Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Trojan:Win32/Patched.Ap?


  • This topic is locked This topic is locked
38 replies to this topic

#1 AndyH71

AndyH71

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 06 October 2015 - 06:33 PM

Having problems getting online. removed my BitDefender to upgrade to latest version but can not get back online. Windows Defender is going mad with Trojan:Win32/Patched.Ap notifications.

I have managed to get online by using a proxy server however any attempts at using IPconfig, or altering IPv4 settings are blocked.

Ive run an initial FRST and posted the results below. Look forward to assistance in this matter and will get done whats required as soon as possible.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by Andy (administrator) on PHOTO (07-10-2015 00:20:32)
Running from C:\Users\Andy\Downloads
Loaded Profiles: Andy (Available Profiles: Andy)
Platform: Microsoft Windows 10 Pro (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(LenovoEMC Ltd.) D:\Program Files\LenovoEMC Storage Manager\pCloudd.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Program Files\Iomega\Quikprotect\QpMonitor.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Kaspersky Lab) C:\Users\Andy\Downloads\kis16.0.0.614en_8626.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(Iomega Corporation - An EMC Company) C:\Program Files\Iomega\Quikprotect\startQuikProtect.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNABCSWK.EXE
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(LenovoEMC) D:\Program Files\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
() C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
(Kaspersky Lab) C:\Users\Andy\Downloads\kis16.0.0.614en_8626.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP2 Launcher] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [QuiKProtect] => C:\Program Files\Iomega\Quikprotect\StartQuikProtect.exe [49152 2012-09-07] (Iomega Corporation - An EMC Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [bdruninstaller] => C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe [615744 2014-06-23] (Bitdefender)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [Xvid] => D:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [GoogleChromeAutoLaunch_D9C6B67A63EF2C294D4A204374B6A795] => C:\Program Files\Google\Chrome\Application\chrome.exe [815944 2015-09-24] (Google Inc.)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [Dropbox Update] => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-27] (Dropbox, Inc.)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-09-18] (AMD)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [Spybot-S&D Cleaning] => D:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819608 2015-09-23] (SUPERAntiSpyware)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Policies\Explorer: [NoCDBurning] 1
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-01-20]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LenovoEMC Storage Manager.lnk [2013-06-12]
ShortcutTarget: LenovoEMC Storage Manager.lnk -> D:\Program Files\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe (LenovoEMC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk [2015-06-05]
ShortcutTarget: NETGEAR WNA3100M Genie.lnk -> C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe ()
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2010-02-21]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1075742332-318674506-3704920969-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1075742332-318674506-3704920969-1001] => 69.168.242.44:8080
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: 192.168.1.102 ix200
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{31dcf701-8d03-4616-aee8-2ac26c06d417}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{7988b1c6-bd9f-4caa-857b-c6e9f0e663cf}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{cc1d7572-9da1-43fb-bb3d-79532fdfb17a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ee68623b-59b7-4d8b-9e25-9d68e6b15791}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> {BC45BD3C-BDA9-4576-AFF5-B78C8474E039} URL = hxxp://www.bing.com/search?q={searchTerms}&r=370
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
BHO: IE AutoFill -> {ED859E8A-8172-45ED-90FC-E305F0DFBFDF} -> C:\Program Files\IE AutoFill\ieautofillb.dll [2007-08-03] (Amov Research, Ltd.)
BHO: No Name -> {F3FAF2F7-D2C0-4EA4-8DAD-B4B974371C1E} -> C:\Windows\system32\ieuihandler.dll [2007-02-18] (SoftTag.com)
Toolbar: HKLM - IE AutoFill - {738CD4F6-B216-467B-99FA-A2F73CB7164F} - C:\Program Files\IE AutoFill\ieautofill.dll [2007-08-03] (SoftTag.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} hxxp://aceblades.dyndns.info/codebase/NetVideoOCX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-10-22] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> D:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2011-07-21] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2009-10-09] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2009-10-09] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Web Components -> C:\Program Files\Web Components\npWebVideoPlugin.dll [2012-10-08] ()
FF Plugin HKU\S-1-5-21-1075742332-318674506-3704920969-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Andy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-29] (Citrix Online)
FF Plugin HKU\S-1-5-21-1075742332-318674506-3704920969-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Andy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-29]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-27]
CHR Extension: (PasswordBox - Log in with 1-Click) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl [2015-05-01]
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-27]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-27]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-27]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-27]
CHR Extension: (Google Sheets) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-27]
CHR Extension: (Google Docs Offline) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-10-06]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
CHR HKU\S-1-5-21-1075742332-318674506-3704920969-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-02-21] () [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2015-04-29] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 PCloudd; D:\Program Files\LenovoEMC Storage Manager\pCloudd.exe [221536 2013-03-27] (LenovoEMC Ltd.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [823840 2015-09-22] (Bitdefender)
R2 QPCopyEngine; C:\Program Files\Iomega\Quikprotect\QpMonitor.exe [384000 2012-09-07] () [File not signed]
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe [316120 2014-08-18] ()
S4 VSSERV; "C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe" /service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh6.sys [1093368 2015-02-10] (Broadcom Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-10-06] (Malwarebytes Corporation)
R3 mcdbus; C:\WINDOWS\System32\drivers\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 QsFsFltr; C:\WINDOWS\System32\DRIVERS\QsFsFltr.sys [19384 2012-08-20] (Windows ® Win 7 DDK provider)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek                                            )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [2911944 2014-09-04] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SCMNdisP; C:\WINDOWS\System32\DRIVERS\scmndisp.sys [21472 2011-07-22] (Windows ® Win 7 DDK provider)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [575184 2015-06-22] (VIA Technologies, Inc.)
S3 vncmirror; C:\WINDOWS\System32\DRIVERS\vncmirror.sys [4608 2013-12-06] (RealVNC Ltd.)
S3 vodafone_K380x-z_dc_enum; C:\WINDOWS\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [61952 2010-05-20] (Vodafone)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 wna3100m; C:\WINDOWS\System32\DRIVERS\wna3100m.sys [949864 2011-12-30] (NETGEAR Corporation                           )
U0 avc3; no ImagePath
S1 BdfNdisf; \??\F:\Windows\System32\DriverStore\FileRepository\netlwf.inf_x86_neutral_b40dd80ced6a1b59\bdfndisf6.sys [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-11-05 18:30 - 2011-11-09 06:31 - 00000000 ____D C:\Users\Andy\AppData\Local\{C26186ED-3333-458F-8273-8FEFB90EC7F7}
2099-11-05 18:30 - 15511-11-05 18:30 - 00000000 ____D C:\Users\Andy\AppData\Local\{98E0ECB8-FC97-4735-9C0A-CA70BE561D96}
2015-10-07 00:20 - 2015-10-07 00:20 - 00022141 _____ C:\Users\Andy\Downloads\FRST.txt
2015-10-07 00:20 - 2015-10-07 00:20 - 00000000 ____D C:\FRST
2015-10-07 00:19 - 2015-10-07 00:20 - 01697792 _____ (Farbar) C:\Users\Andy\Downloads\FRST.exe
2015-10-07 00:09 - 2015-10-07 00:09 - 00016148 _____ C:\WINDOWS\system32\PHOTO_Andy_HistoryPrediction.bin
2015-10-06 23:56 - 2015-10-06 23:56 - 01910144 _____ (Kaspersky Lab) C:\Users\Andy\Downloads\kis16.0.0.614en_8626.exe
2015-10-06 23:56 - 2015-10-06 23:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-10-06 23:53 - 2015-10-06 23:53 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet.exe
2015-10-06 23:53 - 2015-10-06 23:53 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Andy\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-10-06 23:53 - 2015-10-06 23:53 - 00000000 ____D C:\ProgramData\AVAST Software
2015-10-06 23:47 - 2015-10-06 23:48 - 00000000 ____D C:\Program Files\CCTVWindow
2015-10-06 23:47 - 2015-10-06 23:47 - 00001126 _____ C:\Users\Public\Desktop\CCTV Window 2013D.lnk
2015-10-06 23:47 - 2015-10-06 23:47 - 00000000 __HDC C:\ProgramData\{A1760867-D8AB-44E0-B388-FE98EDC2A62A}
2015-10-06 23:47 - 2015-10-06 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCTVWindow
2015-10-06 23:47 - 2015-10-06 23:47 - 00000000 ____D C:\ProgramData\CCTVWindow
2015-10-06 23:46 - 2015-10-06 23:46 - 00000000 ____D C:\Users\Andy\AppData\Local\PackageAware
2015-10-06 23:44 - 2015-10-06 23:44 - 00000000 ____D C:\Users\Andy\AppData\Local\Avg
2015-10-06 23:42 - 2015-10-06 23:50 - 00000000 ____D C:\ProgramData\MFAData
2015-10-06 23:42 - 2015-10-06 23:42 - 00000000 ____D C:\Users\Andy\AppData\Local\MFAData
2015-10-06 23:42 - 2015-10-06 23:42 - 00000000 ____D C:\Users\Andy\AppData\Local\Avg2015
2015-10-06 23:41 - 2015-10-06 23:42 - 05053024 _____ (AVG Technologies) C:\Users\Andy\Downloads\avg_free_stb_all_6140p1_177.exe
2015-10-06 23:38 - 2015-10-06 23:38 - 00024685 _____ C:\ProgramData\1444171123.bdinstall.bin
2015-10-06 23:37 - 2015-10-06 23:37 - 00024687 _____ C:\ProgramData\1444171069.bdinstall.bin
2015-10-06 23:36 - 2015-10-06 23:36 - 00024686 _____ C:\ProgramData\1444170997.bdinstall.bin
2015-10-06 23:35 - 2015-10-06 23:35 - 00024688 _____ C:\ProgramData\1444170936.bdinstall.bin
2015-10-06 23:33 - 2015-10-06 23:33 - 00024687 _____ C:\ProgramData\1444170792.bdinstall.bin
2015-10-06 23:05 - 2015-10-06 23:05 - 00000000 ____D C:\SUPERDelete
2015-10-06 22:21 - 2015-10-06 22:21 - 00000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a490ebfb-45de-4f1e-9740-3a1238c2b95d.job
2015-10-06 22:21 - 2015-10-06 22:21 - 00000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2bd0589a-06da-4bb9-afd0-2812cc0ec818.job
2015-10-06 22:19 - 2015-10-06 22:19 - 00002030 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-10-06 22:19 - 2015-10-06 22:19 - 00000000 ____D C:\Users\Andy\AppData\Roaming\SUPERAntiSpyware.com
2015-10-06 22:19 - 2015-10-06 22:19 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-06 22:19 - 2015-10-06 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-10-06 22:19 - 2015-10-06 22:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-06 22:11 - 2015-10-06 22:19 - 23607992 _____ (SUPERAntiSpyware) C:\Users\Andy\Downloads\SAS_160608.EXE
2015-10-06 22:06 - 2015-10-06 22:06 - 00039480 _____ C:\Users\Andy\Downloads\qsinstaller.exe
2015-10-06 22:04 - 2015-10-06 22:04 - 00424769 _____ C:\Users\Andy\AppData\Local\census.cache
2015-10-06 22:04 - 2015-10-06 22:04 - 00163053 _____ C:\Users\Andy\AppData\Local\ars.cache
2015-10-06 21:59 - 2015-10-06 21:59 - 00000010 _____ C:\Users\Andy\AppData\Local\sponge.last.runtime.cache
2015-10-06 21:48 - 2015-10-06 21:48 - 00024339 _____ C:\ProgramData\1444164507.bdinstall.bin
2015-10-06 21:29 - 2015-10-06 21:29 - 02073112 _____ (Trend Micro Inc.) C:\Users\Andy\Downloads\HousecallLauncher.exe
2015-10-06 21:29 - 2015-10-06 21:29 - 00000036 _____ C:\Users\Andy\AppData\Local\housecall.guid.cache
2015-10-06 21:27 - 2015-10-06 21:27 - 00024411 _____ C:\ProgramData\1444163246.bdinstall.bin
2015-10-06 21:24 - 2015-10-06 21:24 - 00024687 _____ C:\ProgramData\1444163077.bdinstall.bin
2015-10-06 21:20 - 2015-10-06 21:20 - 00001205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2015-10-06 21:20 - 2015-10-06 21:20 - 00001193 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2015-10-06 21:20 - 2015-10-06 21:20 - 00000000 ____D C:\Program Files\TeamViewer
2015-10-06 21:19 - 2015-10-06 21:19 - 00024688 _____ C:\ProgramData\1444162752.bdinstall.bin
2015-10-06 21:19 - 2015-10-06 21:19 - 00008141 _____ C:\ProgramData\1444162781.bdinstall.bin
2015-10-06 21:19 - 2015-10-06 21:19 - 00008141 _____ C:\ProgramData\1444162765.bdinstall.bin
2015-10-06 21:14 - 2015-10-06 21:14 - 00024339 _____ C:\ProgramData\1444162456.bdinstall.bin
2015-10-06 21:12 - 2015-10-06 23:39 - 00000000 ____D C:\Program Files\Bitdefender Agent
2015-10-06 21:12 - 2015-10-06 21:12 - 00041595 _____ C:\ProgramData\1444162348.bdinstall.bin
2015-10-06 21:12 - 2015-10-06 21:12 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2015-10-06 21:08 - 2015-10-06 21:12 - 07207040 _____ C:\Users\Andy\Downloads\bitdefender_windows_f5127fc9-2066-4fcb-a01a-34d1bcb032e2.exe
2015-10-06 21:02 - 2015-10-06 21:28 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-06 20:39 - 2015-10-06 18:32 - 00451073 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20151006-203951.backup
2015-10-06 20:05 - 2015-10-06 20:05 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Malwarebytes
2015-10-06 19:16 - 2015-10-06 19:16 - 00270732 _____ C:\ProgramData\1444155255.bdinstall.bin
2015-10-06 18:32 - 2015-09-28 21:01 - 00451073 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20151006-183223.backup
2015-10-06 18:17 - 2015-10-06 18:17 - 02842784 _____ C:\Users\Andy\Downloads\The_New_Bitdefender_UninstallTool.exe
2015-10-06 18:15 - 2015-10-06 21:20 - 06024432 _____ C:\Users\Andy\Downloads\BitDefenderQS_EN.exe
2015-10-06 18:10 - 2015-10-06 18:22 - 00000000 ____D C:\Users\Andy\Desktop\Bitdefender Support Tool
2015-10-06 18:06 - 2015-10-06 18:06 - 00000000 ____D C:\ProgramData\Dumps
2015-10-03 08:28 - 2015-10-03 08:28 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-01 19:20 - 2015-09-24 23:37 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-01 19:20 - 2015-09-17 07:28 - 06265168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-01 19:20 - 2015-09-17 07:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-01 19:20 - 2015-09-17 07:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-01 19:20 - 2015-09-17 07:27 - 01766952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 19:20 - 2015-09-17 07:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 19:20 - 2015-09-17 07:26 - 01856848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 19:20 - 2015-09-17 07:26 - 01708376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 19:20 - 2015-09-17 07:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-01 19:20 - 2015-09-17 07:26 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 19:20 - 2015-09-17 07:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-01 19:20 - 2015-09-17 07:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 19:20 - 2015-09-17 07:13 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-01 19:20 - 2015-09-17 06:51 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-01 19:20 - 2015-09-17 06:47 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 19:20 - 2015-09-17 06:45 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-01 19:20 - 2015-09-17 06:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-01 19:20 - 2015-09-17 06:41 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-01 19:20 - 2015-09-17 06:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-01 19:20 - 2015-09-17 06:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 19:20 - 2015-09-17 06:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 19:20 - 2015-09-17 06:39 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-01 19:20 - 2015-09-17 06:39 - 01829376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-01 19:20 - 2015-09-17 06:37 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-01 19:20 - 2015-09-17 06:36 - 00926720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-01 19:20 - 2015-09-17 06:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-01 19:20 - 2015-09-17 06:35 - 03026432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 19:20 - 2015-09-17 06:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-01 19:20 - 2015-09-17 06:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 19:20 - 2015-09-17 06:32 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-01 19:20 - 2015-09-17 06:32 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-01 19:20 - 2015-09-17 06:32 - 00989696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 19:20 - 2015-09-17 06:31 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-01 19:20 - 2015-09-17 06:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 19:20 - 2015-09-17 06:27 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-01 19:20 - 2015-09-17 06:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 19:20 - 2015-08-27 06:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-01 19:20 - 2015-08-27 06:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-10-01 19:20 - 2015-08-27 06:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-10-01 19:20 - 2015-08-27 06:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-01 19:20 - 2015-08-20 06:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-01 19:20 - 2015-08-18 07:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-10-01 19:19 - 2015-09-25 00:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-01 19:19 - 2015-09-25 00:34 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-01 19:19 - 2015-09-25 00:18 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-01 19:19 - 2015-09-24 23:43 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-01 19:19 - 2015-09-24 23:43 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-01 19:19 - 2015-09-24 23:42 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-01 19:19 - 2015-09-24 23:30 - 02985472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-01 19:19 - 2015-09-24 23:29 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-01 19:19 - 2015-09-24 23:28 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-01 19:19 - 2015-09-24 23:28 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-01 19:19 - 2015-09-24 23:25 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-01 19:19 - 2015-09-24 23:25 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-01 19:19 - 2015-09-24 23:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-01 19:19 - 2015-09-24 23:25 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-01 19:19 - 2015-09-24 23:25 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-01 19:19 - 2015-09-24 23:24 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-01 19:19 - 2015-09-24 23:19 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-01 19:19 - 2015-09-24 23:11 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-01 19:19 - 2015-09-19 04:50 - 00083160 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-01 19:19 - 2015-09-17 07:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-01 19:19 - 2015-09-17 07:28 - 01343952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-01 19:19 - 2015-09-17 07:28 - 00680144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 19:19 - 2015-09-17 07:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 19:19 - 2015-09-17 07:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-10-01 19:19 - 2015-09-17 07:28 - 00083792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 19:19 - 2015-09-17 07:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 19:19 - 2015-09-17 07:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-01 19:19 - 2015-09-17 07:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 19:19 - 2015-09-17 07:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-01 19:19 - 2015-09-17 07:26 - 00436064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 19:19 - 2015-09-17 07:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 19:19 - 2015-09-17 07:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-01 19:19 - 2015-09-17 07:26 - 00414560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 19:19 - 2015-09-17 07:26 - 00335696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 19:19 - 2015-09-17 07:26 - 00274272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 19:19 - 2015-09-17 07:26 - 00228192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 19:19 - 2015-09-17 07:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-01 19:19 - 2015-09-17 07:15 - 00070744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-01 19:19 - 2015-09-17 07:13 - 00918880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 19:19 - 2015-09-17 06:51 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-01 19:19 - 2015-09-17 06:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-01 19:19 - 2015-09-17 06:51 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 19:19 - 2015-09-17 06:51 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-01 19:19 - 2015-09-17 06:49 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-01 19:19 - 2015-09-17 06:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 19:19 - 2015-09-17 06:49 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 19:19 - 2015-09-17 06:48 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-01 19:19 - 2015-09-17 06:48 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 19:19 - 2015-09-17 06:48 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-01 19:19 - 2015-09-17 06:47 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 19:19 - 2015-09-17 06:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 19:19 - 2015-09-17 06:46 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 19:19 - 2015-09-17 06:46 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 19:19 - 2015-09-17 06:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 19:19 - 2015-09-17 06:45 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 19:19 - 2015-09-17 06:45 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 19:19 - 2015-09-17 06:45 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-01 19:19 - 2015-09-17 06:45 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 19:19 - 2015-09-17 06:45 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 19:19 - 2015-09-17 06:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 19:19 - 2015-09-17 06:43 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 19:19 - 2015-09-17 06:42 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-01 19:19 - 2015-09-17 06:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 19:19 - 2015-09-17 06:41 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 19:19 - 2015-09-17 06:40 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 19:19 - 2015-09-17 06:40 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 19:19 - 2015-09-17 06:40 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 19:19 - 2015-09-17 06:40 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-01 19:19 - 2015-09-17 06:39 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-01 19:19 - 2015-09-17 06:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 06529024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 19:19 - 2015-09-17 06:35 - 01762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-01 19:19 - 2015-09-17 06:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 19:19 - 2015-09-17 06:35 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-01 19:19 - 2015-09-17 06:34 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 19:19 - 2015-09-17 06:34 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 19:19 - 2015-09-17 06:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-01 19:19 - 2015-09-17 06:34 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 19:19 - 2015-09-17 06:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 19:19 - 2015-09-17 06:33 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-01 19:19 - 2015-09-17 06:33 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 19:19 - 2015-09-17 06:33 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 19:19 - 2015-09-17 06:32 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-01 19:19 - 2015-09-17 06:32 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-01 19:19 - 2015-09-17 06:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 19:19 - 2015-09-17 06:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 19:19 - 2015-09-17 06:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 19:19 - 2015-09-17 06:31 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-01 19:19 - 2015-09-17 06:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 19:19 - 2015-09-17 06:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-01 19:19 - 2015-09-17 06:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-01 19:19 - 2015-09-17 06:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-01 19:19 - 2015-09-17 06:29 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-01 19:19 - 2015-09-17 06:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-01 19:19 - 2015-09-17 06:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-01 19:19 - 2015-09-17 06:28 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-01 19:19 - 2015-09-17 06:28 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-01 19:19 - 2015-09-17 06:27 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 19:19 - 2015-09-17 06:27 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-01 19:19 - 2015-09-13 02:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-01 19:19 - 2015-08-27 06:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-10-01 19:19 - 2015-08-27 06:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-10-01 19:19 - 2015-08-27 06:19 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-10-01 19:19 - 2015-08-27 06:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-01 19:19 - 2015-08-27 06:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-01 19:19 - 2015-08-27 06:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-10-01 19:19 - 2015-08-27 06:11 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-10-01 19:19 - 2015-08-27 06:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-10-01 19:19 - 2015-08-27 06:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-10-01 19:19 - 2015-08-20 06:22 - 00549160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-10-01 19:19 - 2015-08-20 05:46 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-10-01 19:19 - 2015-08-20 05:41 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-10-01 19:19 - 2015-08-18 08:26 - 00284000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-10-01 19:19 - 2015-08-18 08:14 - 00192864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2015-10-01 19:19 - 2015-08-18 07:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-10-01 19:19 - 2015-08-18 07:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-10-01 19:19 - 2015-08-18 07:41 - 01161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-10-01 19:19 - 2015-08-18 07:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-10-01 19:19 - 2015-08-18 07:35 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-10-01 19:19 - 2015-08-18 07:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-10-01 19:19 - 2015-08-18 07:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-10-01 19:19 - 2015-08-18 07:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-10-01 19:19 - 2015-08-18 07:34 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-10-01 19:19 - 2015-08-18 07:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-10-01 19:19 - 2015-08-18 07:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-10-01 19:19 - 2015-08-18 07:30 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-10-01 19:19 - 2015-08-18 07:26 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-10-01 19:19 - 2015-08-18 07:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-10-01 19:19 - 2015-08-18 05:42 - 00006631 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-10-01 19:19 - 2015-08-18 05:42 - 00006313 _____ C:\WINDOWS\system32\ResPriImageList
2015-09-28 20:57 - 2015-09-28 20:57 - 00451073 _____ C:\Users\Andy\Desktop\hosts.txt
2015-09-28 20:46 - 2015-09-28 20:46 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2015-09-28 20:46 - 2015-09-28 20:46 - 00000000 ____D C:\Users\Andy\.swt
2015-09-28 20:46 - 2015-09-28 20:46 - 00000000 ____D C:\Program Files\Angry IP Scanner
2015-09-28 20:45 - 2015-09-28 20:46 - 02956217 _____ C:\Users\Andy\Downloads\ipscan-3.4-setup.exe
2015-09-28 20:38 - 2015-09-30 19:44 - 00000000 _____ C:\upnp_list.txt
2015-09-11 18:14 - 2015-10-06 22:08 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 18:14 - 2015-09-11 18:14 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-11 18:14 - 2015-09-11 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-11 18:14 - 2015-09-11 18:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-11 18:14 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-11 18:14 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-11 18:14 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-11 18:12 - 2015-09-11 18:14 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Andy\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-09-11 16:43 - 2015-09-11 18:07 - 17906651 _____ (Malwarebytes Corporation ) C:\Users\Andy\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-11 16:28 - 2015-09-13 14:27 - 00000000 ____D C:\AdwCleaner
2015-09-11 16:26 - 2015-09-11 16:26 - 01660416 _____ C:\Users\Andy\Downloads\adwcleaner_5.007.exe
2015-09-11 16:09 - 2015-09-11 16:09 - 00001657 _____ C:\Users\Andy\Desktop\Spybot-S&D Start Center.lnk
2015-09-11 14:37 - 2015-09-28 20:03 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-11 14:29 - 2015-09-11 14:30 - 00000000 ____D C:\Users\Andy\AppData\Local\Tempfolder
2015-09-11 14:29 - 2015-09-11 14:29 - 00000000 ____D C:\Users\Andy\AppData\LocalLow\Company
2015-09-11 14:25 - 2015-10-07 00:09 - 00000352 ____H C:\WINDOWS\Tasks\IKEOIGCGRNXKSNWJ.job
2015-09-11 14:24 - 2015-09-12 02:30 - 00000000 ____D C:\ProgramData\Service1291
2015-09-11 14:12 - 2015-09-13 10:42 - 00000000 ____D C:\Program Files\Sn2zknwi1yzi4zdf
2015-09-11 14:11 - 2015-04-29 20:18 - 00451052 ____R C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-09-11 14:00 - 2015-09-13 15:37 - 00000000 ____D C:\Users\Andy\Downloads\John+Deere+Mower+Deck+Par
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 00:13 - 2015-08-19 23:28 - 00984150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-07 00:09 - 2015-07-10 10:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-07 00:09 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-07 00:09 - 2011-01-08 19:30 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-07 00:09 - 2010-02-04 18:46 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-07 00:08 - 2015-07-10 07:59 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-10-07 00:04 - 2015-08-19 23:21 - 00325604 _____ C:\WINDOWS\PFRO.log
2015-10-07 00:02 - 2011-01-08 19:30 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-06 23:49 - 2012-06-12 22:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-06 23:22 - 2015-06-27 21:11 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001UA.job
2015-10-06 22:58 - 2014-06-30 19:37 - 00000000 ____D C:\Program Files\F4B522E8-37CD-4582-9026-66E6A362A315
2015-10-06 22:06 - 2015-06-05 11:48 - 00000000 ____D C:\Users\Andy\AppData\Roaming\QuickScan
2015-10-06 21:26 - 2015-07-10 10:53 - 02319144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-06 21:23 - 2010-02-04 21:12 - 00000000 ____D C:\ProgramData\TEMP
2015-10-06 21:22 - 2014-07-01 11:08 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Andy\Downloads\SpyHunter-Installer.exe
2015-10-06 20:58 - 2014-02-15 15:58 - 00000000 ____D C:\WINDOWS\pss
2015-10-06 20:48 - 2014-07-01 18:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andy\Downloads\mbam-setup-2.0.2.1012.exe
2015-10-06 20:43 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-06 20:05 - 2014-07-01 18:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-06 19:18 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-10-06 19:18 - 2015-06-05 13:19 - 00000000 ____D C:\Program Files\Bitdefender
2015-10-06 19:16 - 2015-06-05 11:36 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2015-10-06 18:58 - 2015-07-10 09:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-06 18:56 - 2015-07-03 10:03 - 00000000 ___RD C:\Users\Andy\Google Drive
2015-10-06 18:41 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-06 18:37 - 2015-07-10 11:49 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-06 18:37 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-06 18:31 - 2015-08-24 17:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-06 18:08 - 2015-06-05 13:26 - 00000000 ____D C:\ProgramData\BDLogging
2015-10-06 18:06 - 2015-07-10 07:59 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-06 11:22 - 2015-06-27 21:11 - 00000862 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001Core.job
2015-10-05 19:43 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-03 15:04 - 2015-07-03 10:01 - 00002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-10-03 15:04 - 2015-07-03 10:01 - 00002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-10-03 15:04 - 2015-07-03 10:01 - 00002061 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-10-03 15:04 - 2015-07-03 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-03 08:28 - 2012-11-07 22:07 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Dropbox
2015-09-28 20:46 - 2015-08-19 23:30 - 00000000 ____D C:\Users\Andy
2015-09-21 16:43 - 2010-08-30 20:48 - 00000000 ____D C:\Users\Andy\AppData\Local\Paint.NET
2015-09-21 13:21 - 2015-08-20 08:11 - 00000000 ____D C:\Windows.old
2015-09-21 12:56 - 2010-02-27 02:39 - 00000000 ___SD C:\Users\Andy\AppData\LocalLow\Temp
2015-09-15 20:06 - 2011-01-08 19:30 - 00000000 ____D C:\Users\Andy\AppData\Local\Google
2015-09-15 04:31 - 2015-07-10 09:29 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-09-15 04:31 - 2015-07-10 09:29 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-09-13 18:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\Web
2015-09-13 18:34 - 2010-02-27 02:45 - 00000000 ____D C:\Program Files\Unlocker
2015-09-13 15:44 - 2015-07-10 09:28 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-09-13 15:23 - 2015-04-19 13:20 - 00000626 _____ C:\Users\Andy\AppData\Roaming\Fo1G76n5
2015-09-13 10:42 - 2014-07-01 21:00 - 00000000 ____D C:\Program Files\CamStudio 2.7
2015-09-11 15:47 - 2010-02-04 22:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-11 14:49 - 2013-07-21 20:50 - 00105460 _____ C:\WINDOWS\wininit.ini
2015-09-11 14:44 - 2015-06-05 11:34 - 07029224 _____ C:\Users\Andy\Downloads\bitdefender_tsecurity.exe
2015-09-11 14:37 - 2012-12-16 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-11 14:30 - 2015-07-10 09:24 - 00534064 _____ C:\WINDOWS\system32\dnsapi.dll
2015-09-11 14:27 - 2011-09-08 20:18 - 00042104 __RSH C:\ProgramData\ntuser.pol
2015-09-11 14:25 - 2014-05-31 21:55 - 00002725 _____ C:\WINDOWS\system32\${LOGFILE}
2015-09-11 14:04 - 2015-08-19 23:30 - 00000000 ___RD C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-11 10:34 - 2015-08-22 13:00 - 00002366 _____ C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-11 10:34 - 2015-08-22 13:00 - 00000000 ___RD C:\Users\Andy\OneDrive
2015-09-11 09:13 - 2011-05-08 17:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2014-07-01 21:21 - 2015-05-15 20:28 - 0000096 _____ () C:\Users\Andy\AppData\Roaming\Camdata.ini
2014-07-01 21:21 - 2015-05-15 20:28 - 0000408 _____ () C:\Users\Andy\AppData\Roaming\CamLayout.ini
2014-07-01 21:21 - 2015-05-15 20:28 - 0000408 _____ () C:\Users\Andy\AppData\Roaming\CamShapes.ini
2014-07-01 21:21 - 2015-05-15 20:28 - 0004547 _____ () C:\Users\Andy\AppData\Roaming\CamStudio.cfg
2015-04-19 13:20 - 2015-09-13 15:23 - 0000626 _____ () C:\Users\Andy\AppData\Roaming\Fo1G76n5
2010-05-11 21:35 - 2010-05-11 21:35 - 0000000 _____ () C:\Users\Andy\AppData\Roaming\Sample Delay
2014-07-01 21:00 - 2015-05-15 20:28 - 0000096 _____ () C:\Users\Andy\AppData\Roaming\version2.xml
2015-10-06 22:04 - 2015-10-06 22:04 - 0163053 _____ () C:\Users\Andy\AppData\Local\ars.cache
2015-10-06 22:04 - 2015-10-06 22:04 - 0424769 _____ () C:\Users\Andy\AppData\Local\census.cache
2010-03-25 18:29 - 2015-05-15 21:32 - 0025088 _____ () C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-06 21:29 - 2015-10-06 21:29 - 0000036 _____ () C:\Users\Andy\AppData\Local\housecall.guid.cache
2013-08-29 09:22 - 2015-06-05 09:55 - 0007597 _____ () C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
2015-10-06 21:59 - 2015-10-06 21:59 - 0000010 _____ () C:\Users\Andy\AppData\Local\sponge.last.runtime.cache
2013-02-14 19:33 - 2013-02-14 19:33 - 0000011 _____ () C:\ProgramData\.tv6
2015-10-06 19:16 - 2015-10-06 19:16 - 0270732 _____ () C:\ProgramData\1444155255.bdinstall.bin
2015-10-06 21:12 - 2015-10-06 21:12 - 0041595 _____ () C:\ProgramData\1444162348.bdinstall.bin
2015-10-06 21:14 - 2015-10-06 21:14 - 0024339 _____ () C:\ProgramData\1444162456.bdinstall.bin
2015-10-06 21:19 - 2015-10-06 21:19 - 0024688 _____ () C:\ProgramData\1444162752.bdinstall.bin
2015-10-06 21:19 - 2015-10-06 21:19 - 0008141 _____ () C:\ProgramData\1444162765.bdinstall.bin
2015-10-06 21:19 - 2015-10-06 21:19 - 0008141 _____ () C:\ProgramData\1444162781.bdinstall.bin
2015-10-06 21:24 - 2015-10-06 21:24 - 0024687 _____ () C:\ProgramData\1444163077.bdinstall.bin
2015-10-06 21:27 - 2015-10-06 21:27 - 0024411 _____ () C:\ProgramData\1444163246.bdinstall.bin
2015-10-06 21:48 - 2015-10-06 21:48 - 0024339 _____ () C:\ProgramData\1444164507.bdinstall.bin
2015-10-06 23:33 - 2015-10-06 23:33 - 0024687 _____ () C:\ProgramData\1444170792.bdinstall.bin
2015-10-06 23:35 - 2015-10-06 23:35 - 0024688 _____ () C:\ProgramData\1444170936.bdinstall.bin
2015-10-06 23:36 - 2015-10-06 23:36 - 0024686 _____ () C:\ProgramData\1444170997.bdinstall.bin
2015-10-06 23:37 - 2015-10-06 23:37 - 0024687 _____ () C:\ProgramData\1444171069.bdinstall.bin
2015-10-06 23:38 - 2015-10-06 23:38 - 0024685 _____ () C:\ProgramData\1444171123.bdinstall.bin
2010-05-11 21:35 - 2010-05-11 21:35 - 0000000 _____ () C:\ProgramData\Icons
2010-05-11 21:28 - 2010-05-11 21:35 - 0000000 ____H () C:\ProgramData\PKP_DLbx.DAT
2011-08-11 02:04 - 2011-08-11 02:04 - 9396840 _____ (Mozy, Inc.) C:\ProgramData\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
2011-10-03 09:18 - 2011-10-03 09:20 - 9608392 _____ (Mozy, Inc.) C:\ProgramData\Tempmozy-manualupdate-8262dfa079e3ea66519693899238bbfb.exe
2011-02-23 02:42 - 2011-02-23 02:43 - 11447056 _____ (Mozy, Inc.) C:\ProgramData\Tempmozy-manualupdate-c0261ff8012aad585d55140a9b6ddcb9.exe
2011-02-08 02:45 - 2011-02-08 02:45 - 11444496 _____ (Mozy, Inc.) C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
2010-12-09 02:39 - 2010-12-09 02:40 - 11336456 _____ (Mozy, Inc.) C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
 
