLACEncoder.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0204800 _____ () C:\Program Files\Common Files\dsfNativeFLACSource.dll
2012-05-11 15:16 - 2012-05-11 15:16 - 0171520 _____ () C:\Program Files\Common Files\dsfOggDemux2.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0240128 _____ () C:\Program Files\Common Files\dsfVorbisDecoder.dll
2011-04-18 23:51 - 2011-04-18 23:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files\Common Files\MSVCP90.dll
2011-04-18 23:51 - 2011-04-18 23:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files\Common Files\MSVCR90.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0412672 _____ (Google) C:\Program Files\Common Files\vp8decoder.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0701440 _____ (Google) C:\Program Files\Common Files\vp8encoder.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0302592 _____ (Google) C:\Program Files\Common Files\webmmux.dll
2010-12-16 22:39 - 2010-12-16 22:39 - 0292352 _____ (Google) C:\Program Files\Common Files\webmsplit.dll
2011-01-12 03:00 - 2011-01-12 03:00 - 0030208 _____ () C:\Program Files\Common Files\wmpinfo.dll
2014-11-18 18:25 - 2015-09-15 20:02 - 0000262 _____ () C:\Documents and Settings\GAK\Application Data\1119HOTK.dat
2012-12-03 11:07 - 2015-10-05 13:18 - 0000499 _____ () C:\Documents and Settings\GAK\Application Data\burnaware.ini
2015-08-07 09:16 - 2015-08-07 09:16 - 0000262 _____ () C:\Documents and Settings\GAK\Application Data\FotoSketcher.ini
2013-06-08 15:55 - 2014-07-28 17:39 - 0000153 _____ () C:\Documents and Settings\GAK\Application Data\mainhst.zgh
2013-07-14 11:55 - 2008-07-07 13:22 - 0000014 _____ () C:\Documents and Settings\GAK\Application Data\options.ini
2013-07-14 11:55 - 2012-07-07 13:04 - 0000003 _____ () C:\Documents and Settings\GAK\Application Data\options_pdfcombine.ini
2013-07-14 11:55 - 2013-02-23 12:15 - 0000003 _____ () C:\Documents and Settings\GAK\Application Data\options_pdfrotator.ini
2011-10-28 14:33 - 2011-10-28 14:33 - 0007887 ____N () C:\Documents and Settings\GAK\Application Data\pcouffin.cat
2011-10-28 14:33 - 2011-10-28 14:33 - 0001144 ____N () C:\Documents and Settings\GAK\Application Data\pcouffin.inf
2011-10-28 14:33 - 2011-10-28 14:33 - 0047360 ____N (VSO Software) C:\Documents and Settings\GAK\Application Data\pcouffin.sys
2015-03-24 21:11 - 2015-03-24 10:22 - 0000703 _____ () C:\Documents and Settings\GAK\Application Data\pdfsound.dll
2015-08-14 11:24 - 2015-08-14 11:25 - 0000008 _____ () C:\Documents and Settings\GAK\Application Data\pecodec.dll
2012-02-24 12:26 - 2012-02-24 13:50 - 11370496 ____N () C:\Documents and Settings\GAK\Application Data\Sandra.mdb
2013-07-14 11:55 - 2013-06-09 09:38 - 0000053 _____ () C:\Documents and Settings\GAK\Application Data\setting.ini
2013-07-14 11:55 - 2013-06-08 13:43 - 0000030 _____ () C:\Documents and Settings\GAK\Application Data\setup.ini
2013-07-14 11:55 - 2013-06-09 09:30 - 0000043 _____ () C:\Documents and Settings\GAK\Application Data\setup_pdfcombine.ini
2013-07-14 11:55 - 2013-06-09 10:34 - 0000043 _____ () C:\Documents and Settings\GAK\Application Data\setup_pdfrotator.ini
2011-12-14 01:59 - 2011-12-14 01:59 - 0000138 ___SH () C:\Documents and Settings\GAK\Local Settings\Application Data\00000021
2011-11-01 12:40 - 2011-11-01 12:40 - 0000138 ___SH () C:\Documents and Settings\GAK\Local Settings\Application Data\00000127
2011-09-25 23:27 - 2015-06-17 11:40 - 0040448 _____ () C:\Documents and Settings\GAK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-07 23:58 - 2012-12-08 09:08 - 0000046 ____N () C:\Documents and Settings\GAK\Local Settings\Application Data\DonationCoder_findrunrobot_InstallInfo.dat
2012-10-29 15:52 - 2012-10-29 15:52 - 0004096 ____N () C:\Documents and Settings\GAK\Local Settings\Application Data\keyfile3.drm
2012-03-05 10:23 - 2013-12-21 19:22 - 0000701 _____ () C:\Documents and Settings\GAK\Local Settings\Application Data\mcset.cfg
2011-06-09 18:24 - 2011-06-09 18:24 - 0000000 ____N () C:\Documents and Settings\GAK\Local Settings\Application Data\{32B65592-EE0E-4BE9-88DD-D4187DDC397A}

Some files in TEMP:
====================
C:\Documents and Settings\GAK\Local Settings\Temp\SandboxieInstall.exe
C:\Documents and Settings\GAK\Local Settings\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\System32\nsprs.dll
C:\Windows\System32\ssprs.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,266 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:23 PM

