Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp1 folders being created


  • This topic is locked This topic is locked
5 replies to this topic

#1 RCLeahcar

RCLeahcar

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:59 AM

Posted 12 October 2015 - 11:00 AM

Hi. 

 

I have noticed that every now and then, all my zip files on my computer will be extracted into the Temp folder in folders such as Temp1_[archivename].zip. The files in said folders are the ones from my original ZIP files, with no added exes or anything. It seems like a similar issue to these users (except there are no malicious file drops or hijacked admin rights or malicious toolbars, redirects or anything like that).

 

http://www.bleepingcomputer.com/forums/t/548751/temp1-zip-folders-appeared-f-secure-detected-infected-files/

http://www.bleepingcomputer.com/forums/t/494505/pls-help-fear-trojanmalware-hundreds-of-zip-files-in-localtemp-folder/

http://www.bleepingcomputer.com/forums/t/568995/malware-periodically-creating-folders-files-temp1-zip-in-appdatalocaltem/

 

Apart from this I am noticing no other symptoms. The computer is running at normal speed and I'm not getting any weird errors. I don't even know if this even is malware or just a rare Windows Index bug, but whatever it is, it definitely isn't right. I think it's the latter, but just to be sure, I'm posting this here.

 

http://answers.microsoft.com/en-us/windows/forum/windows_vista-update/cusersusernameappdatalocaltemp-filled-with/f09dd0c9-e134-4061-8786-bcd5d18c85ec

Even though this user has Windows Vista, they had the same problem I am having now (the next day with me, the folders seem to be emptied).

 

I run Windows 8.1 Home and have Avast 20.4.2233 (not detecting anything). I have also run a scan with the latest version of MalwareBytes in and out of safe mode, but it hasn't picked up on anything. Not to mention that I always browse the Internet with uMatrix enabled so I only allow scripts and frames to run on sites I trust.

 