Some files in TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\avg-9259cc69-20f1-4061-af5c-ff2bf747fc03.exe
C:\Users\Andy\AppData\Local\Temp\avg-a9fffc11-d36a-4f49-8fe1-495ac08c6d69.exe
C:\Users\Andy\AppData\Local\Temp\avg-e17a7e5e-7f1d-4413-bc3b-2c7b3e789c1b.exe
C:\Users\Andy\AppData\Local\Temp\avg-e6951d66-a190-4f70-8609-3f2dfb368056.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 09:24] - [2015-09-11 14:30] - 0534064 ____A () D41D8CD98F00B204E9800998ECF8427E
 
C:\WINDOWS\system32\dnsapi.dll => no Company Name <===== ATTENTION
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-28 20:12
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by Andy (2015-10-07 00:21:31)
Running from C:\Users\Andy\Downloads
Microsoft Windows 10 Pro (X86) (2015-08-20 02:46:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1075742332-318674506-3704920969-500 - Administrator - Disabled)
Andy (S-1-5-21-1075742332-318674506-3704920969-1001 - Administrator - Enabled) => C:\Users\Andy
DefaultAccount (S-1-5-21-1075742332-318674506-3704920969-503 - Limited - Disabled)
Guest (S-1-5-21-1075742332-318674506-3704920969-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1075742332-318674506-3704920969-1039 - Limited - Enabled)
SophosSAUPHOTO0 (S-1-5-21-1075742332-318674506-3704920969-1019 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Active@ Boot Disk (HKLM\...\{40007E5C-19C8-4A25-AD70-A99D77D0A7DA}) (Version: 5.4.5 - LSoft Technologies)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Angry IP Scanner (HKLM\...\Angry IP Scanner) (Version: 3.4 - Angry IP Scanner)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 10.12.0.41211 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{65AA7E93-AD35-E37B-A177-A300E9316462}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
Avidemux 2.5 (HKLM\...\Avidemux 2.5) (Version: 2.5.3.0 - )
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.19.1099 - Bitdefender)
BlackVue (HKLM\...\BlackVue) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Canon LBP6000/LBP6018 (HKLM\...\Canon LBP6000/LBP6018) (Version:  - )
ccc-core-static (Version: 2009.0918.2132.36825 - ATI) Hidden
CCTVWindow (HKLM\...\CCTVWindow) (Version: 2.04.01.50 - CCTVWindow)
Citrix Online Launcher (HKLM\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DebugMode Wax 2.0 (HKLM\...\DebugMode Wax 2.0) (Version:  - )
Dropbox (HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
EasyVideoMaker (HKLM\...\{03EC818F-96E5-497F-AF28-EC6BC4CF32D3}) (Version: 5.05 - Easy Video Maker)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
Extra Video Effect Editor Free 6.76 (HKLM\...\Extra Video Effect Editor Free_is1) (Version:  - Extra Software, Inc.)
Foxit PhantomPDF (HKLM\...\{F064C43E-AEE1-4DCF-BC70-21C34E918A59}) (Version: 5.0.3.811 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.1.4.1125 - Foxit Software Company)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM\...\{CF772DD2-4767-49AE-B764-EACA6F6CD9AE}) (Version: 1.25.0286.7715 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
HydraVision (Version: 4.2.114.0 - ATI Technologies Inc.) Hidden
IE AutoFill 3.41 (HKLM\...\IE AutoFill_is1) (Version:  - )
ieSpell (HKLM\...\ieSpell) (Version: 2.6.3 (build 814) - Red Egg Software)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
Iomega Product Registration (HKLM\...\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}) (Version: 7.24.0000 - Iomega Corporation)
Iomega QuikProtect (HKLM\...\Iomega QuikProtect) (Version: 1.3.4.19745 - EMC)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LenovoEMC Storage Manager (HKLM\...\LenovoEMC Storage Manager) (Version: 1.4.3.9580 - EMC)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NETGEAR WNA3100M N300 Wireless USB Adapter (HKLM\...\{D3580358-0F78-402A-BE53-2E9D06383E04}) (Version: 1.2.0.4 - NETGEAR)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
Paint.NET v3.5.5 (HKLM\...\{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}) (Version: 3.55.0 - dotPDN LLC)
proDAD DeFishr 1.0 (HKLM\...\proDAD-DeFishr-1.0) (Version: 1.0.61.1 - proDAD GmbH)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Real Alternative 2.0.1 (HKLM\...\RealAlt_is1) (Version: 2.0.1 - )
Serif PagePlus X5 (HKLM\...\{371C9583-5174-4CF8-B10D-D4C3AA7E8CD0}) (Version: 15.0.5.030 - Serif (Europe) Ltd)
Serif WebPlus X6 (HKLM\...\{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}) (Version: 14.0.3.27 - Serif (Europe) Ltd)
Serif WebPlus X8 (HKLM\...\{2A33B149-077F-4141-B8CA-4ECD0D7E891F}) (Version: 16.0.2.026 - Serif (Europe) Ltd)
Sky Go Desktop (HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\2454359696.go.sky.com) (Version:  - go.sky.com)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
SQ930 USB 2.0 Video Camera (HKLM\...\{D0AF1483-31AD-4FEB-A961-C9327185439F}) (Version: 0.1.0114.05 - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16447 - TeamViewer)
Trust 100K Series Webcam (HKLM\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Trust WB-1400T Webcam (HKLM\...\InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera)
Trust WB-1400T Webcam (Version: 1.0.4.7 - PC Camera) Hidden
Unlocker 1.8.8 (HKLM\...\Unlocker) (Version: 1.8.8 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
Web Components (HKLM\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version:  - )
WebPlus Content: Beauty & Hair Salon (HKLM\...\{550EB23B-7CB5-4986-8545-204E6753B3EC}) (Version: 1.0.0.018 - Serif (Europe) Ltd)
WebPlus Content: Landscape Design (HKLM\...\{6CB8F3A3-918A-40DD-A16A-7E7E013B9F1C}) (Version: 1.0.0.008 - Serif (Europe) Ltd)
WinDirStat 1.1.2 (HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinHTTrack Website Copier 3.47-21 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.21 - HTTrack)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2015-10-06 20:39 - 00000959 ____R C:\WINDOWS\system32\Drivers\etc\hosts
192.168.1.102 ix200
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02B10A94-0210-4066-A248-94C713BD1FBF} - System32\Tasks\{DDCEEAD6-FB8C-4300-B7CE-238927223383} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {0E6C9C57-9DE2-4C07-83CE-84396D2C1A63} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {104212AA-B89B-43AC-938F-77BEF3D15892} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {10D85EEB-261A-4206-A3DA-B741E043A3DE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {140D85F8-7508-4D29-A057-74931C9C108D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1869F4A4-B6B5-47B9-A3CD-37A3C3660C52} - System32\Tasks\{F8FFB228-E06D-4071-8539-500A2166163E} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.104.259/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {18D3428C-6678-4A39-AD41-1D016F6D7FBB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1B415066-C03E-49E9-A92B-B7C7150954B1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F440576-C4F1-4E6B-8AB4-95B89954617B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2156F3B4-62E2-41A7-99BD-F7CEA7D02343} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {2391F839-2732-4FF2-A6BA-03285FCCDB52} - \Installer_browserAir -> No File <==== ATTENTION
Task: {30E43043-A1AA-4239-91D7-E608D09E19CB} - \ProtectedSearch\Protected Search -> No File <==== ATTENTION
Task: {31A7800D-E841-412D-8C23-A4C2A5AA54CA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {347B2C07-F714-4680-9EA2-30EA28D60048} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {3548190C-0B4D-4DAC-8A59-50DCF9E638D4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3B08F143-F2AD-4465-8B5C-D2D4088C4513} - System32\Tasks\{91DF48AC-7957-4F4D-8886-A35058B2E272} => pcalua.exe -a "C:\Users\Andy\AppData\Local\Apple\Apple Software Update\QuickTimeInstallerAdmin.exe" -d "C:\Users\Andy\AppData\Local\Apple\Apple Software Update"
Task: {485DF19A-1C73-4069-A215-FA4EE985793E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4CB81614-E4FF-4AFE-8127-01D2465E4B27} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001UA => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-27] (Dropbox, Inc.)
Task: {524A043E-4AB0-4E27-89D6-572A16D4A86C} - \Global Updates AT - n0dkbgjvy2i4ytf -> No File <==== ATTENTION
Task: {5308C0F0-B25A-47BC-9A81-47AE1E3DE995} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5F4B9AE9-F871-4A6D-B014-6EAD4C2FBBD4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6402ACC4-71AB-4CBB-B24F-56344401FF50} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6DC311F0-22D4-4E9E-8F0C-DC8113F994E1} - \Maintenance Service-n0rkt2jty0i4ltf -> No File <==== ATTENTION
Task: {700D4DD3-DE33-4DFA-821F-90BD82FDD780} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7CBD04C3-C165-4D42-B14B-24FCC3C90E08} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7CE25874-B3AE-4B97-AED5-091A009BAE47} - \SystemSockets\SystemSockets -> No File <==== ATTENTION
Task: {7F5F122F-A984-431C-8426-B1F2D79F4B5F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {829B98B2-A313-49FD-8A87-357976C73DFB} - \IKEOIGCGRNXKSNWJ -> No File <==== ATTENTION
Task: {83E1EBB9-09A2-4A79-BADD-B7F61D192EE7} - System32\Tasks\{4E407B6F-64FA-4E2F-8583-382CAFD51A12} => pcalua.exe -a "C:\Program Files\remoteAP\WebCam\bmp\bmp_20070306.exe" -d "C:\Program Files\remoteAP\WebCam\bmp"
Task: {87995F2E-C635-45E3-BBB9-507A8A7B3988} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001Core => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-27] (Dropbox, Inc.)
Task: {930A2B2F-D98F-48F8-BA22-C1F91B3AD2B2} - System32\Tasks\{323BA7E2-C071-4DA5-BA9E-3ED04DE685DF} => Chrome.exe http://ui.skype.com/ui/0/6.7.60.102/en/abandoninstall?page=tsProgressBar
Task: {943B5453-85E7-4819-8F38-4E3327D9FC12} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9A70D3DD-2FF5-4642-8714-8541B37D92E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {9A89D623-95B7-49F7-ADD3-C9EF96693C9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {9C57999D-5223-4711-B114-3BD641309F83} - System32\Tasks\{06FDE3E4-AB3F-4ECB-BDF7-E259AC06C3CA} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {9CE7E7A0-E878-473D-B647-679C241CC7B1} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9D05F26D-5F49-490E-AFE9-C027F9330775} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
Task: {A966EA7A-090E-429D-BB4C-B9EA55C28688} - \Installer_smk -> No File <==== ATTENTION
Task: {AB983619-45F5-4873-BD9B-F43DF54A6D05} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B667CB90-A791-4D1F-B3D8-5A320CB29FD0} - \cfr3011 -> No File <==== ATTENTION
Task: {B8D1377A-6F0B-41F4-ABC2-1FEEAB4DADB9} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {BD9EBAB3-6524-4145-9AA4-C22AB08B4F44} - \{790C3555-FDDB-4C63-90F4-D44B249F1A82} -> No File <==== ATTENTION
Task: {BF11CD46-9FD2-40FE-AC39-9A000DF0BAD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C415E5E1-D84D-4945-BF27-AB22CA5DA294} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6FAA4E4-6654-4B78-B142-A65755F435E9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CC518CA4-DE86-4DE0-A9FE-5248596E101A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {CE9C9BBF-E780-49AA-BE1A-F9925C75E169} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-27] (Adobe Systems Incorporated)
Task: {CEF55C45-3442-4613-98E2-FF12A6E6605F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {D5C96C3B-2C48-4163-A807-B11EA99286E5} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {DFE8A143-6B01-4523-B695-5EA76450DD1D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E3F5BA0D-5010-4A31-BC67-10C55C0317A1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E5905269-B2C5-45E4-B42A-43626C2D0677} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E824443C-72E1-4173-AA63-C2E8D07D5655} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {EE44EF46-0EB2-43C8-A798-BDDC1E93EF73} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EE925468-B5E7-469D-8572-EA109E2EEDEC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EFE0CD3A-58C9-452C-BAAF-07DFD2C8D002} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F36C2036-F372-44AE-8C90-B7EDCBC84586} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F7B5BAD4-9F0D-4C12-AB65-DC3F234256D9} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F8258707-D10F-4EDE-A49B-7AA7730F626E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F96D0E80-099F-4506-8108-D375E71A0754} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F9A55079-7D5A-425C-8540-E02199759F44} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FA9872C8-D6BD-4658-BB83-641C04AA495F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001Core.job => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001UA.job => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\IKEOIGCGRNXKSNWJ.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2bd0589a-06da-4bb9-afd0-2812cc0ec818.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a490ebfb-45de-4f1e-9740-3a1238c2b95d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 09:24 - 2015-09-11 14:30 - 00534064 _____ () C:\WINDOWS\system32\DNSAPI.dll
2015-08-20 08:08 - 2015-08-20 08:08 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-10 09:24 - 2015-09-11 14:30 - 00534064 _____ () c:\windows\system32\DNSAPI.dll
2015-07-10 09:24 - 2015-09-11 14:30 - 00534064 _____ () C:\WINDOWS\System32\DNSAPI.dll
2006-12-09 05:54 - 2006-12-09 05:54 - 00022723 _____ () C:\WINDOWS\System32\sugg1l3.dll
2015-07-10 09:24 - 2015-09-11 14:30 - 00534064 _____ () C:\WINDOWS\SYSTEM32\DNSAPI.dll
2015-08-20 08:09 - 2015-08-20 08:09 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-07 18:38 - 2012-09-07 18:38 - 00384000 _____ () C:\Program Files\Iomega\Quikprotect\QpMonitor.exe
2015-06-05 13:02 - 2014-08-18 17:50 - 00316120 _____ () C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe
2015-06-05 13:02 - 2014-09-03 15:16 - 00450560 _____ () C:\Program Files\NETGEAR\WNA3100M\WifiLib.dll
2015-10-01 19:20 - 2015-09-17 07:27 - 01766952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 19:20 - 2015-09-17 07:27 - 01766952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-06-05 13:02 - 2014-08-18 17:49 - 08274648 _____ () C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe
2015-06-05 13:02 - 2014-07-22 10:18 - 00278528 _____ () C:\Program Files\NETGEAR\WNA3100M\WifiSvcLib.dll
2015-07-10 09:24 - 2015-07-10 09:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-07 00:10 - 2015-10-07 00:10 - 00098816 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32api.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00110080 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\pywintypes27.dll
2015-10-07 00:10 - 2015-10-07 00:10 - 00364544 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\pythoncom27.dll
2015-10-07 00:10 - 2015-10-07 00:10 - 00046080 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\_socket.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 01208320 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\_ssl.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00320512 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32com.shell.shell.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00776704 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\_hashlib.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 01176576 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\wx._core_.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00806400 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\wx._gdi_.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00816128 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\wx._windows_.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 01067008 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\wx._controls_.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00733184 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\wx._misc_.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00682496 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\pysqlite2._sqlite.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00088064 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\_ctypes.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00119808 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32file.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00108544 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32security.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00007168 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\hashobjs_ext.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00070144 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\usb_ext.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00167936 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32gui.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00018432 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32event.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00128512 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\_elementtree.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00127488 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\pyexpat.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00013824 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\common.time34.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00036864 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\_psutil_windows.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00038912 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32inet.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00011264 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32crypt.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00077312 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\wx._html2.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00027136 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\_multiprocessing.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00020480 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\_yappi.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00035840 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32process.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00686080 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\unicodedata.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00123392 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\wx._wizard.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00024064 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32pipe.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00010240 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\select.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00025600 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32pdh.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00525640 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\windows._lib_cacheinvalidation.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00017408 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32profile.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00022528 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\win32ts.pyd
2015-10-07 00:10 - 2015-10-07 00:10 - 00078848 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51282\wx._animate.pyd
2015-09-28 20:03 - 2015-09-24 03:34 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-28 20:03 - 2015-09-24 03:34 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-09-28 20:03 - 2015-09-24 03:34 - 16487752 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:1677AB3F
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:FB06F092
AlternateDataStreams: C:\Users\Andy\Downloads\Confirmation of your ScotRail booking F469K3TR.eml:OECustomProperty
AlternateDataStreams: C:\Users\Andy\Downloads\googledrivesync.exe:BDU
AlternateDataStreams: C:\Users\Andy\Downloads\MediaCreationTool.exe:BDU
AlternateDataStreams: C:\Users\Andy\Downloads\spybot-2.4 (1).exe:BDU
AlternateDataStreams: C:\Users\Andy\Downloads\TeamViewerQS_en.exe:BDU
AlternateDataStreams: C:\Users\Andy\Downloads\Your Booking Confirmation 33T4W6J9.eml:OECustomProperty
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acwfp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\110hobart.com -> 110hobart.com
 