Posted 11 October 2015 - 08:04 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1606980848-2052111302-839522115-1003 -> No Name - {F090BE08-2E7E-4D60-8FAB-98ABFA425136} -  No File
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File []
Handler: AutorunsDisabled\viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File []
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [odoegbfnimkkocjoeoelkonmlfpbhlnc] - <no Path\update_url>
S4 Roxio UPnP Renderer 9; no ImagePath
S4 Roxio Upnp Server 9; no ImagePath
S4 RoxLiveShare9; no ImagePath
S4 stllssvr; no ImagePath
S3 EUBAKUP0; \??\C:\WINDOWS\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\WINDOWS\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\WINDOWS\system32\drivers\EUFDDISK0.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S4 SIODRV; no ImagePath
U2 TMAgent; no ImagePath
C:\Windows\System32\nsprs.dll
C:\Windows\System32\ssprs.dl
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now?

#8 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 15 October 2015 - 05:47 PM

Hi,

 

I have run Frst.exe as directed and then the fix program.

 

Attached below is the Fixlog file. Unfortunately, the problem persists.

 

What would you suggest now? I have run my copy of Malwarebytes to no success.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:11-10-2015 02
Ran by GAK (2015-10-12 12:28:42) Run:2
Running from C:\Downloads
Loaded Profiles: GAK (Available Profiles: GAK & _ocster_1clk_backup_ & _supereasy_1cbackup_ & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts:
Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1606980848-2052111302-839522115-1003 -> No Name - {F090BE08-2E7E-4D60-8FAB-98ABFA425136} -  No File
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File []
Handler: AutorunsDisabled\viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File []
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls:
Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll => No File
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension:
[odoegbfnimkkocjoeoelkonmlfpbhlnc] - <no Path\update_url>
S4 Roxio UPnP Renderer 9; no ImagePath
S4 Roxio Upnp Server 9; no ImagePath
S4 RoxLiveShare9; no ImagePath
S4 stllssvr; no ImagePath
S3 EUBAKUP0; \??\C:\WINDOWS\system32\drivers\EUBAKUP0.sys [X]
S3 EUBKMON0; \??\C:\WINDOWS\system32\drivers\EUBKMON0.sys [X]
S3 EUFDDISK0; \??\C:\WINDOWS\system32\drivers\EUFDDISK0.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S4 SIODRV; no ImagePath
U2 TMAgent; no ImagePath
C:\Windows\System32\nsprs.dll
C:\Windows\System32\ssprs.dl
End
*****************

Restore point was successfully created.
Processes closed successfully.
GroupPolicyScripts: => Error: No automatic fix found for this entry.
Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1606980848-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F090BE08-2E7E-4D60-8FAB-98ABFA425136} => value removed successfully.
HKCR\CLSID\{F090BE08-2E7E-4D60-8FAB-98ABFA425136} => key not found.
"HKCR\PROTOCOLS\Handler\AutorunsDisabled\linkscanner" => key removed successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
"HKCR\PROTOCOLS\Handler\AutorunsDisabled\viprotocol" => key removed successfully.
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => key not found.
"HKCR\PROTOCOLS\Handler\WSIEChrome" => key removed successfully.
Chrome HomePage => removed successfully.
CHR StartupUrls: => Error: No automatic fix found for this entry.
Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch" => Error: No automatic fix found for this entry.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\45.0.2454.101\pdf.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll => not found.
C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll => not found.
C:\WINDOWS\system32\npDeployJava1.dll => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda" => key removed successfully.
CHR HKLM\...\Chrome\Extension: => Error: No automatic fix found for this entry.
[odoegbfnimkkocjoeoelkonmlfpbhlnc] - <no Path\update_url> => Error: No automatic fix found for this entry.
Roxio UPnP Renderer 9 => service removed successfully.
Roxio Upnp Server 9 => service removed successfully.
RoxLiveShare9 => service removed successfully.
stllssvr => service removed successfully.
EUBAKUP0 => service removed successfully.
EUBKMON0 => service removed successfully.
EUFDDISK0 => service removed successfully.
Partizan => service removed successfully.
SIODRV => service removed successfully.
TMAgent => service removed successfully.
C:\Windows\System32\nsprs.dll => moved successfully
"C:\Windows\System32\ssprs.dl" => File/Folder not found.
EmptyTemp: => 4.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:34:14 ====



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,266 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:23 PM

Posted 16 October 2015 - 06:27 AM

The first few lines in my fix were as follows.
 

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION


Your FixList.txt show:
 

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts:
Restriction <======= ATTENTION


Please run this new fix and make sure that there is not a Carriage return after the GroupPolicyScripts.
The command must be on the same line.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CloseProcesses:

Restriction <======= ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Let me know of any issues.
===

#10 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 21 October 2015 - 12:49 PM

I will run the latest program tonight - I have been having trouble with my System Restore. I think I have it working now.

 

Thanks

 

gak1952



#11 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 24 October 2015 - 05:57 AM

Hi,

 

I've discovered that s.yimg is actually part of Yahoo, so I will not need to pursue this matter any further.

 

I thank you very  much for your help.

 

Sincerely,

 

gak1952



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,266 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:23 PM

Posted 24 October 2015 - 08:50 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,266 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:23 PM

Posted 30 October 2015 - 09:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users