Below is my Farbar Recovery Scan Tool log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-10-2015 02
Ran by Rachael (administrator) on RACHAEL (12-10-2015 17:33:56)
Running from C:\Users\Rachael\Desktop
Loaded Profiles: Rachael (Available Profiles: Rachael)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Exploit\mbae64.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Users\Rachael\AppData\Local\Temp\BDAntiCryptoWall\BDAntiCryptoWall.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINPE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINPE.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-02-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-26] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => D:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [F-Secure Hoster (6661000)] => C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [193064 2015-08-17] (F-Secure Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-03-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINPE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINPE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Run: [Steam] => d:\Program Files\Steam\steam.exe [2895552 2015-07-24] (Valve Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-26] (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-08-02]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-08-02]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-05-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Rachael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-01-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{91237A34-05DF-4C33-8C17-66237DBC70FA}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-10] (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-08-02] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-10] (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Program Files (x86)\LastPass\LPToolbar.dll [2015-08-02] (LastPass)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-08-02] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LastPass\LPToolbar.dll [2015-08-02] (LastPass)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\oehpiyo5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-29] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-16] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass64.dll [2015-08-02] (LastPass)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass64.dll [2015-08-02] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @myriad-online.com/x-myriad-music -> C:\Program Files (x86)\Mozilla Firefox\Plugins\npMyrMus.dll [2013-10-03] (Myriad Software.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1663812213-1418400964-3040483373-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rachael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-27] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPMyrMus.dll [2013-10-03] (Myriad Software.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
FF Extension: ADB Helper - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\oh7wqy3k.dev-edition-default\Extensions\adbhelper@mozilla.org [2015-10-11]
FF Extension: Valence - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\oh7wqy3k.dev-edition-default\Extensions\fxdevtools-adapters@mozilla.org [2015-10-05]
FF Extension: LastPass - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\oh7wqy3k.dev-edition-default\Extensions\support@lastpass.com [2015-09-26]
FF Extension: Firebug - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\oh7wqy3k.dev-edition-default\Extensions\firebug@software.joehewitt.com.xpi [2015-08-03]
FF Extension: Ghostery - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\oh7wqy3k.dev-edition-default\Extensions\firefox@ghostery.com.xpi [2015-06-22]
FF Extension: uBlock Origin - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\oh7wqy3k.dev-edition-default\Extensions\uBlock0@raymondhill.net.xpi [2015-06-22]
FF Extension: uMatrix - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\oh7wqy3k.dev-edition-default\Extensions\uMatrix@raymondhill.net.xpi [2015-06-22]
FF Extension: NoScript - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\oh7wqy3k.dev-edition-default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-25]
FF Extension: Google Reverse Image Search - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\oh7wqy3k.dev-edition-default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2015-06-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-25]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox Developer Edition\firefox.exe
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-16]
CHR Extension: (Indiloop) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoiieebfnbnkhlfpmoeimpmlnfgchem [2015-05-31]
CHR Extension: (Google Docs) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (Google Drive) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-16]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-06]
CHR Extension: (MEGA) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-04-16]
CHR Extension: (YouTube) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-16]
CHR Extension: (Advanced Font Settings) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2015-05-17]
CHR Extension: (uBlock Origin) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-06-01]
CHR Extension: (Google Search) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-16]
CHR Extension: (Tampermonkey) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-05-17]
CHR Extension: (Polarr Photo Editor 2) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2015-05-31]
CHR Extension: (Free Rider HD) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\emikpifndnjfkgofoglceekhkbaicbde [2015-06-06]
CHR Extension: (Google Sheets) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-16]