There are 4807 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andy\AppData\Local\Microsoft\Windows\Themes\img11.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Twonky Tray Control.lnk => C:\Windows\pss\Twonky Tray Control.lnk.CommonStartup
MSCONFIG\startupreg: HTC Sync Loader => 
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{FC0549E8-3A3D-40E2-901D-E8E824170A06}C:\program files\iomega\quikprotect\quikprotect.exe] => (Block) C:\program files\iomega\quikprotect\quikprotect.exe
FirewallRules: [TCP Query User{915DFFD5-B2C6-4A11-9DDE-3EA80D117284}C:\program files\iomega\quikprotect\quikprotect.exe] => (Block) C:\program files\iomega\quikprotect\quikprotect.exe
FirewallRules: [{B667DD27-CCC9-4BBA-8D6A-498642112B6F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FF8C29D1-0AEE-432B-A431-FBC5C1D0B37D}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{D2F289DF-32BC-4641-948A-1AC63B0C8422}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{DEC32EA2-0297-4550-BF88-0E132F619794}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{9D51D39E-9F77-46D1-A39C-B842BCE01A93}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{0511797B-6300-4E94-A5E3-35001060F21A}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{34CE3910-9781-4A11-9394-33CA5A384B97}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{FFD52E44-1720-4FCB-A120-346C5EFA5868}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{EE10B2C3-0FE1-4312-9E87-D4ECE7035645}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{2E3A8F44-6521-4462-912D-BE59367AD155}] => (Allow) C:\Program Files\HomeTab\WBrowserProductivity.exe
FirewallRules: [{8FC30F77-EB7D-475C-9607-E6993B576CFB}] => (Allow) C:\Program Files\HomeTab\WBrowserProductivity.exe
FirewallRules: [{7CBF0096-D47B-4F0C-A701-C41F5FF43E35}] => (Allow) C:\Program Files\HomeTab\WBrowserUpdater.exe
FirewallRules: [{4036AA6D-B93D-4D70-99ED-3219E75C74FD}] => (Allow) C:\Program Files\HomeTab\WBrowserUpdater.exe
FirewallRules: [{6F751FDA-0519-4A93-9BC6-1297243A6A0B}] => (Allow) C:\Program Files\HomeTab\WBrowserDefender.exe
FirewallRules: [{54DB6B2B-7249-4A1B-A0F5-65084B3D3E8A}] => (Allow) C:\Program Files\HomeTab\WBrowserDefender.exe
FirewallRules: [{42F9B993-B9B0-4052-931F-F39EEA7BA300}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{731146DD-DB4C-4584-A59B-DEF62DEF43B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{7CC9B32E-CA0B-4275-BC16-AFB18E8B3704}H:\program files\litecoin\litecoin-qt.exe] => (Allow) H:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{AE491AF1-03C0-43D1-A880-D95549AF8C3E}H:\program files\litecoin\litecoin-qt.exe] => (Allow) H:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{A4C7FE05-500F-4E58-9489-E8E0A3A65741}H:\program files\armory\armoryqt.exe] => (Allow) H:\program files\armory\armoryqt.exe
FirewallRules: [TCP Query User{53CEB537-AEE1-41EF-BB36-342BC7778EE9}H:\program files\armory\armoryqt.exe] => (Allow) H:\program files\armory\armoryqt.exe
FirewallRules: [UDP Query User{7DC7F4EB-F4CA-4243-8991-13F9C1B738FC}D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Block) D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe
FirewallRules: [TCP Query User{6E418484-84A6-4C1D-8ECF-9A4463323DF5}D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Block) D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe
FirewallRules: [UDP Query User{2E3A566B-A9BA-4F2A-B94B-2620CED8F73B}D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Allow) D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe
FirewallRules: [TCP Query User{50B11653-D30A-4B22-B26C-33808DD45128}D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Allow) D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe
FirewallRules: [UDP Query User{F725A988-C489-4601-A83C-EDE72B29A5D5}C:\program files\iomega\quikprotect\quikprotect.exe] => (Allow) C:\program files\iomega\quikprotect\quikprotect.exe
FirewallRules: [TCP Query User{57ED63D8-7316-4FF3-B6AC-EC67484C6995}C:\program files\iomega\quikprotect\quikprotect.exe] => (Allow) C:\program files\iomega\quikprotect\quikprotect.exe
FirewallRules: [{AC50C8E5-DF83-44A3-BB55-E43BCDA8D85B}] => (Allow) C:\Program Files\TwonkyMedia\twonkymediaserver.exe
FirewallRules: [{77B36E59-1066-4D53-B6B2-06252D863A64}] => (Allow) C:\Program Files\TwonkyMedia\twonkymediaserver.exe
FirewallRules: [{CB0B8187-242C-4FF9-BF21-B6FBB9C43436}] => (Allow) C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
FirewallRules: [{84F9F754-9328-4B66-B2FB-151E5CF4D234}] => (Allow) C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
FirewallRules: [{6867FDAB-688E-48C5-95D4-D9CC9DB5FF8A}] => (Allow) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6AB0372D-274E-4D8C-91ED-3B661AEB2FFB}] => (Allow) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{A27C95C6-D2A1-4D24-9E40-42F7815A2009}D:\program files\iomega storage manager\iomegastoragemanager.exe] => (Allow) D:\program files\iomega storage manager\iomegastoragemanager.exe
FirewallRules: [TCP Query User{7378C3D9-AE19-4B4A-B764-A4F6102F783A}D:\program files\iomega storage manager\iomegastoragemanager.exe] => (Allow) D:\program files\iomega storage manager\iomegastoragemanager.exe
FirewallRules: [UDP Query User{4AA49B32-E4A1-4CE3-9DEB-871FEE4FE709}C:\program files\iomega storage manager\iomegastoragemanager.exe] => (Allow) C:\program files\iomega storage manager\iomegastoragemanager.exe
FirewallRules: [TCP Query User{8EDB8945-3503-4915-B4D3-3F6EF2BC4AC3}C:\program files\iomega storage manager\iomegastoragemanager.exe] => (Allow) C:\program files\iomega storage manager\iomegastoragemanager.exe
FirewallRules: [UDP Query User{9D791DC2-9E9A-4040-B701-72F9F594B281}D:\wdisplay\weatherd.exe] => (Allow) D:\wdisplay\weatherd.exe
FirewallRules: [TCP Query User{5A892E59-23F3-45A0-BBEB-A7A4A65BCE47}D:\wdisplay\weatherd.exe] => (Allow) D:\wdisplay\weatherd.exe
FirewallRules: [UDP Query User{4B758818-5D1E-4F61-A620-97CC74C81992}F:\autorun.exe] => (Allow) F:\autorun.exe
FirewallRules: [TCP Query User{B55C1ABC-7C3A-4178-9D90-4B4EB0042E18}F:\autorun.exe] => (Allow) F:\autorun.exe
FirewallRules: [{2C19D7DC-DE87-446B-9499-30DCCE4D6765}] => (Allow) C:\Windows\System32\mshta.exe
FirewallRules: [{68DE1B41-C97C-44AB-BDC0-4BFA5CF9D537}] => (Allow) C:\Windows\System32\mshta.exe
FirewallRules: [UDP Query User{EE143ACC-EAD3-4C96-A724-D7B9FC431082}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{A357F908-F5DE-41EE-B155-11580A9F7253}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{D0BDB008-FD0D-4CF2-A3C5-F2DC1375FAD6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D187C083-E41E-4C5E-BC70-3843E5957EB5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8FEA6786-4123-4F80-B2C7-4E5D6EC24154}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [UDP Query User{5D4E4E5C-2ECF-49EC-B0F9-4310194AE3AA}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{AA393F8E-CFE0-4F8E-AA7F-C6AE93D7C646}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [{A9B98AF1-7F92-4AEF-8D37-36AE947B0814}] => (Allow) C:\Program Files\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{D0C919AF-FD77-48B3-B53E-7888E2DC2DF3}] => (Allow) LPort=1900
FirewallRules: [{6CF06CDE-8753-4886-88B3-6E6DE5F6B5EF}] => (Allow) LPort=2869
FirewallRules: [{B9FFE880-3114-4DB2-9306-F44B6F31B355}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{40E08127-5C20-4EB8-9CD0-ACAED8538B9A}] => (Allow) C:\Program Files\Spotify\spotify.exe
FirewallRules: [{9EDC9AE9-40E6-4A80-85A1-4369CD33D5C8}] => (Allow) C:\Program Files\Spotify\spotify.exe
FirewallRules: [{2D6C1978-74A6-4C54-979F-B86C7DB76306}] => (Allow) C:\Program Files\Spotify\spotify.exe
FirewallRules: [{EF9015E3-4973-4F93-9DBC-A3A63CC2EB7E}] => (Allow) C:\Program Files\Spotify\spotify.exe
FirewallRules: [{0D295D9F-466F-4E3C-A9B7-1F704A4E0522}] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [{05F530F7-AF7F-47CB-B1DD-FBAFF46D12F2}] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [{A1A3E0DE-1981-4405-86EC-17D8C15A4178}] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [{00A7CFB5-D2E6-4B4B-9E61-C1158CF87A77}] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{9D474B7E-04E4-409C-AA59-7CEAB13760FA}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{F99E2625-F0F0-4248-8E38-3B0AAC56A237}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{C6BFDA93-58DC-4E30-92F8-B1CDC039B4D9}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{A148DDB6-0C12-4592-A5AB-30438019F313}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{E45A684D-3B96-4ACC-89BD-8340CEDF5E5C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{E1090C53-9373-4A42-80DA-8D736F192E2D}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{18785C72-7131-4FBF-ADAA-B573480C5661}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [TCP Query User{08AE1D49-BD66-4B0B-A93C-2B3CE8AB03A8}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{C8D3F7C3-3B7A-4725-AFE7-DA532752EFD8}C:\program files\real alternative\media player classic\mplayerc.exe] => (Allow) C:\program files\real alternative\media player classic\mplayerc.exe
FirewallRules: [TCP Query User{C5317265-D855-4269-AEA7-BDB80E5E5CDB}C:\program files\real alternative\media player classic\mplayerc.exe] => (Allow) C:\program files\real alternative\media player classic\mplayerc.exe
FirewallRules: [{F7C6D91F-27FB-48EA-A809-5BC800389217}] => (Allow) svchost.exe
FirewallRules: [{EAE3555B-AA6C-4964-BE48-05E634558259}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{77A356AC-84F3-4DC1-A4AC-2CDF8173441C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A3F50E1E-F987-4084-B2F1-EB9D2A3F3BA7}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{31B1CB4A-BB88-4EA8-8237-B957C8EB6C6D}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{D1CA6C6A-28FC-4F9A-ADA2-5DB8DE2D890E}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{AEACA7C1-A936-4B80-BD3E-7FAC87F533F7}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
StandardProfile\AuthorizedApplications: [d:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [d:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [d:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [d:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/07/2015 12:11:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.10240.16515 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 149c
 
Start Time: 01d1008c1b02223a
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
 
Report Id: 71366efb-6c7f-11e5-93e3-90e6ba3f3c29
 
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: App
 
Error: (10/07/2015 12:10:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/07/2015 12:09:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/07/2015 12:07:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/07/2015 12:07:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/07/2015 12:04:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/06/2015 11:46:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/06/2015 11:44:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/06/2015 11:39:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/06/2015 11:35:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/07/2015 12:11:26 AM) (Source: DCOM) (EventID: 10016) (User: Photo)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhotoAndyS-1-5-21-1075742332-318674506-3704920969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (10/07/2015 12:11:26 AM) (Source: DCOM) (EventID: 10016) (User: Photo)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhotoAndyS-1-5-21-1075742332-318674506-3704920969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (10/07/2015 12:11:26 AM) (Source: DCOM) (EventID: 10016) (User: Photo)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhotoAndyS-1-5-21-1075742332-318674506-3704920969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (10/07/2015 12:11:26 AM) (Source: DCOM) (EventID: 10016) (User: Photo)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhotoAndyS-1-5-21-1075742332-318674506-3704920969-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (10/07/2015 12:09:55 AM) (Source: DCOM) (EventID: 10010) (User: Photo)
Description: CortanaUI
 
Error: (10/07/2015 12:09:44 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 322122548500
 
Error: (10/07/2015 12:09:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1058
 
Error: (10/07/2015 12:09:20 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 322122548500
 
Error: (10/07/2015 12:07:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error: 
%%997
 
Error: (10/07/2015 12:07:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-10-07 00:20:56.984
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 00:20:56.977
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 00:20:56.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 00:07:27.269
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-06 23:43:56.644
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-06 23:43:56.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-06 23:43:56.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-06 22:06:44.878
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-06 22:06:44.867
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-13 15:23:34.541
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 48%
Total physical RAM: 3327.05 MB
Available physical RAM: 1703.5 MB
Total Virtual: 6655.05 MB
Available Virtual: 4928.76 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:59.09 GB) (Free:15.56 GB) NTFS
Drive d: () (Fixed) (Total:298.09 GB) (Free:88.14 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (Usenet) (Fixed) (Total:465.76 GB) (Free:451.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 6533D979)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: A0F66DAE)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: F45C41ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 AndyH71

AndyH71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 07 October 2015 - 05:06 PM

Same problem in Safe Mode but using mobile phone to get ip addresses of free proxy servers to use. Seems to be a big increase on this type of issue over the past few days. Not good news!

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 PM

Posted 07 October 2015 - 05:16 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please do the following:

rufus-128.png + FRST.gif Search with FRST from the Recovery Environment

frst.pngfrstsearch.png

Please copy the FRST.exe from your desktop to a plugged flash drive.

Win10:

  • Simply find the Shut down / Restart menu and hold down the SHIFT key while clicking on Restart.
  • Once you’ve done this, a blue boot options menu displays.
  • Click Troubleshoot.
  • Access Advanced options.
  • Select Command Prompt.
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Write the following text into the Search textbox:
    dnsapi.dll
    
    • Click on the Search Files button.
    • When finished, a log file (Search.txt) is saved to the flashdrive.
    • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 AndyH71

AndyH71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 07 October 2015 - 09:19 PM

Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by SYSTEM (2015-10-08 02:59:06)
Running from e:\
Boot Mode: Recovery
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\WinSxS\x86_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_416d89eb05757354\dnsapi.dll
[2015-07-10 00:24][2015-07-10 00:24] 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7
 
C:\Windows\System32\dnsapi.dll
[2015-07-10 00:24][2015-09-11 05:30] 0534064 ____A (Microsoft Corporation) 1AD4864CBBF4ED47CDBEC5E23B0CA1C8
 
X:\Windows\WinSxS\x86_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_416d89eb05757354\dnsapi.dll
[2015-07-10 00:15][2015-07-10 00:15] 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7
 
X:\Windows\System32\dnsapi.dll
[2015-07-10 00:15][2015-07-10 00:15] 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7
 
====== End of Search ======


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 PM

Posted 08 October 2015 - 03:47 AM

Hi,

please download the attached fixlist to your flashdrive and boot into the RE like before. Open command prompt and FRST again. This time press the Fix button.
Attached File  fixlist.txt   164bytes   2 downloads

Reboot the computer and perform the search in normal mode:

Step 1

frst.pngfrstsearch.png
  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
dnsapi.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 AndyH71

AndyH71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 October 2015 - 08:17 AM

Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by Andy (2015-10-08 14:15:43)
Running from E:\
Boot Mode: Normal
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\WinSxS\x86_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_416d89eb05757354\dnsapi.dll
[2015-07-10 09:24][2015-07-10 09:24] 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7 [File is digitally signed]
 
C:\Windows\System32\dnsapi.dll
[2015-07-10 09:24][2015-07-10 09:15] 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7 [File is digitally signed]
 
====== End of Search ======


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 PM

Posted 08 October 2015 - 11:52 AM

:thumbup2:

Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[C#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 AndyH71

AndyH71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 October 2015 - 02:22 PM

# AdwCleaner v5.012 - Logfile created 08/10/2015 at 20:18:28
# Updated 08/10/2015 by Xplode
# Database : 2015-10-07.1 [Server]
# Operating system : Windows 10 Pro  (x86)
# Username : Andy - PHOTO
# Running from : C:\Users\Andy\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\Service1291
[-] Folder Deleted : C:\Users\Andy\AppData\Local\PackageAware
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acwfp
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE77C59C-CFD2-429F-868C-8B04D23F94CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F544E0F5-CA3C-47EA-A64D-35FCF1602396}
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1536 bytes] ##########


#9 AndyH71

AndyH71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 October 2015 - 02:43 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 08-Oct-15
Scan Time: 8:23 PM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.08.04
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x86
File System: NTFS
User: Andy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339074
Time Elapsed: 18 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 AndyH71

AndyH71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 October 2015 - 02:46 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-10-2015
Ran by Andy (administrator) on PHOTO (08-10-2015 20:44:38)
Running from E:\
Loaded Profiles: Andy (Available Profiles: Andy)
Platform: Microsoft Windows 10 Pro (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(LenovoEMC Ltd.) D:\Program Files\LenovoEMC Storage Manager\pCloudd.exe
() C:\Program Files\Iomega\Quikprotect\QpMonitor.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNABCSWK.EXE
(Iomega Corporation - An EMC Company) C:\Program Files\Iomega\Quikprotect\startQuikProtect.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(LenovoEMC) D:\Program Files\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe
() C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP2 Launcher] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [QuiKProtect] => C:\Program Files\Iomega\Quikprotect\StartQuikProtect.exe [49152 2012-09-07] (Iomega Corporation - An EMC Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [VirtualCloneDrive] => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [bdruninstaller] => C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe [615744 2014-06-23] (Bitdefender)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [Xvid] => D:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [GoogleChromeAutoLaunch_D9C6B67A63EF2C294D4A204374B6A795] => C:\Program Files\Google\Chrome\Application\chrome.exe [815944 2015-09-24] (Google Inc.)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [Dropbox Update] => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-27] (Dropbox, Inc.)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-09-18] (AMD)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [Spybot-S&D Cleaning] => D:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819608 2015-09-23] (SUPERAntiSpyware)
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Policies\Explorer: [NoCDBurning] 1
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-01-20]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LenovoEMC Storage Manager.lnk [2013-06-12]
ShortcutTarget: LenovoEMC Storage Manager.lnk -> D:\Program Files\LenovoEMC Storage Manager\LenovoEMCStorageManager.exe (LenovoEMC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk [2015-06-05]
ShortcutTarget: NETGEAR WNA3100M Genie.lnk -> C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe ()
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2010-02-21]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1075742332-318674506-3704920969-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1075742332-318674506-3704920969-1001] => 91.198.130.203:3128
AutoConfigURL: [S-1-5-21-1075742332-318674506-3704920969-1001] => 91.198.130.203:3128
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: 192.168.1.102 ix200
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{31dcf701-8d03-4616-aee8-2ac26c06d417}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{7988b1c6-bd9f-4caa-857b-c6e9f0e663cf}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{cc1d7572-9da1-43fb-bb3d-79532fdfb17a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ee68623b-59b7-4d8b-9e25-9d68e6b15791}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> {BC45BD3C-BDA9-4576-AFF5-B78C8474E039} URL = hxxp://www.bing.com/search?q={searchTerms}&r=370
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
BHO: IE AutoFill -> {ED859E8A-8172-45ED-90FC-E305F0DFBFDF} -> C:\Program Files\IE AutoFill\ieautofillb.dll [2007-08-03] (Amov Research, Ltd.)
BHO: No Name -> {F3FAF2F7-D2C0-4EA4-8DAD-B4B974371C1E} -> C:\Windows\system32\ieuihandler.dll [2007-02-18] (SoftTag.com)
Toolbar: HKLM - IE AutoFill - {738CD4F6-B216-467B-99FA-A2F73CB7164F} - C:\Program Files\IE AutoFill\ieautofill.dll [2007-08-03] (SoftTag.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-30] (Google Inc.)
DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} hxxp://aceblades.dyndns.info/codebase/NetVideoOCX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-10-22] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> D:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2011-07-21] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2009-10-09] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2009-10-09] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin: Web Components -> C:\Program Files\Web Components\npWebVideoPlugin.dll [2012-10-08] ()
FF Plugin HKU\S-1-5-21-1075742332-318674506-3704920969-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Andy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-29] (Citrix Online)
FF Plugin HKU\S-1-5-21-1075742332-318674506-3704920969-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Andy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-29]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-29]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-27]
CHR Extension: (PasswordBox - Log in with 1-Click) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl [2015-05-01]
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-27]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-27]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-27]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-27]
CHR Extension: (Google Sheets) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-27]
CHR Extension: (Google Docs Offline) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2014-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-10-06]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
CHR HKU\S-1-5-21-1075742332-318674506-3704920969-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-02-21] () [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2015-04-29] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 PCloudd; D:\Program Files\LenovoEMC Storage Manager\pCloudd.exe [221536 2013-03-27] (LenovoEMC Ltd.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [823840 2015-09-22] (Bitdefender)
R2 QPCopyEngine; C:\Program Files\Iomega\Quikprotect\QpMonitor.exe [384000 2012-09-07] () [File not signed]
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe [316120 2014-08-18] ()
S4 VSSERV; "C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe" /service [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh6.sys [1093368 2015-02-10] (Broadcom Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-10-08] (Malwarebytes Corporation)
R3 mcdbus; C:\WINDOWS\System32\drivers\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 QsFsFltr; C:\WINDOWS\System32\DRIVERS\QsFsFltr.sys [19384 2012-08-20] (Windows ® Win 7 DDK provider)
S3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek                                            )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [2911944 2014-09-04] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SCMNdisP; C:\WINDOWS\System32\DRIVERS\scmndisp.sys [21472 2011-07-22] (Windows ® Win 7 DDK provider)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [575184 2015-06-22] (VIA Technologies, Inc.)
S3 vncmirror; C:\WINDOWS\System32\DRIVERS\vncmirror.sys [4608 2013-12-06] (RealVNC Ltd.)
S3 vodafone_K380x-z_dc_enum; C:\WINDOWS\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [61952 2010-05-20] (Vodafone)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 wna3100m; C:\WINDOWS\System32\DRIVERS\wna3100m.sys [949864 2011-12-30] (NETGEAR Corporation                           )
U0 avc3; no ImagePath
S1 BdfNdisf; \??\F:\Windows\System32\DriverStore\FileRepository\netlwf.inf_x86_neutral_b40dd80ced6a1b59\bdfndisf6.sys [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-11-05 18:30 - 2011-11-09 06:31 - 00000000 ____D C:\Users\Andy\AppData\Local\{C26186ED-3333-458F-8273-8FEFB90EC7F7}
2099-11-05 18:30 - 15511-11-05 18:30 - 00000000 ____D C:\Users\Andy\AppData\Local\{98E0ECB8-FC97-4735-9C0A-CA70BE561D96}
2015-10-08 20:37 - 2015-10-08 20:37 - 00016148 _____ C:\WINDOWS\system32\PHOTO_Andy_HistoryPrediction.bin
2015-10-08 20:15 - 2015-10-08 20:16 - 01682432 _____ C:\Users\Andy\Downloads\AdwCleaner.exe
2015-10-08 14:04 - 2015-10-08 14:04 - 00000164 _____ C:\Users\Andy\Downloads\fixlist.txt
2015-10-08 02:38 - 2015-10-08 02:38 - 00000266 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{16661C1A-22E6-42A9-B32C-185D7C8DB6D8}.job
2015-10-07 00:23 - 2015-10-07 00:23 - 00002648 _____ C:\Users\Andy\Desktop\fixlist.txt
2015-10-07 00:22 - 2015-10-07 00:22 - 00000000 _____ C:\Users\Andy\Desktop\New Text Document.txt
2015-10-07 00:21 - 2015-10-07 00:22 - 00064320 _____ C:\Users\Andy\Downloads\Addition.txt
2015-10-07 00:20 - 2015-10-08 20:44 - 00000000 ____D C:\FRST
2015-10-07 00:20 - 2015-10-07 00:22 - 00065282 _____ C:\Users\Andy\Downloads\FRST.txt
2015-10-06 23:56 - 2015-10-06 23:56 - 01910144 _____ (Kaspersky Lab) C:\Users\Andy\Downloads\kis16.0.0.614en_8626.exe
2015-10-06 23:56 - 2015-10-06 23:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-10-06 23:53 - 2015-10-06 23:53 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet.exe
2015-10-06 23:53 - 2015-10-06 23:53 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Andy\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-10-06 23:53 - 2015-10-06 23:53 - 00000000 ____D C:\ProgramData\AVAST Software
2015-10-06 23:47 - 2015-10-06 23:48 - 00000000 ____D C:\Program Files\CCTVWindow
2015-10-06 23:47 - 2015-10-06 23:47 - 00001126 _____ C:\Users\Public\Desktop\CCTV Window 2013D.lnk
2015-10-06 23:47 - 2015-10-06 23:47 - 00000000 __HDC C:\ProgramData\{A1760867-D8AB-44E0-B388-FE98EDC2A62A}
2015-10-06 23:47 - 2015-10-06 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCTVWindow
2015-10-06 23:47 - 2015-10-06 23:47 - 00000000 ____D C:\ProgramData\CCTVWindow
2015-10-06 23:44 - 2015-10-06 23:44 - 00000000 ____D C:\Users\Andy\AppData\Local\Avg
2015-10-06 23:42 - 2015-10-06 23:50 - 00000000 ____D C:\ProgramData\MFAData
2015-10-06 23:42 - 2015-10-06 23:42 - 00000000 ____D C:\Users\Andy\AppData\Local\MFAData
2015-10-06 23:42 - 2015-10-06 23:42 - 00000000 ____D C:\Users\Andy\AppData\Local\Avg2015
2015-10-06 23:41 - 2015-10-06 23:42 - 05053024 _____ (AVG Technologies) C:\Users\Andy\Downloads\avg_free_stb_all_6140p1_177.exe
2015-10-06 23:38 - 2015-10-06 23:38 - 00024685 _____ C:\ProgramData\1444171123.bdinstall.bin
2015-10-06 23:37 - 2015-10-06 23:37 - 00024687 _____ C:\ProgramData\1444171069.bdinstall.bin
2015-10-06 23:36 - 2015-10-06 23:36 - 00024686 _____ C:\ProgramData\1444170997.bdinstall.bin
2015-10-06 23:35 - 2015-10-06 23:35 - 00024688 _____ C:\ProgramData\1444170936.bdinstall.bin
2015-10-06 23:33 - 2015-10-06 23:33 - 00024687 _____ C:\ProgramData\1444170792.bdinstall.bin
2015-10-06 23:05 - 2015-10-06 23:05 - 00000000 ____D C:\SUPERDelete
2015-10-06 22:21 - 2015-10-06 22:21 - 00000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a490ebfb-45de-4f1e-9740-3a1238c2b95d.job
2015-10-06 22:21 - 2015-10-06 22:21 - 00000520 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2bd0589a-06da-4bb9-afd0-2812cc0ec818.job
2015-10-06 22:19 - 2015-10-06 22:19 - 00002030 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-10-06 22:19 - 2015-10-06 22:19 - 00000000 ____D C:\Users\Andy\AppData\Roaming\SUPERAntiSpyware.com
2015-10-06 22:19 - 2015-10-06 22:19 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-06 22:19 - 2015-10-06 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-10-06 22:19 - 2015-10-06 22:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-06 22:11 - 2015-10-06 22:19 - 23607992 _____ (SUPERAntiSpyware) C:\Users\Andy\Downloads\SAS_160608.EXE
2015-10-06 22:06 - 2015-10-06 22:06 - 00039480 _____ C:\Users\Andy\Downloads\qsinstaller.exe
2015-10-06 22:04 - 2015-10-06 22:04 - 00424769 _____ C:\Users\Andy\AppData\Local\census.cache
2015-10-06 22:04 - 2015-10-06 22:04 - 00163053 _____ C:\Users\Andy\AppData\Local\ars.cache
2015-10-06 21:59 - 2015-10-06 21:59 - 00000010 _____ C:\Users\Andy\AppData\Local\sponge.last.runtime.cache
2015-10-06 21:48 - 2015-10-06 21:48 - 00024339 _____ C:\ProgramData\1444164507.bdinstall.bin
2015-10-06 21:29 - 2015-10-06 21:29 - 02073112 _____ (Trend Micro Inc.) C:\Users\Andy\Downloads\HousecallLauncher.exe
2015-10-06 21:29 - 2015-10-06 21:29 - 00000036 _____ C:\Users\Andy\AppData\Local\housecall.guid.cache
2015-10-06 21:27 - 2015-10-06 21:27 - 00024411 _____ C:\ProgramData\1444163246.bdinstall.bin
2015-10-06 21:24 - 2015-10-06 21:24 - 00024687 _____ C:\ProgramData\1444163077.bdinstall.bin
2015-10-06 21:20 - 2015-10-06 21:20 - 00001205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2015-10-06 21:20 - 2015-10-06 21:20 - 00001193 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2015-10-06 21:20 - 2015-10-06 21:20 - 00000000 ____D C:\Program Files\TeamViewer
2015-10-06 21:19 - 2015-10-06 21:19 - 00024688 _____ C:\ProgramData\1444162752.bdinstall.bin
2015-10-06 21:19 - 2015-10-06 21:19 - 00008141 _____ C:\ProgramData\1444162781.bdinstall.bin
2015-10-06 21:19 - 2015-10-06 21:19 - 00008141 _____ C:\ProgramData\1444162765.bdinstall.bin
2015-10-06 21:14 - 2015-10-06 21:14 - 00024339 _____ C:\ProgramData\1444162456.bdinstall.bin
2015-10-06 21:12 - 2015-10-06 23:39 - 00000000 ____D C:\Program Files\Bitdefender Agent
2015-10-06 21:12 - 2015-10-06 21:12 - 00041595 _____ C:\ProgramData\1444162348.bdinstall.bin
2015-10-06 21:12 - 2015-10-06 21:12 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2015-10-06 21:08 - 2015-10-06 21:12 - 07207040 _____ C:\Users\Andy\Downloads\bitdefender_windows_f5127fc9-2066-4fcb-a01a-34d1bcb032e2.exe
2015-10-06 21:02 - 2015-10-06 21:28 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-06 20:39 - 2015-10-06 18:32 - 00451073 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20151006-203951.backup
2015-10-06 20:05 - 2015-10-06 20:05 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Malwarebytes
2015-10-06 19:16 - 2015-10-06 19:16 - 00270732 _____ C:\ProgramData\1444155255.bdinstall.bin
2015-10-06 18:32 - 2015-09-28 21:01 - 00451073 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20151006-183223.backup
2015-10-06 18:17 - 2015-10-06 18:17 - 02842784 _____ C:\Users\Andy\Downloads\The_New_Bitdefender_UninstallTool.exe
2015-10-06 18:15 - 2015-10-06 21:20 - 06024432 _____ C:\Users\Andy\Downloads\BitDefenderQS_EN.exe
2015-10-06 18:10 - 2015-10-06 18:22 - 00000000 ____D C:\Users\Andy\Desktop\Bitdefender Support Tool
2015-10-06 18:06 - 2015-10-06 18:06 - 00000000 ____D C:\ProgramData\Dumps
2015-10-03 08:28 - 2015-10-03 08:28 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-01 19:20 - 2015-09-24 23:37 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-01 19:20 - 2015-09-17 07:28 - 06265168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-01 19:20 - 2015-09-17 07:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-01 19:20 - 2015-09-17 07:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-01 19:20 - 2015-09-17 07:27 - 01766952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 19:20 - 2015-09-17 07:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 19:20 - 2015-09-17 07:26 - 01856848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 19:20 - 2015-09-17 07:26 - 01708376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 19:20 - 2015-09-17 07:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-01 19:20 - 2015-09-17 07:26 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 19:20 - 2015-09-17 07:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-01 19:20 - 2015-09-17 07:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 19:20 - 2015-09-17 07:13 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-01 19:20 - 2015-09-17 06:51 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-01 19:20 - 2015-09-17 06:47 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 19:20 - 2015-09-17 06:45 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-01 19:20 - 2015-09-17 06:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-01 19:20 - 2015-09-17 06:41 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-01 19:20 - 2015-09-17 06:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-01 19:20 - 2015-09-17 06:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 19:20 - 2015-09-17 06:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 19:20 - 2015-09-17 06:39 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-01 19:20 - 2015-09-17 06:39 - 01829376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-01 19:20 - 2015-09-17 06:37 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-01 19:20 - 2015-09-17 06:36 - 00926720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-01 19:20 - 2015-09-17 06:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-01 19:20 - 2015-09-17 06:35 - 03026432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 19:20 - 2015-09-17 06:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-01 19:20 - 2015-09-17 06:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 19:20 - 2015-09-17 06:32 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-01 19:20 - 2015-09-17 06:32 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-01 19:20 - 2015-09-17 06:32 - 00989696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 19:20 - 2015-09-17 06:31 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-01 19:20 - 2015-09-17 06:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 19:20 - 2015-09-17 06:27 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-01 19:20 - 2015-09-17 06:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 19:20 - 2015-08-27 06:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-01 19:20 - 2015-08-27 06:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-10-01 19:20 - 2015-08-27 06:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-10-01 19:20 - 2015-08-27 06:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-01 19:20 - 2015-08-20 06:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-01 19:20 - 2015-08-18 07:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-10-01 19:19 - 2015-09-25 00:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-01 19:19 - 2015-09-25 00:34 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-01 19:19 - 2015-09-25 00:18 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-01 19:19 - 2015-09-24 23:43 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-01 19:19 - 2015-09-24 23:43 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-01 19:19 - 2015-09-24 23:42 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-01 19:19 - 2015-09-24 23:30 - 02985472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-01 19:19 - 2015-09-24 23:29 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-01 19:19 - 2015-09-24 23:28 - 01127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-01 19:19 - 2015-09-24 23:28 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-01 19:19 - 2015-09-24 23:25 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-01 19:19 - 2015-09-24 23:25 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-01 19:19 - 2015-09-24 23:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-01 19:19 - 2015-09-24 23:25 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-01 19:19 - 2015-09-24 23:25 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-01 19:19 - 2015-09-24 23:24 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-01 19:19 - 2015-09-24 23:19 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-01 19:19 - 2015-09-24 23:11 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-01 19:19 - 2015-09-19 04:50 - 00083160 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-01 19:19 - 2015-09-17 07:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-01 19:19 - 2015-09-17 07:28 - 01343952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-01 19:19 - 2015-09-17 07:28 - 00680144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 19:19 - 2015-09-17 07:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 19:19 - 2015-09-17 07:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-10-01 19:19 - 2015-09-17 07:28 - 00083792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 19:19 - 2015-09-17 07:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 19:19 - 2015-09-17 07:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-01 19:19 - 2015-09-17 07:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 19:19 - 2015-09-17 07:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-01 19:19 - 2015-09-17 07:26 - 00436064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 19:19 - 2015-09-17 07:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 19:19 - 2015-09-17 07:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-01 19:19 - 2015-09-17 07:26 - 00414560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 19:19 - 2015-09-17 07:26 - 00335696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 19:19 - 2015-09-17 07:26 - 00274272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 19:19 - 2015-09-17 07:26 - 00228192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 19:19 - 2015-09-17 07:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-01 19:19 - 2015-09-17 07:15 - 00070744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-01 19:19 - 2015-09-17 07:13 - 00918880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 19:19 - 2015-09-17 06:51 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-01 19:19 - 2015-09-17 06:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-01 19:19 - 2015-09-17 06:51 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 19:19 - 2015-09-17 06:51 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-01 19:19 - 2015-09-17 06:49 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-01 19:19 - 2015-09-17 06:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 19:19 - 2015-09-17 06:49 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 19:19 - 2015-09-17 06:48 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-01 19:19 - 2015-09-17 06:48 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 19:19 - 2015-09-17 06:48 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-01 19:19 - 2015-09-17 06:47 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 19:19 - 2015-09-17 06:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 19:19 - 2015-09-17 06:46 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 19:19 - 2015-09-17 06:46 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 19:19 - 2015-09-17 06:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 19:19 - 2015-09-17 06:45 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 19:19 - 2015-09-17 06:45 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 19:19 - 2015-09-17 06:45 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-01 19:19 - 2015-09-17 06:45 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 19:19 - 2015-09-17 06:45 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 19:19 - 2015-09-17 06:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 19:19 - 2015-09-17 06:43 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 19:19 - 2015-09-17 06:42 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-01 19:19 - 2015-09-17 06:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 19:19 - 2015-09-17 06:41 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 19:19 - 2015-09-17 06:40 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 19:19 - 2015-09-17 06:40 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 19:19 - 2015-09-17 06:40 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 19:19 - 2015-09-17 06:40 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-01 19:19 - 2015-09-17 06:39 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-01 19:19 - 2015-09-17 06:39 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-01 19:19 - 2015-09-17 06:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 06529024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-01 19:19 - 2015-09-17 06:36 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 19:19 - 2015-09-17 06:35 - 01762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-01 19:19 - 2015-09-17 06:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 19:19 - 2015-09-17 06:35 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-01 19:19 - 2015-09-17 06:34 - 00350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 19:19 - 2015-09-17 06:34 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 19:19 - 2015-09-17 06:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-01 19:19 - 2015-09-17 06:34 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 19:19 - 2015-09-17 06:34 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 19:19 - 2015-09-17 06:33 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-01 19:19 - 2015-09-17 06:33 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 19:19 - 2015-09-17 06:33 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 19:19 - 2015-09-17 06:32 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-01 19:19 - 2015-09-17 06:32 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-01 19:19 - 2015-09-17 06:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 19:19 - 2015-09-17 06:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 19:19 - 2015-09-17 06:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 19:19 - 2015-09-17 06:31 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-01 19:19 - 2015-09-17 06:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 19:19 - 2015-09-17 06:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 19:19 - 2015-09-17 06:30 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-01 19:19 - 2015-09-17 06:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-01 19:19 - 2015-09-17 06:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-01 19:19 - 2015-09-17 06:29 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-01 19:19 - 2015-09-17 06:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-01 19:19 - 2015-09-17 06:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-01 19:19 - 2015-09-17 06:28 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-01 19:19 - 2015-09-17 06:28 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-01 19:19 - 2015-09-17 06:27 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 19:19 - 2015-09-17 06:27 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-01 19:19 - 2015-09-13 02:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-01 19:19 - 2015-08-27 06:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-10-01 19:19 - 2015-08-27 06:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-10-01 19:19 - 2015-08-27 06:19 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-10-01 19:19 - 2015-08-27 06:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-01 19:19 - 2015-08-27 06:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-01 19:19 - 2015-08-27 06:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-10-01 19:19 - 2015-08-27 06:11 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-10-01 19:19 - 2015-08-27 06:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-10-01 19:19 - 2015-08-27 06:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-10-01 19:19 - 2015-08-20 06:22 - 00549160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-10-01 19:19 - 2015-08-20 05:46 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-10-01 19:19 - 2015-08-20 05:41 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-10-01 19:19 - 2015-08-18 08:26 - 00284000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-10-01 19:19 - 2015-08-18 08:14 - 00192864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2015-10-01 19:19 - 2015-08-18 07:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-10-01 19:19 - 2015-08-18 07:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-10-01 19:19 - 2015-08-18 07:41 - 01161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-10-01 19:19 - 2015-08-18 07:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-10-01 19:19 - 2015-08-18 07:35 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-10-01 19:19 - 2015-08-18 07:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-10-01 19:19 - 2015-08-18 07:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-10-01 19:19 - 2015-08-18 07:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-10-01 19:19 - 2015-08-18 07:34 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-10-01 19:19 - 2015-08-18 07:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-10-01 19:19 - 2015-08-18 07:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-10-01 19:19 - 2015-08-18 07:30 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-10-01 19:19 - 2015-08-18 07:26 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-10-01 19:19 - 2015-08-18 07:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-10-01 19:19 - 2015-08-18 05:42 - 00006631 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-10-01 19:19 - 2015-08-18 05:42 - 00006313 _____ C:\WINDOWS\system32\ResPriImageList
2015-09-28 20:57 - 2015-09-28 20:57 - 00451073 _____ C:\Users\Andy\Desktop\hosts.txt
2015-09-28 20:46 - 2015-09-28 20:46 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2015-09-28 20:46 - 2015-09-28 20:46 - 00000000 ____D C:\Users\Andy\.swt
2015-09-28 20:46 - 2015-09-28 20:46 - 00000000 ____D C:\Program Files\Angry IP Scanner
2015-09-28 20:45 - 2015-09-28 20:46 - 02956217 _____ C:\Users\Andy\Downloads\ipscan-3.4-setup.exe
2015-09-28 20:38 - 2015-09-30 19:44 - 00000000 _____ C:\upnp_list.txt
2015-09-11 18:14 - 2015-10-08 20:23 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 18:14 - 2015-09-11 18:14 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-11 18:14 - 2015-09-11 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-11 18:14 - 2015-09-11 18:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-11 18:14 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-11 18:14 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-11 18:14 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-11 18:12 - 2015-09-11 18:14 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Andy\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-09-11 16:43 - 2015-09-11 18:07 - 17906651 _____ (Malwarebytes Corporation ) C:\Users\Andy\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-11 16:28 - 2015-10-08 20:18 - 00000000 ____D C:\AdwCleaner
2015-09-11 16:26 - 2015-09-11 16:26 - 01660416 _____ C:\Users\Andy\Downloads\adwcleaner_5.007.exe
2015-09-11 16:09 - 2015-09-11 16:09 - 00001657 _____ C:\Users\Andy\Desktop\Spybot-S&D Start Center.lnk
2015-09-11 14:37 - 2015-09-28 20:03 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-11 14:29 - 2015-09-11 14:30 - 00000000 ____D C:\Users\Andy\AppData\Local\Tempfolder
2015-09-11 14:29 - 2015-09-11 14:29 - 00000000 ____D C:\Users\Andy\AppData\LocalLow\Company
2015-09-11 14:25 - 2015-10-08 20:30 - 00000352 ____H C:\WINDOWS\Tasks\IKEOIGCGRNXKSNWJ.job
2015-09-11 14:12 - 2015-09-13 10:42 - 00000000 ____D C:\Program Files\Sn2zknwi1yzi4zdf
2015-09-11 14:11 - 2015-04-29 20:18 - 00451052 ____R C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-09-11 14:00 - 2015-09-13 15:37 - 00000000 ____D C:\Users\Andy\Downloads\John+Deere+Mower+Deck+Par
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-08 20:42 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-08 20:26 - 2015-08-19 23:28 - 00984150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-08 20:22 - 2015-07-03 10:03 - 00000000 ___RD C:\Users\Andy\Google Drive
2015-10-08 20:22 - 2015-06-27 21:11 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001UA.job
2015-10-08 20:20 - 2015-07-10 10:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-08 20:20 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-08 20:20 - 2011-01-08 19:30 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-08 20:20 - 2010-02-04 18:46 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-08 20:19 - 2015-07-10 07:59 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-10-08 20:03 - 2011-01-08 19:30 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-08 13:49 - 2012-06-12 22:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-08 11:22 - 2015-06-27 21:11 - 00000862 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001Core.job
2015-10-08 03:44 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\rescache
2015-10-08 03:42 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-08 03:28 - 2015-07-10 09:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-08 03:27 - 2010-02-04 22:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-08 03:25 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-07 00:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-10-07 00:33 - 2015-07-10 09:28 - 00000000 ___RD C:\Users\Public
2015-10-07 00:33 - 2009-07-14 03:37 - 00000000 ____D C:\Users\Default.migrated
2015-10-07 00:04 - 2015-08-19 23:21 - 00325604 _____ C:\WINDOWS\PFRO.log
2015-10-06 22:58 - 2014-06-30 19:37 - 00000000 ____D C:\Program Files\F4B522E8-37CD-4582-9026-66E6A362A315
2015-10-06 22:06 - 2015-06-05 11:48 - 00000000 ____D C:\Users\Andy\AppData\Roaming\QuickScan
2015-10-06 21:26 - 2015-07-10 10:53 - 02319144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-06 21:23 - 2010-02-04 21:12 - 00000000 ____D C:\ProgramData\TEMP
2015-10-06 21:22 - 2014-07-01 11:08 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Andy\Downloads\SpyHunter-Installer.exe
2015-10-06 20:58 - 2014-02-15 15:58 - 00000000 ____D C:\WINDOWS\pss
2015-10-06 20:48 - 2014-07-01 18:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andy\Downloads\mbam-setup-2.0.2.1012.exe
2015-10-06 20:43 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-06 20:05 - 2014-07-01 18:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-06 19:18 - 2015-06-05 13:19 - 00000000 ____D C:\Program Files\Bitdefender
2015-10-06 19:16 - 2015-06-05 11:36 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-06 18:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-06 18:37 - 2015-07-10 11:49 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-06 18:37 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-06 18:31 - 2015-08-24 17:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-06 18:08 - 2015-06-05 13:26 - 00000000 ____D C:\ProgramData\BDLogging
2015-10-06 18:06 - 2015-07-10 07:59 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-03 15:04 - 2015-07-03 10:01 - 00002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-10-03 15:04 - 2015-07-03 10:01 - 00002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-10-03 15:04 - 2015-07-03 10:01 - 00002061 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-10-03 15:04 - 2015-07-03 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-03 08:28 - 2012-11-07 22:07 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Dropbox
2015-09-28 20:46 - 2015-08-19 23:30 - 00000000 ____D C:\Users\Andy
2015-09-21 16:43 - 2010-08-30 20:48 - 00000000 ____D C:\Users\Andy\AppData\Local\Paint.NET
2015-09-21 13:21 - 2015-08-20 08:11 - 00000000 ____D C:\Windows.old
2015-09-21 12:56 - 2010-02-27 02:39 - 00000000 ___SD C:\Users\Andy\AppData\LocalLow\Temp
2015-09-15 20:06 - 2011-01-08 19:30 - 00000000 ____D C:\Users\Andy\AppData\Local\Google
2015-09-15 04:31 - 2015-07-10 09:29 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-09-15 04:31 - 2015-07-10 09:29 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-09-13 18:38 - 2015-07-10 09:28 - 00000000 ____D C:\WINDOWS\Web
2015-09-13 18:34 - 2010-02-27 02:45 - 00000000 ____D C:\Program Files\Unlocker
2015-09-13 15:44 - 2015-07-10 09:28 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-09-13 15:23 - 2015-04-19 13:20 - 00000626 _____ C:\Users\Andy\AppData\Roaming\Fo1G76n5
2015-09-13 10:42 - 2014-07-01 21:00 - 00000000 ____D C:\Program Files\CamStudio 2.7
2015-09-11 14:49 - 2013-07-21 20:50 - 00105460 _____ C:\WINDOWS\wininit.ini
2015-09-11 14:44 - 2015-06-05 11:34 - 07029224 _____ C:\Users\Andy\Downloads\bitdefender_tsecurity.exe
2015-09-11 14:37 - 2012-12-16 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-11 14:27 - 2011-09-08 20:18 - 00042104 __RSH C:\ProgramData\ntuser.pol
2015-09-11 14:25 - 2014-05-31 21:55 - 00002725 _____ C:\WINDOWS\system32\${LOGFILE}
2015-09-11 14:04 - 2015-08-19 23:30 - 00000000 ___RD C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-11 10:34 - 2015-08-22 13:00 - 00002366 _____ C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-11 10:34 - 2015-08-22 13:00 - 00000000 ___RD C:\Users\Andy\OneDrive
2015-09-11 09:13 - 2011-05-08 17:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2014-07-01 21:21 - 2015-05-15 20:28 - 0000096 _____ () C:\Users\Andy\AppData\Roaming\Camdata.ini
2014-07-01 21:21 - 2015-05-15 20:28 - 0000408 _____ () C:\Users\Andy\AppData\Roaming\CamLayout.ini
2014-07-01 21:21 - 2015-05-15 20:28 - 0000408 _____ () C:\Users\Andy\AppData\Roaming\CamShapes.ini
2014-07-01 21:21 - 2015-05-15 20:28 - 0004547 _____ () C:\Users\Andy\AppData\Roaming\CamStudio.cfg
2015-04-19 13:20 - 2015-09-13 15:23 - 0000626 _____ () C:\Users\Andy\AppData\Roaming\Fo1G76n5
2010-05-11 21:35 - 2010-05-11 21:35 - 0000000 _____ () C:\Users\Andy\AppData\Roaming\Sample Delay
2014-07-01 21:00 - 2015-05-15 20:28 - 0000096 _____ () C:\Users\Andy\AppData\Roaming\version2.xml
2015-10-06 22:04 - 2015-10-06 22:04 - 0163053 _____ () C:\Users\Andy\AppData\Local\ars.cache
2015-10-06 22:04 - 2015-10-06 22:04 - 0424769 _____ () C:\Users\Andy\AppData\Local\census.cache
2010-03-25 18:29 - 2015-05-15 21:32 - 0025088 _____ () C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-06 21:29 - 2015-10-06 21:29 - 0000036 _____ () C:\Users\Andy\AppData\Local\housecall.guid.cache
2013-08-29 09:22 - 2015-06-05 09:55 - 0007597 _____ () C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
2015-10-06 21:59 - 2015-10-06 21:59 - 0000010 _____ () C:\Users\Andy\AppData\Local\sponge.last.runtime.cache
2013-02-14 19:33 - 2013-02-14 19:33 - 0000011 _____ () C:\ProgramData\.tv6
2015-10-06 19:16 - 2015-10-06 19:16 - 0270732 _____ () C:\ProgramData\1444155255.bdinstall.bin
2015-10-06 21:12 - 2015-10-06 21:12 - 0041595 _____ () C:\ProgramData\1444162348.bdinstall.bin
2015-10-06 21:14 - 2015-10-06 21:14 - 0024339 _____ () C:\ProgramData\1444162456.bdinstall.bin
2015-10-06 21:19 - 2015-10-06 21:19 - 0024688 _____ () C:\ProgramData\1444162752.bdinstall.bin
2015-10-06 21:19 - 2015-10-06 21:19 - 0008141 _____ () C:\ProgramData\1444162765.bdinstall.bin
2015-10-06 21:19 - 2015-10-06 21:19 - 0008141 _____ () C:\ProgramData\1444162781.bdinstall.bin
2015-10-06 21:24 - 2015-10-06 21:24 - 0024687 _____ () C:\ProgramData\1444163077.bdinstall.bin
2015-10-06 21:27 - 2015-10-06 21:27 - 0024411 _____ () C:\ProgramData\1444163246.bdinstall.bin
2015-10-06 21:48 - 2015-10-06 21:48 - 0024339 _____ () C:\ProgramData\1444164507.bdinstall.bin
2015-10-06 23:33 - 2015-10-06 23:33 - 0024687 _____ () C:\ProgramData\1444170792.bdinstall.bin
2015-10-06 23:35 - 2015-10-06 23:35 - 0024688 _____ () C:\ProgramData\1444170936.bdinstall.bin
2015-10-06 23:36 - 2015-10-06 23:36 - 0024686 _____ () C:\ProgramData\1444170997.bdinstall.bin
2015-10-06 23:37 - 2015-10-06 23:37 - 0024687 _____ () C:\ProgramData\1444171069.bdinstall.bin
2015-10-06 23:38 - 2015-10-06 23:38 - 0024685 _____ () C:\ProgramData\1444171123.bdinstall.bin
2010-05-11 21:35 - 2010-05-11 21:35 - 0000000 _____ () C:\ProgramData\Icons
2010-05-11 21:28 - 2010-05-11 21:35 - 0000000 ____H () C:\ProgramData\PKP_DLbx.DAT
2011-08-11 02:04 - 2011-08-11 02:04 - 9396840 _____ (Mozy, Inc.) C:\ProgramData\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
2011-10-03 09:18 - 2011-10-03 09:20 - 9608392 _____ (Mozy, Inc.) C:\ProgramData\Tempmozy-manualupdate-8262dfa079e3ea66519693899238bbfb.exe
2011-02-23 02:42 - 2011-02-23 02:43 - 11447056 _____ (Mozy, Inc.) C:\ProgramData\Tempmozy-manualupdate-c0261ff8012aad585d55140a9b6ddcb9.exe
2011-02-08 02:45 - 2011-02-08 02:45 - 11444496 _____ (Mozy, Inc.) C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
2010-12-09 02:39 - 2010-12-09 02:40 - 11336456 _____ (Mozy, Inc.) C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
 
Some files in TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\avg-9259cc69-20f1-4061-af5c-ff2bf747fc03.exe
C:\Users\Andy\AppData\Local\Temp\avg-a9fffc11-d36a-4f49-8fe1-495ac08c6d69.exe
C:\Users\Andy\AppData\Local\Temp\avg-e17a7e5e-7f1d-4413-bc3b-2c7b3e789c1b.exe
C:\Users\Andy\AppData\Local\Temp\avg-e6951d66-a190-4f70-8609-3f2dfb368056.exe
C:\Users\Andy\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-28 20:12
 
==================== End of FRST.txt ============================


#11 AndyH71

AndyH71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 October 2015 - 02:48 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-10-2015
Ran by Andy (2015-10-08 20:45:18)
Running from E:\
Microsoft Windows 10 Pro (X86) (2015-08-20 02:46:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1075742332-318674506-3704920969-500 - Administrator - Disabled)
Andy (S-1-5-21-1075742332-318674506-3704920969-1001 - Administrator - Enabled) => C:\Users\Andy
DefaultAccount (S-1-5-21-1075742332-318674506-3704920969-503 - Limited - Disabled)
Guest (S-1-5-21-1075742332-318674506-3704920969-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1075742332-318674506-3704920969-1039 - Limited - Enabled)
SophosSAUPHOTO0 (S-1-5-21-1075742332-318674506-3704920969-1019 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Active@ Boot Disk (HKLM\...\{40007E5C-19C8-4A25-AD70-A99D77D0A7DA}) (Version: 5.4.5 - LSoft Technologies)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Angry IP Scanner (HKLM\...\Angry IP Scanner) (Version: 3.4 - Angry IP Scanner)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 10.12.0.41211 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{65AA7E93-AD35-E37B-A177-A300E9316462}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.745.0 - ATI Technologies) Hidden
Avidemux 2.5 (HKLM\...\Avidemux 2.5) (Version: 2.5.3.0 - )
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.19.1099 - Bitdefender)
BlackVue (HKLM\...\BlackVue) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Canon LBP6000/LBP6018 (HKLM\...\Canon LBP6000/LBP6018) (Version:  - )
ccc-core-static (Version: 2009.0918.2132.36825 - ATI) Hidden
CCTVWindow (HKLM\...\CCTVWindow) (Version: 2.04.01.50 - CCTVWindow)
Citrix Online Launcher (HKLM\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DebugMode Wax 2.0 (HKLM\...\DebugMode Wax 2.0) (Version:  - )
Dropbox (HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
EasyVideoMaker (HKLM\...\{03EC818F-96E5-497F-AF28-EC6BC4CF32D3}) (Version: 5.05 - Easy Video Maker)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
Extra Video Effect Editor Free 6.76 (HKLM\...\Extra Video Effect Editor Free_is1) (Version:  - Extra Software, Inc.)
Foxit PhantomPDF (HKLM\...\{F064C43E-AEE1-4DCF-BC70-21C34E918A59}) (Version: 5.0.3.811 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.1.4.1125 - Foxit Software Company)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM\...\{CF772DD2-4767-49AE-B764-EACA6F6CD9AE}) (Version: 1.25.0286.7715 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
HydraVision (Version: 4.2.114.0 - ATI Technologies Inc.) Hidden
IE AutoFill 3.41 (HKLM\...\IE AutoFill_is1) (Version:  - )
ieSpell (HKLM\...\ieSpell) (Version: 2.6.3 (build 814) - Red Egg Software)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
Iomega Product Registration (HKLM\...\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}) (Version: 7.24.0000 - Iomega Corporation)
Iomega QuikProtect (HKLM\...\Iomega QuikProtect) (Version: 1.3.4.19745 - EMC)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LenovoEMC Storage Manager (HKLM\...\LenovoEMC Storage Manager) (Version: 1.4.3.9580 - EMC)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NETGEAR WNA3100M N300 Wireless USB Adapter (HKLM\...\{D3580358-0F78-402A-BE53-2E9D06383E04}) (Version: 1.2.0.4 - NETGEAR)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
Paint.NET v3.5.5 (HKLM\...\{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}) (Version: 3.55.0 - dotPDN LLC)
proDAD DeFishr 1.0 (HKLM\...\proDAD-DeFishr-1.0) (Version: 1.0.61.1 - proDAD GmbH)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Real Alternative 2.0.1 (HKLM\...\RealAlt_is1) (Version: 2.0.1 - )
Serif PagePlus X5 (HKLM\...\{371C9583-5174-4CF8-B10D-D4C3AA7E8CD0}) (Version: 15.0.5.030 - Serif (Europe) Ltd)
Serif WebPlus X6 (HKLM\...\{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}) (Version: 14.0.3.27 - Serif (Europe) Ltd)
Serif WebPlus X8 (HKLM\...\{2A33B149-077F-4141-B8CA-4ECD0D7E891F}) (Version: 16.0.2.026 - Serif (Europe) Ltd)
Sky Go Desktop (HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\2454359696.go.sky.com) (Version:  - go.sky.com)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
SQ930 USB 2.0 Video Camera (HKLM\...\{D0AF1483-31AD-4FEB-A961-C9327185439F}) (Version: 0.1.0114.05 - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16447 - TeamViewer)
Trust 100K Series Webcam (HKLM\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Trust WB-1400T Webcam (HKLM\...\InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera)
Trust WB-1400T Webcam (Version: 1.0.4.7 - PC Camera) Hidden
Unlocker 1.8.8 (HKLM\...\Unlocker) (Version: 1.8.8 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
Web Components (HKLM\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version:  - )
WebPlus Content: Beauty & Hair Salon (HKLM\...\{550EB23B-7CB5-4986-8545-204E6753B3EC}) (Version: 1.0.0.018 - Serif (Europe) Ltd)
WebPlus Content: Landscape Design (HKLM\...\{6CB8F3A3-918A-40DD-A16A-7E7E013B9F1C}) (Version: 1.0.0.008 - Serif (Europe) Ltd)
WinDirStat 1.1.2 (HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinHTTrack Website Copier 3.47-21 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.21 - HTTrack)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1075742332-318674506-3704920969-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Andy\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
08-10-2015 03:25:46 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2015-10-06 20:39 - 00000959 ____R C:\WINDOWS\system32\Drivers\etc\hosts
192.168.1.102 ix200
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02B10A94-0210-4066-A248-94C713BD1FBF} - System32\Tasks\{DDCEEAD6-FB8C-4300-B7CE-238927223383} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {0E6C9C57-9DE2-4C07-83CE-84396D2C1A63} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {104212AA-B89B-43AC-938F-77BEF3D15892} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {10D85EEB-261A-4206-A3DA-B741E043A3DE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {140D85F8-7508-4D29-A057-74931C9C108D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1869F4A4-B6B5-47B9-A3CD-37A3C3660C52} - System32\Tasks\{F8FFB228-E06D-4071-8539-500A2166163E} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.104.259/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {18D3428C-6678-4A39-AD41-1D016F6D7FBB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1B415066-C03E-49E9-A92B-B7C7150954B1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F440576-C4F1-4E6B-8AB4-95B89954617B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2156F3B4-62E2-41A7-99BD-F7CEA7D02343} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {2391F839-2732-4FF2-A6BA-03285FCCDB52} - \Installer_browserAir -> No File <==== ATTENTION
Task: {30E43043-A1AA-4239-91D7-E608D09E19CB} - \ProtectedSearch\Protected Search -> No File <==== ATTENTION
Task: {31A7800D-E841-412D-8C23-A4C2A5AA54CA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3548190C-0B4D-4DAC-8A59-50DCF9E638D4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3B08F143-F2AD-4465-8B5C-D2D4088C4513} - System32\Tasks\{91DF48AC-7957-4F4D-8886-A35058B2E272} => pcalua.exe -a "C:\Users\Andy\AppData\Local\Apple\Apple Software Update\QuickTimeInstallerAdmin.exe" -d "C:\Users\Andy\AppData\Local\Apple\Apple Software Update"
Task: {485DF19A-1C73-4069-A215-FA4EE985793E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4CB81614-E4FF-4AFE-8127-01D2465E4B27} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001UA => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-27] (Dropbox, Inc.)
Task: {524A043E-4AB0-4E27-89D6-572A16D4A86C} - \Global Updates AT - n0dkbgjvy2i4ytf -> No File <==== ATTENTION
Task: {5308C0F0-B25A-47BC-9A81-47AE1E3DE995} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5F4B9AE9-F871-4A6D-B014-6EAD4C2FBBD4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6402ACC4-71AB-4CBB-B24F-56344401FF50} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6DC311F0-22D4-4E9E-8F0C-DC8113F994E1} - \Maintenance Service-n0rkt2jty0i4ltf -> No File <==== ATTENTION
Task: {700D4DD3-DE33-4DFA-821F-90BD82FDD780} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7CBD04C3-C165-4D42-B14B-24FCC3C90E08} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7CE25874-B3AE-4B97-AED5-091A009BAE47} - \SystemSockets\SystemSockets -> No File <==== ATTENTION
Task: {7F5F122F-A984-431C-8426-B1F2D79F4B5F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {829B98B2-A313-49FD-8A87-357976C73DFB} - \IKEOIGCGRNXKSNWJ -> No File <==== ATTENTION
Task: {83E1EBB9-09A2-4A79-BADD-B7F61D192EE7} - System32\Tasks\{4E407B6F-64FA-4E2F-8583-382CAFD51A12} => pcalua.exe -a "C:\Program Files\remoteAP\WebCam\bmp\bmp_20070306.exe" -d "C:\Program Files\remoteAP\WebCam\bmp"
Task: {87995F2E-C635-45E3-BBB9-507A8A7B3988} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001Core => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-27] (Dropbox, Inc.)
Task: {930A2B2F-D98F-48F8-BA22-C1F91B3AD2B2} - System32\Tasks\{323BA7E2-C071-4DA5-BA9E-3ED04DE685DF} => Chrome.exe http://ui.skype.com/ui/0/6.7.60.102/en/abandoninstall?page=tsProgressBar
Task: {943B5453-85E7-4819-8F38-4E3327D9FC12} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9A70D3DD-2FF5-4642-8714-8541B37D92E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {9A89D623-95B7-49F7-ADD3-C9EF96693C9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {9C57999D-5223-4711-B114-3BD641309F83} - System32\Tasks\{06FDE3E4-AB3F-4ECB-BDF7-E259AC06C3CA} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {9CE7E7A0-E878-473D-B647-679C241CC7B1} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9D05F26D-5F49-490E-AFE9-C027F9330775} - \Browser Updater\Browser Updater -> No File <==== ATTENTION
Task: {A966EA7A-090E-429D-BB4C-B9EA55C28688} - \Installer_smk -> No File <==== ATTENTION
Task: {AB983619-45F5-4873-BD9B-F43DF54A6D05} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B667CB90-A791-4D1F-B3D8-5A320CB29FD0} - \cfr3011 -> No File <==== ATTENTION
Task: {B8D1377A-6F0B-41F4-ABC2-1FEEAB4DADB9} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {BD9EBAB3-6524-4145-9AA4-C22AB08B4F44} - \{790C3555-FDDB-4C63-90F4-D44B249F1A82} -> No File <==== ATTENTION
Task: {BF11CD46-9FD2-40FE-AC39-9A000DF0BAD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C415E5E1-D84D-4945-BF27-AB22CA5DA294} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6FAA4E4-6654-4B78-B142-A65755F435E9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CC518CA4-DE86-4DE0-A9FE-5248596E101A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {CE9C9BBF-E780-49AA-BE1A-F9925C75E169} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-27] (Adobe Systems Incorporated)
Task: {CEF55C45-3442-4613-98E2-FF12A6E6605F} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {D2F5C8AA-2965-46A1-9F23-7ACAE48CD899} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {D5C96C3B-2C48-4163-A807-B11EA99286E5} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {DFE8A143-6B01-4523-B695-5EA76450DD1D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E3F5BA0D-5010-4A31-BC67-10C55C0317A1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E5905269-B2C5-45E4-B42A-43626C2D0677} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E824443C-72E1-4173-AA63-C2E8D07D5655} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {EE44EF46-0EB2-43C8-A798-BDDC1E93EF73} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EE925468-B5E7-469D-8572-EA109E2EEDEC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EFE0CD3A-58C9-452C-BAAF-07DFD2C8D002} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F36C2036-F372-44AE-8C90-B7EDCBC84586} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F7B5BAD4-9F0D-4C12-AB65-DC3F234256D9} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F8258707-D10F-4EDE-A49B-7AA7730F626E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F96D0E80-099F-4506-8108-D375E71A0754} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F9A55079-7D5A-425C-8540-E02199759F44} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FA9872C8-D6BD-4658-BB83-641C04AA495F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001Core.job => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1075742332-318674506-3704920969-1001UA.job => C:\Users\Andy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\IKEOIGCGRNXKSNWJ.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2bd0589a-06da-4bb9-afd0-2812cc0ec818.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a490ebfb-45de-4f1e-9740-3a1238c2b95d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{16661C1A-22E6-42A9-B32C-185D7C8DB6D8}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-20 08:08 - 2015-08-20 08:08 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2006-12-09 05:54 - 2006-12-09 05:54 - 00022723 _____ () C:\WINDOWS\System32\sugg1l3.dll
2015-08-20 08:09 - 2015-08-20 08:09 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-07 18:38 - 2012-09-07 18:38 - 00384000 _____ () C:\Program Files\Iomega\Quikprotect\QpMonitor.exe
2015-06-05 13:02 - 2014-08-18 17:50 - 00316120 _____ () C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe
2015-06-05 13:02 - 2014-09-03 15:16 - 00450560 _____ () C:\Program Files\NETGEAR\WNA3100M\WifiLib.dll
2015-10-01 19:20 - 2015-09-17 07:27 - 01766952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 19:20 - 2015-09-17 07:27 - 01766952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2009-10-26 08:33 - 2009-10-26 08:33 - 00010240 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-02-04 21:26 - 2009-12-12 16:12 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2015-07-10 09:24 - 2015-07-10 09:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 09:24 - 2015-07-10 09:24 - 00111104 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 19:20 - 2015-09-17 06:28 - 04317696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 19:19 - 2015-09-17 06:25 - 00377856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 19:19 - 2015-09-17 06:25 - 01183232 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 19:20 - 2015-09-17 06:26 - 01425920 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 09:25 - 2015-07-10 11:49 - 00107520 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-09-28 20:03 - 2015-09-24 03:34 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-28 20:03 - 2015-09-24 03:34 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-06-05 13:02 - 2014-08-18 17:49 - 08274648 _____ () C:\Program Files\NETGEAR\WNA3100M\WNA3100M.exe
2015-06-05 13:02 - 2014-07-22 10:18 - 00278528 _____ () C:\Program Files\NETGEAR\WNA3100M\WifiSvcLib.dll
2015-10-08 20:20 - 2015-10-08 20:20 - 00098816 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32api.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00110080 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\pywintypes27.dll
2015-10-08 20:20 - 2015-10-08 20:20 - 00364544 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\pythoncom27.dll
2015-10-08 20:20 - 2015-10-08 20:20 - 00046080 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\_socket.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 01208320 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\_ssl.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00320512 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32com.shell.shell.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00776704 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\_hashlib.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 01176576 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\wx._core_.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00806400 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\wx._gdi_.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00816128 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\wx._windows_.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 01067008 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\wx._controls_.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00733184 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\wx._misc_.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00682496 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\pysqlite2._sqlite.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00088064 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\_ctypes.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00119808 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32file.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00108544 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32security.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00007168 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\hashobjs_ext.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00070144 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\usb_ext.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00167936 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32gui.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00018432 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32event.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00128512 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\_elementtree.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00127488 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\pyexpat.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00013824 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\common.time34.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00036864 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\_psutil_windows.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00038912 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32inet.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00011264 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32crypt.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00077312 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\wx._html2.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00027136 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\_multiprocessing.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00020480 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\_yappi.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00035840 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32process.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00686080 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\unicodedata.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00123392 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\wx._wizard.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00024064 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32pipe.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00010240 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\select.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00025600 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32pdh.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00525640 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\windows._lib_cacheinvalidation.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00017408 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32profile.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00022528 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\win32ts.pyd
2015-10-08 20:20 - 2015-10-08 20:20 - 00078848 _____ () C:\Users\Andy\AppData\Local\Temp\_MEI51682\wx._animate.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:1677AB3F
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:FB06F092
AlternateDataStreams: C:\Users\Andy\Downloads\Confirmation of your ScotRail booking F469K3TR.eml:OECustomProperty
AlternateDataStreams: C:\Users\Andy\Downloads\googledrivesync.exe:BDU
AlternateDataStreams: C:\Users\Andy\Downloads\MediaCreationTool.exe:BDU
AlternateDataStreams: C:\Users\Andy\Downloads\spybot-2.4 (1).exe:BDU
AlternateDataStreams: C:\Users\Andy\Downloads\TeamViewerQS_en.exe:BDU
AlternateDataStreams: C:\Users\Andy\Downloads\Your Booking Confirmation 33T4W6J9.eml:OECustomProperty
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-1075742332-318674506-3704920969-1001\...\110hobart.com -> 110hobart.com
 
There are 4807 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andy\AppData\Local\Microsoft\Windows\Themes\img11.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Twonky Tray Control.lnk => C:\Windows\pss\Twonky Tray Control.lnk.CommonStartup
MSCONFIG\startupreg: HTC Sync Loader => 
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{FC0549E8-3A3D-40E2-901D-E8E824170A06}C:\program files\iomega\quikprotect\quikprotect.exe] => (Block) C:\program files\iomega\quikprotect\quikprotect.exe
FirewallRules: [TCP Query User{915DFFD5-B2C6-4A11-9DDE-3EA80D117284}C:\program files\iomega\quikprotect\quikprotect.exe] => (Block) C:\program files\iomega\quikprotect\quikprotect.exe
FirewallRules: [{B667DD27-CCC9-4BBA-8D6A-498642112B6F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FF8C29D1-0AEE-432B-A431-FBC5C1D0B37D}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{D2F289DF-32BC-4641-948A-1AC63B0C8422}] => (Allow) C:\SoloApp\IEDriverServer.exe
FirewallRules: [{DEC32EA2-0297-4550-BF88-0E132F619794}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{9D51D39E-9F77-46D1-A39C-B842BCE01A93}] => (Allow) C:\SoloApp\chromedriver.exe
FirewallRules: [{0511797B-6300-4E94-A5E3-35001060F21A}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{34CE3910-9781-4A11-9394-33CA5A384B97}] => (Allow) C:\SoloApp\WebDriver.dll
FirewallRules: [{FFD52E44-1720-4FCB-A120-346C5EFA5868}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{EE10B2C3-0FE1-4312-9E87-D4ECE7035645}] => (Allow) C:\SoloApp\SoloApp.exe
FirewallRules: [{2E3A8F44-6521-4462-912D-BE59367AD155}] => (Allow) C:\Program Files\HomeTab\WBrowserProductivity.exe
FirewallRules: [{8FC30F77-EB7D-475C-9607-E6993B576CFB}] => (Allow) C:\Program Files\HomeTab\WBrowserProductivity.exe
FirewallRules: [{7CBF0096-D47B-4F0C-A701-C41F5FF43E35}] => (Allow) C:\Program Files\HomeTab\WBrowserUpdater.exe
FirewallRules: [{4036AA6D-B93D-4D70-99ED-3219E75C74FD}] => (Allow) C:\Program Files\HomeTab\WBrowserUpdater.exe
FirewallRules: [{6F751FDA-0519-4A93-9BC6-1297243A6A0B}] => (Allow) C:\Program Files\HomeTab\WBrowserDefender.exe
FirewallRules: [{54DB6B2B-7249-4A1B-A0F5-65084B3D3E8A}] => (Allow) C:\Program Files\HomeTab\WBrowserDefender.exe
FirewallRules: [{42F9B993-B9B0-4052-931F-F39EEA7BA300}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{731146DD-DB4C-4584-A59B-DEF62DEF43B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{7CC9B32E-CA0B-4275-BC16-AFB18E8B3704}H:\program files\litecoin\litecoin-qt.exe] => (Allow) H:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{AE491AF1-03C0-43D1-A880-D95549AF8C3E}H:\program files\litecoin\litecoin-qt.exe] => (Allow) H:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{A4C7FE05-500F-4E58-9489-E8E0A3A65741}H:\program files\armory\armoryqt.exe] => (Allow) H:\program files\armory\armoryqt.exe
FirewallRules: [TCP Query User{53CEB537-AEE1-41EF-BB36-342BC7778EE9}H:\program files\armory\armoryqt.exe] => (Allow) H:\program files\armory\armoryqt.exe
FirewallRules: [UDP Query User{7DC7F4EB-F4CA-4243-8991-13F9C1B738FC}D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Block) D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe
FirewallRules: [TCP Query User{6E418484-84A6-4C1D-8ECF-9A4463323DF5}D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Block) D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe
FirewallRules: [UDP Query User{2E3A566B-A9BA-4F2A-B94B-2620CED8F73B}D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Allow) D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe
FirewallRules: [TCP Query User{50B11653-D30A-4B22-B26C-33808DD45128}D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe] => (Allow) D:\program files\lenovoemc storage manager\lenovoemcstoragemanager.exe
FirewallRules: [UDP Query User{F725A988-C489-4601-A83C-EDE72B29A5D5}C:\program files\iomega\quikprotect\quikprotect.exe] => (Allow) C:\program files\iomega\quikprotect\quikprotect.exe
FirewallRules: [TCP Query User{57ED63D8-7316-4FF3-B6AC-EC67484C6995}C:\program files\iomega\quikprotect\quikprotect.exe] => (Allow) C:\program files\iomega\quikprotect\quikprotect.exe
FirewallRules: [{AC50C8E5-DF83-44A3-BB55-E43BCDA8D85B}] => (Allow) C:\Program Files\TwonkyMedia\twonkymediaserver.exe
FirewallRules: [{77B36E59-1066-4D53-B6B2-06252D863A64}] => (Allow) C:\Program Files\TwonkyMedia\twonkymediaserver.exe
FirewallRules: [{CB0B8187-242C-4FF9-BF21-B6FBB9C43436}] => (Allow) C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
FirewallRules: [{84F9F754-9328-4B66-B2FB-151E5CF4D234}] => (Allow) C:\Program Files\TwonkyMedia\twonkymediaserverwatchdog.exe
FirewallRules: [{6867FDAB-688E-48C5-95D4-D9CC9DB5FF8A}] => (Allow) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6AB0372D-274E-4D8C-91ED-3B661AEB2FFB}] => (Allow) C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{A27C95C6-D2A1-4D24-9E40-42F7815A2009}D:\program files\iomega storage manager\iomegastoragemanager.exe] => (Allow) D:\program files\iomega storage manager\iomegastoragemanager.exe
FirewallRules: [TCP Query User{7378C3D9-AE19-4B4A-B764-A4F6102F783A}D:\program files\iomega storage manager\iomegastoragemanager.exe] => (Allow) D:\program files\iomega storage manager\iomegastoragemanager.exe
FirewallRules: [UDP Query User{4AA49B32-E4A1-4CE3-9DEB-871FEE4FE709}C:\program files\iomega storage manager\iomegastoragemanager.exe] => (Allow) C:\program files\iomega storage manager\iomegastoragemanager.exe
FirewallRules: [TCP Query User{8EDB8945-3503-4915-B4D3-3F6EF2BC4AC3}C:\program files\iomega storage manager\iomegastoragemanager.exe] => (Allow) C:\program files\iomega storage manager\iomegastoragemanager.exe
FirewallRules: [UDP Query User{9D791DC2-9E9A-4040-B701-72F9F594B281}D:\wdisplay\weatherd.exe] => (Allow) D:\wdisplay\weatherd.exe
FirewallRules: [TCP Query User{5A892E59-23F3-45A0-BBEB-A7A4A65BCE47}D:\wdisplay\weatherd.exe] => (Allow) D:\wdisplay\weatherd.exe
FirewallRules: [UDP Query User{4B758818-5D1E-4F61-A620-97CC74C81992}F:\autorun.exe] => (Allow) F:\autorun.exe
FirewallRules: [TCP Query User{B55C1ABC-7C3A-4178-9D90-4B4EB0042E18}F:\autorun.exe] => (Allow) F:\autorun.exe
FirewallRules: [{2C19D7DC-DE87-446B-9499-30DCCE4D6765}] => (Allow) C:\Windows\System32\mshta.exe
FirewallRules: [{68DE1B41-C97C-44AB-BDC0-4BFA5CF9D537}] => (Allow) C:\Windows\System32\mshta.exe
FirewallRules: [UDP Query User{EE143ACC-EAD3-4C96-A724-D7B9FC431082}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{A357F908-F5DE-41EE-B155-11580A9F7253}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{D0BDB008-FD0D-4CF2-A3C5-F2DC1375FAD6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D187C083-E41E-4C5E-BC70-3843E5957EB5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8FEA6786-4123-4F80-B2C7-4E5D6EC24154}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [UDP Query User{5D4E4E5C-2ECF-49EC-B0F9-4310194AE3AA}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{AA393F8E-CFE0-4F8E-AA7F-C6AE93D7C646}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [{A9B98AF1-7F92-4AEF-8D37-36AE947B0814}] => (Allow) C:\Program Files\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{D0C919AF-FD77-48B3-B53E-7888E2DC2DF3}] => (Allow) LPort=1900
FirewallRules: [{6CF06CDE-8753-4886-88B3-6E6DE5F6B5EF}] => (Allow) LPort=2869
FirewallRules: [{B9FFE880-3114-4DB2-9306-F44B6F31B355}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{40E08127-5C20-4EB8-9CD0-ACAED8538B9A}] => (Allow) C:\Program Files\Spotify\spotify.exe
FirewallRules: [{9EDC9AE9-40E6-4A80-85A1-4369CD33D5C8}] => (Allow) C:\Program Files\Spotify\spotify.exe
FirewallRules: [{2D6C1978-74A6-4C54-979F-B86C7DB76306}] => (Allow) C:\Program Files\Spotify\spotify.exe
FirewallRules: [{EF9015E3-4973-4F93-9DBC-A3A63CC2EB7E}] => (Allow) C:\Program Files\Spotify\spotify.exe
FirewallRules: [{0D295D9F-466F-4E3C-A9B7-1F704A4E0522}] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [{05F530F7-AF7F-47CB-B1DD-FBAFF46D12F2}] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [{A1A3E0DE-1981-4405-86EC-17D8C15A4178}] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [{00A7CFB5-D2E6-4B4B-9E61-C1158CF87A77}] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{9D474B7E-04E4-409C-AA59-7CEAB13760FA}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{F99E2625-F0F0-4248-8E38-3B0AAC56A237}C:\program files\sopcast\adv\sopadver.exe] => (Allow) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{C6BFDA93-58DC-4E30-92F8-B1CDC039B4D9}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{A148DDB6-0C12-4592-A5AB-30438019F313}C:\program files\sopcast\sopcast.exe] => (Allow) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{E45A684D-3B96-4ACC-89BD-8340CEDF5E5C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{E1090C53-9373-4A42-80DA-8D736F192E2D}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{18785C72-7131-4FBF-ADAA-B573480C5661}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [TCP Query User{08AE1D49-BD66-4B0B-A93C-2B3CE8AB03A8}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{C8D3F7C3-3B7A-4725-AFE7-DA532752EFD8}C:\program files\real alternative\media player classic\mplayerc.exe] => (Allow) C:\program files\real alternative\media player classic\mplayerc.exe
FirewallRules: [TCP Query User{C5317265-D855-4269-AEA7-BDB80E5E5CDB}C:\program files\real alternative\media player classic\mplayerc.exe] => (Allow) C:\program files\real alternative\media player classic\mplayerc.exe
FirewallRules: [{F7C6D91F-27FB-48EA-A809-5BC800389217}] => (Allow) svchost.exe
FirewallRules: [{EAE3555B-AA6C-4964-BE48-05E634558259}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{77A356AC-84F3-4DC1-A4AC-2CDF8173441C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A3F50E1E-F987-4084-B2F1-EB9D2A3F3BA7}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{31B1CB4A-BB88-4EA8-8237-B957C8EB6C6D}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{D1CA6C6A-28FC-4F9A-ADA2-5DB8DE2D890E}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{AEACA7C1-A936-4B80-BD3E-7FAC87F533F7}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
StandardProfile\AuthorizedApplications: [d:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [d:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [d:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [d:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x86
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/08/2015 02:20:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/08/2015 02:06:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/08/2015 02:03:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/08/2015 02:02:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/08/2015 01:57:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/08/2015 03:25:58 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSDTC4
 
Error: (10/08/2015 03:25:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/08/2015 03:19:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/08/2015 03:18:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/08/2015 03:17:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Photo)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/08/2015 08:20:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1058
 
Error: (10/08/2015 08:18:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (10/08/2015 08:18:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/08/2015 08:18:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (10/08/2015 08:18:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (10/08/2015 08:18:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error: 
%%997
 
Error: (10/08/2015 08:18:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (10/08/2015 08:18:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/08/2015 08:18:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/08/2015 08:18:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-10-08 20:17:44.888
  Description: N/A
 
  Date: 2015-10-08 20:17:44.880
  Description: N/A
 
  Date: 2015-10-08 20:17:33.305
  Description: N/A
 
  Date: 2015-10-08 20:17:33.297
  Description: N/A
 
  Date: 2015-10-08 14:06:44.147
  Description: N/A
 
  Date: 2015-10-08 14:06:42.932
  Description: N/A
 
  Date: 2015-10-08 03:45:29.674
  Description: N/A
 
  Date: 2015-10-08 03:45:29.666
  Description: N/A
 
  Date: 2015-10-08 03:45:29.657
  Description: N/A
 
  Date: 2015-10-08 03:44:27.142
  Description: N/A
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 42%
Total physical RAM: 3327.05 MB
Available physical RAM: 1919.88 MB
Total Virtual: 6655.05 MB
Available Virtual: 4809.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:59.09 GB) (Free:14.67 GB) NTFS
Drive d: () (Fixed) (Total:298.09 GB) (Free:88.14 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (Usenet) (Fixed) (Total:465.76 GB) (Free:451.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 6533D979)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: A0F66DAE)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: F45C41ED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 PM

Posted 08 October 2015 - 03:58 PM

Hi,

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Task: {18D3428C-6678-4A39-AD41-1D016F6D7FBB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File 
    Task: {1F440576-C4F1-4E6B-8AB4-95B89954617B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File 
    Task: {2391F839-2732-4FF2-A6BA-03285FCCDB52} - \Installer_browserAir -> No File 
    Task: {30E43043-A1AA-4239-91D7-E608D09E19CB} - \ProtectedSearch\Protected Search -> No File 
    Task: {524A043E-4AB0-4E27-89D6-572A16D4A86C} - \Global Updates AT - n0dkbgjvy2i4ytf -> No File 
    Task: {6DC311F0-22D4-4E9E-8F0C-DC8113F994E1} - \Maintenance Service-n0rkt2jty0i4ltf -> No File 
    Task: {7CBD04C3-C165-4D42-B14B-24FCC3C90E08} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File 
    Task: {7CE25874-B3AE-4B97-AED5-091A009BAE47} - \SystemSockets\SystemSockets -> No File 
    Task: {829B98B2-A313-49FD-8A87-357976C73DFB} - \IKEOIGCGRNXKSNWJ -> No File 
    Task: {943B5453-85E7-4819-8F38-4E3327D9FC12} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File 
    Task: {9CE7E7A0-E878-473D-B647-679C241CC7B1} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File 
    Task: {9D05F26D-5F49-490E-AFE9-C027F9330775} - \Browser Updater\Browser Updater -> No File 
    Task: {A966EA7A-090E-429D-BB4C-B9EA55C28688} - \Installer_smk -> No File 
    Task: {B667CB90-A791-4D1F-B3D8-5A320CB29FD0} - \cfr3011 -> No File 
    Task: {BD9EBAB3-6524-4145-9AA4-C22AB08B4F44} - \{790C3555-FDDB-4C63-90F4-D44B249F1A82} -> No File 
    Task: {BF11CD46-9FD2-40FE-AC39-9A000DF0BAD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File 
    Task: {DFE8A143-6B01-4523-B695-5EA76450DD1D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File 
    Task: {EE44EF46-0EB2-43C8-A798-BDDC1E93EF73} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File 
    Task: {EFE0CD3A-58C9-452C-BAAF-07DFD2C8D002} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File 
    Task: {F36C2036-F372-44AE-8C90-B7EDCBC84586} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File 
    Task: {F96D0E80-099F-4506-8108-D375E71A0754} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File 
    Task: {F9A55079-7D5A-425C-8540-E02199759F44} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File 
    AlternateDataStreams: C:\ProgramData\TEMP:1677AB3F
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\ProgramData\TEMP:FB06F092
    GroupPolicy: Restriction - Chrome 
    CHR HKLM\SOFTWARE\Policies\Google: Restriction 
    ProxyEnable: [S-1-5-21-1075742332-318674506-3704920969-1001] => Proxy is enabled.
    ProxyServer: [S-1-5-21-1075742332-318674506-3704920969-1001] => 91.198.130.203:3128
    AutoConfigURL: [S-1-5-21-1075742332-318674506-3704920969-1001] => 91.198.130.203:3128
    Hosts:  
    SearchScopes: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    Toolbar: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    2015-09-11 14:25 - 2015-10-08 20:30 - 00000352 ____H C:\WINDOWS\Tasks\IKEOIGCGRNXKSNWJ.job
    2015-09-11 14:12 - 2015-09-13 10:42 - 00000000 ____D C:\Program Files\Sn2zknwi1yzi4zdf
    2015-09-11 14:11 - 2015-04-29 20:18 - 00451052 ____R C:\WINDOWS\system32\Drivers\etc\hp.bak
    2015-10-06 21:22 - 2014-07-01 11:08 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Andy\Downloads\SpyHunter-Installer.exe
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Edited by deeprybka, 08 October 2015 - 03:59 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 AndyH71

AndyH71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 October 2015 - 04:39 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:08-10-2015
Ran by Andy (2015-10-08 22:16:26) Run:2
Running from E:\
Loaded Profiles: Andy (Available Profiles: Andy)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CloseProcesses:
Task: {18D3428C-6678-4A39-AD41-1D016F6D7FBB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File 
Task: {1F440576-C4F1-4E6B-8AB4-95B89954617B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File 
Task: {2391F839-2732-4FF2-A6BA-03285FCCDB52} - \Installer_browserAir -> No File 
Task: {30E43043-A1AA-4239-91D7-E608D09E19CB} - \ProtectedSearch\Protected Search -> No File 
Task: {524A043E-4AB0-4E27-89D6-572A16D4A86C} - \Global Updates AT - n0dkbgjvy2i4ytf -> No File 
Task: {6DC311F0-22D4-4E9E-8F0C-DC8113F994E1} - \Maintenance Service-n0rkt2jty0i4ltf -> No File 
Task: {7CBD04C3-C165-4D42-B14B-24FCC3C90E08} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File 
Task: {7CE25874-B3AE-4B97-AED5-091A009BAE47} - \SystemSockets\SystemSockets -> No File 
Task: {829B98B2-A313-49FD-8A87-357976C73DFB} - \IKEOIGCGRNXKSNWJ -> No File 
Task: {943B5453-85E7-4819-8F38-4E3327D9FC12} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File 
Task: {9CE7E7A0-E878-473D-B647-679C241CC7B1} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File 
Task: {9D05F26D-5F49-490E-AFE9-C027F9330775} - \Browser Updater\Browser Updater -> No File 
Task: {A966EA7A-090E-429D-BB4C-B9EA55C28688} - \Installer_smk -> No File 
Task: {B667CB90-A791-4D1F-B3D8-5A320CB29FD0} - \cfr3011 -> No File 
Task: {BD9EBAB3-6524-4145-9AA4-C22AB08B4F44} - \{790C3555-FDDB-4C63-90F4-D44B249F1A82} -> No File 
Task: {BF11CD46-9FD2-40FE-AC39-9A000DF0BAD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File 
Task: {DFE8A143-6B01-4523-B695-5EA76450DD1D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File 
Task: {EE44EF46-0EB2-43C8-A798-BDDC1E93EF73} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File 
Task: {EFE0CD3A-58C9-452C-BAAF-07DFD2C8D002} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File 
Task: {F36C2036-F372-44AE-8C90-B7EDCBC84586} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File 
Task: {F96D0E80-099F-4506-8108-D375E71A0754} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File 
Task: {F9A55079-7D5A-425C-8540-E02199759F44} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File 
AlternateDataStreams: C:\ProgramData\TEMP:1677AB3F
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:FB06F092
GroupPolicy: Restriction - Chrome 
CHR HKLM\SOFTWARE\Policies\Google: Restriction 
ProxyEnable: [S-1-5-21-1075742332-318674506-3704920969-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1075742332-318674506-3704920969-1001] => 91.198.130.203:3128
AutoConfigURL: [S-1-5-21-1075742332-318674506-3704920969-1001] => 91.198.130.203:3128
Hosts:  
SearchScopes: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKU\S-1-5-21-1075742332-318674506-3704920969-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
2015-09-11 14:25 - 2015-10-08 20:30 - 00000352 ____H C:\WINDOWS\Tasks\IKEOIGCGRNXKSNWJ.job
2015-09-11 14:12 - 2015-09-13 10:42 - 00000000 ____D C:\Program Files\Sn2zknwi1yzi4zdf
2015-09-11 14:11 - 2015-04-29 20:18 - 00451052 ____R C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-10-06 21:22 - 2014-07-01 11:08 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Andy\Downloads\SpyHunter-Installer.exe
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18D3428C-6678-4A39-AD41-1D016F6D7FBB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18D3428C-6678-4A39-AD41-1D016F6D7FBB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F440576-C4F1-4E6B-8AB4-95B89954617B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F440576-C4F1-4E6B-8AB4-95B89954617B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2391F839-2732-4FF2-A6BA-03285FCCDB52}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2391F839-2732-4FF2-A6BA-03285FCCDB52}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_browserAir" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30E43043-A1AA-4239-91D7-E608D09E19CB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30E43043-A1AA-4239-91D7-E608D09E19CB}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{524A043E-4AB0-4E27-89D6-572A16D4A86C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{524A043E-4AB0-4E27-89D6-572A16D4A86C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Global Updates AT - n0dkbgjvy2i4ytf" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DC311F0-22D4-4E9E-8F0C-DC8113F994E1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DC311F0-22D4-4E9E-8F0C-DC8113F994E1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Maintenance Service-n0rkt2jty0i4ltf" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CBD04C3-C165-4D42-B14B-24FCC3C90E08}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CBD04C3-C165-4D42-B14B-24FCC3C90E08}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CE25874-B3AE-4B97-AED5-091A009BAE47}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CE25874-B3AE-4B97-AED5-091A009BAE47}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemSockets\SystemSockets => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{829B98B2-A313-49FD-8A87-357976C73DFB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{829B98B2-A313-49FD-8A87-357976C73DFB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IKEOIGCGRNXKSNWJ" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{943B5453-85E7-4819-8F38-4E3327D9FC12}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{943B5453-85E7-4819-8F38-4E3327D9FC12}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CE7E7A0-E878-473D-B647-679C241CC7B1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CE7E7A0-E878-473D-B647-679C241CC7B1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D05F26D-5F49-490E-AFE9-C027F9330775}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D05F26D-5F49-490E-AFE9-C027F9330775}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A966EA7A-090E-429D-BB4C-B9EA55C28688}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A966EA7A-090E-429D-BB4C-B9EA55C28688}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_smk" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B667CB90-A791-4D1F-B3D8-5A320CB29FD0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B667CB90-A791-4D1F-B3D8-5A320CB29FD0}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cfr3011 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD9EBAB3-6524-4145-9AA4-C22AB08B4F44}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD9EBAB3-6524-4145-9AA4-C22AB08B4F44}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{790C3555-FDDB-4C63-90F4-D44B249F1A82}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF11CD46-9FD2-40FE-AC39-9A000DF0BAD2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF11CD46-9FD2-40FE-AC39-9A000DF0BAD2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFE8A143-6B01-4523-B695-5EA76450DD1D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFE8A143-6B01-4523-B695-5EA76450DD1D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE44EF46-0EB2-43C8-A798-BDDC1E93EF73}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE44EF46-0EB2-43C8-A798-BDDC1E93EF73}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE0CD3A-58C9-452C-BAAF-07DFD2C8D002}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE0CD3A-58C9-452C-BAAF-07DFD2C8D002}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F36C2036-F372-44AE-8C90-B7EDCBC84586}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F36C2036-F372-44AE-8C90-B7EDCBC84586}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F96D0E80-099F-4506-8108-D375E71A0754}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F96D0E80-099F-4506-8108-D375E71A0754}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9A55079-7D5A-425C-8540-E02199759F44}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9A55079-7D5A-425C-8540-E02199759F44}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
C:\ProgramData\TEMP => ":1677AB3F" ADS removed successfully..
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully..
C:\ProgramData\TEMP => ":FB06F092" ADS removed successfully..
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKU\S-1-5-21-1075742332-318674506-3704920969-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-1075742332-318674506-3704920969-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
C:\WINDOWS\Tasks\IKEOIGCGRNXKSNWJ.job => moved successfully
C:\Program Files\Sn2zknwi1yzi4zdf => moved successfully
C:\WINDOWS\system32\Drivers\etc\hp.bak => moved successfully
C:\Users\Andy\Downloads\SpyHunter-Installer.exe => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 22:16:29 ====


#14 AndyH71

AndyH71
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 08 October 2015 - 08:51 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d7c2aa1ccc3af3429e5c576d9a02da0c
# end=init
# utc_time=2015-10-08 09:40:58
# local_time=2015-10-08 10:40:58 (+0000, GMT Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 26147
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=d7c2aa1ccc3af3429e5c576d9a02da0c
# end=updated
# utc_time=2015-10-08 09:42:21
# local_time=2015-10-08 10:42:21 (+0000, GMT Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=d7c2aa1ccc3af3429e5c576d9a02da0c
# engine=26147
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-09 01:09:42
# local_time=2015-10-09 02:09:42 (+0000, GMT Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 18217 7836313 0 0
# scanned=386802
# found=24
# cleaned=24
# scan_time=12440
sh=2666846FFBD1C08DEE2422F1A1E83F52D097C216 ft=1 fh=bfd55908ab1ccc38 vn="Win32/Adware.ConvertAd.ZD application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\E5EDF420-1441976999-11DE-8C49-90E6BA3F3C29\jnsi7F6F.tmp.vir"
sh=CBFE0F2FF6DB17E68195FC13DD87A867E528D78D ft=1 fh=d22e04d8ccf379e6 vn="a variant of Win32/Adware.ConvertAd.QO application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\E5EDF420-1441976999-11DE-8C49-90E6BA3F3C29\rnsd4158.exe.vir"
sh=9D3F54D82B7C62C17F6406761683DC26AA74ED80 ft=1 fh=97e8c9321e0d92e5 vn="a variant of Win32/Packed.Komodia.D suspicious application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\FastSearch\ACDLL.dll.vir"
sh=E85B1E7D8DF337B0AD7AFF714595ECA5D5EA2E8F ft=1 fh=747e4c160724cb8b vn="a variant of Win64/Packed.Komodia.A suspicious application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\FastSearch\ACDLL64.exe.vir"
sh=783A840EEBDAE7F86B5F211352C9A2A60352BE51 ft=1 fh=5b627b5065c7707b vn="a variant of Win32/Packed.Komodia.D suspicious application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\FastSearch\acengine.dll.vir"
sh=49D7AA01F17A8FA1EC90C13BE6AF63580946DFE8 ft=1 fh=27c3d03a6e26c0d8 vn="a variant of Win32/Packed.Komodia.D suspicious application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\FastSearch\acenginecert.dll.vir"
sh=66543A0AD2BC9EF30E1BE51842C683121A267E8B ft=1 fh=a22cc4c8074c6fd8 vn="Win32/RiskWare.Komodia.H application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\FastSearch\acwfp.sys.vir"
sh=0A91619CA990D530C527D5B42083C69BF0A30A2C ft=1 fh=c44c92c0f598ffeb vn="a variant of Win32/Packed.Komodia.A suspicious application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\FastSearch\lengine.exe.vir"
sh=42C7F099D4646D2B8226F300A4A94FBC9FFCA460 ft=1 fh=7f53cd767c5ec3a7 vn="a variant of MSIL/Adware.Vitruvian.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\PhraseProfessor_1.10.0.21\Update\PhraseProfessorAutoUpdateClient.exe.vir"
sh=E6E25A2B8A3CB9767FC391A067A5C18364EFC38B ft=1 fh=a5322a15b7f56f02 vn="a variant of Win32/SpeedBit.K potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Local\BrowserAir\Application\Uninstall.exe.vir"
sh=4C4BA5C79C1B64C97CCFDF84CCF042514CD10BC9 ft=1 fh=9e0d3bbe865b9d83 vn="Win32/Adware.ConvertAd.ZE application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Local\E5EDF420-1441980704-11DE-8C49-90E6BA3F3C29\snso7376.tmp.vir"
sh=783A840EEBDAE7F86B5F211352C9A2A60352BE51 ft=1 fh=5b627b5065c7707b vn="a variant of Win32/Packed.Komodia.D suspicious application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\system32\acengine.dll.vir"
sh=D9B36AE9582CC6ED494DA7096D05E36A1D7E448B ft=1 fh=6d651ff5031207f4 vn="a variant of Win32/NetFilter.A potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\system32\drivers\netfilter.sys.vir"
sh=1444E20444AA0D985A3029C4CAFE14C07BA48F23 ft=1 fh=c3d95803d83fe2ce vn="a variant of Win32/NetFilter.A potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\system32\drivers\ppfd_vw_1_10_0_21.sys.vir"
sh=D5CE5099E94B95CFA7859B5AB0BA713A4E04C3C1 ft=1 fh=53dacdb8633d71bb vn="a variant of Win32/NetFilter.A potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\system32\drivers\wsafd_1_10_0_19.sys.vir"
sh=BAEDA3153CC75F985B4D271E8AA90B829767D471 ft=1 fh=c71c00112017f5a6 vn="a variant of Win32/NetFilter.A potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\F4B522E8-37CD-4582-9026-66E6A362A315\ProtocolFilters.dll"
sh=65D308DA213F4875F96F505E231F10A97D053DD5 ft=1 fh=8404c49611aa3692 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\NCH Software\WavePad\uninst.exe"
sh=D2B904C7870A714DC3FA24ADD7AEB4AD1EFCA41F ft=1 fh=7e3a805c11aa3692 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\NCH Software\WavePad\wavepad.exe"
sh=FF4166E350CEF77DB6FC3AB70C8FD4C6DA7F8CA3 ft=1 fh=931359d5cb4dd8e8 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files\NCH Software\WavePad\wpsetup_v5.10.exe"
sh=0D15C415A82C70FB8D472E34E8A0752DC299EABA ft=1 fh=445832fc7c020a83 vn="Win32/Packed.Autoit.H suspicious application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Andy\Downloads\BitDefenderQS_EN.exe"
sh=3C3A38AA97E55859D43A471E33618F6C08AF2785 ft=1 fh=81139d059c528203 vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Andy\Downloads\litecoin-0.8.6.2-win32-setup.exe"
sh=C5953C73FFFF554169163440027882BC13016085 ft=1 fh=4a3148bd093cd133 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="D:\Program Files\Ask.com\GenericAskToolbar.dll"
sh=7608BD96B178B1B7B65B2523CC7676EAD5986934 ft=1 fh=131f059f99ddf6e6 vn="a variant of Win32/SecurityXploded.A potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="D:\Program Files\SecurityXploded\FTPPasswordKracker\FTPPasswordKracker.exe"
sh=BAA0F064B0FE4B7B111AAFD5EF6D532DB20C298E ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Windows\Installer\3ffb4511.msi"


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:11 PM

Posted 09 October 2015 - 02:53 AM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users