CHR Extension: (Google Docs Offline) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Avast Online Security) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-08-02]
CHR Extension: (KanColle Command Center 改) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgmldnainaglpjngpajnnjfhpdjkohh [2015-06-06]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2015-07-22]
CHR Extension: (Little Alchemy) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-06-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Countdown Timer) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmibbgbhhpfkdmeeedanbicgnddijcf [2015-04-17]
CHR Extension: (Ghostery) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-16]
CHR Extension: (uMatrix) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2015-06-01]
CHR Extension: (LongURL) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldnehmjgfcannmkgkojafngdkhfkdpd [2015-07-04]
CHR Extension: (Gmail) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-19] (SUPERAntiSpyware.com)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-12-21] ()
S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-12-21] (ASUSTeK Computer Inc.)
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S4 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-26] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 fshoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [193064 2015-08-17] (F-Secure Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S4 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)
R2 MbaeSvc; D:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 wampstackApache; C:\Bitnami\WAMPST~1.29-\apache2\bin\httpd.exe [22016 2014-03-17] (Apache Software Foundation) [File not signed]
S3 wampstackApache-1; D:\Bitnami\wampstack-5.6.12-0\apache2\bin\httpd.exe [22528 2015-07-12] (Apache Software Foundation) [File not signed]
S3 wampstackMySQL; C:\Bitnami\wampstack-5.4.29-0\mysql\bin\mysqld.exe [8161280 2014-01-14] () [File not signed]
S3 wampstackMySQL-1; D:\Bitnami\wampstack-5.6.12-0\mysql\bin\mysqld.exe [11053568 2015-07-15] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-03-01] (Emsisoft GmbH)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-26] (AVAST Software)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-01] (Emsisoft GmbH)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ESProtectionDriver; D:\Program Files\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
U0 gtiiuuv; C:\Windows\System32\drivers\dbsefa.sys [79064 2015-10-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-26] (AVAST Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-12] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-26] (Avast Software)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [116232 2015-04-14] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [142464 2015-04-14] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115488 2014-05-16] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-12 17:33 - 2015-10-12 17:34 - 00038250 _____ C:\Users\Rachael\Desktop\FRST.txt
2015-10-12 17:04 - 2015-10-12 17:04 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\dbsefa.sys
2015-10-12 16:36 - 2015-10-12 16:36 - 18832456 _____ C:\Users\Rachael\Desktop\RogueKiller.exe
2015-10-12 16:32 - 2015-10-12 16:33 - 144209336 _____ (F-Secure Corporation ) C:\Users\Rachael\Downloads\fspm-12.00.67239-rtm.exe
2015-10-12 16:32 - 2015-10-12 16:32 - 94852115 _____ C:\Users\Rachael\Downloads\fscspr-12.00.648.jar
2015-10-11 22:03 - 2015-10-11 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F-Secure
2015-10-11 22:03 - 2015-10-11 22:03 - 00000000 ____D C:\Program Files (x86)\F-Secure
2015-10-11 22:02 - 2015-10-11 22:02 - 00863784 _____ (F-Secure Corporation) C:\Users\Rachael\Downloads\F-Secure-Safe-Network-Installer_C-MWUUX-A73JZ-KQTRW-ANNG6_.exe
2015-10-11 21:47 - 2015-10-11 22:05 - 00000000 ____D C:\Users\Rachael\AppData\Local\F-Secure
2015-10-11 21:47 - 2015-10-11 21:47 - 00572456 _____ (F-Secure Corporation) C:\Users\Rachael\Downloads\F-SecureOnlineScanner (3).exe
2015-10-11 21:46 - 2015-10-11 21:47 - 00572456 _____ (F-Secure Corporation) C:\Users\Rachael\Downloads\F-SecureOnlineScanner (2).exe
2015-10-11 21:46 - 2015-10-11 21:47 - 00572456 _____ (F-Secure Corporation) C:\Users\Rachael\Downloads\F-SecureOnlineScanner (1).exe
2015-10-11 21:40 - 2015-10-11 21:44 - 00083761 _____ C:\Users\Rachael\Downloads\Addition.txt
2015-10-11 21:38 - 2015-10-12 17:33 - 00000000 ____D C:\FRST
2015-10-11 21:38 - 2015-10-12 17:28 - 00065609 _____ C:\Users\Rachael\Downloads\FRST.txt
2015-10-11 21:38 - 2015-10-11 21:38 - 02195968 _____ (Farbar) C:\Users\Rachael\Desktop\FRST64.exe
2015-10-11 21:20 - 2015-10-11 21:20 - 05636349 _____ (Swearware) C:\Users\Rachael\Downloads\ComboFix.exe
2015-10-11 20:57 - 2015-10-11 21:26 - 00000000 ____D C:\Users\Rachael\Desktop\mbar
2015-10-11 20:57 - 2015-10-11 20:57 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Rachael\Downloads\mbar-1.09.3.1001.exe
2015-10-11 20:56 - 2015-10-11 20:56 - 22792776 _____ C:\Users\Rachael\Downloads\RogueKillerX64_beta.exe
2015-10-11 20:54 - 2015-10-11 20:54 - 00448512 _____ (OldTimer Tools) C:\Users\Rachael\Downloads\TFC.exe
2015-10-11 20:52 - 2015-10-11 20:52 - 02870984 _____ (ESET) C:\Users\Rachael\Downloads\esetsmartinstaller_enu (1).exe
2015-10-11 20:51 - 2015-10-11 20:52 - 01682432 _____ C:\Users\Rachael\Downloads\AdwCleaner.exe
2015-10-11 20:50 - 2015-10-11 21:16 - 00075742 _____ C:\Users\Rachael\Downloads\MTB.txt
2015-10-11 20:50 - 2015-10-11 20:50 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Rachael\Downloads\tdsskiller.exe
2015-10-11 20:50 - 2015-10-11 20:50 - 00891392 _____ (Farbar) C:\Users\Rachael\Downloads\MiniToolBox.exe
2015-10-11 17:52 - 2015-10-11 17:52 - 00003207 _____ C:\Users\Rachael\AppData\Local\recently-used.xbel
2015-10-11 14:42 - 2015-10-11 14:51 - 00237568 _____ C:\Users\Rachael\Documents\homura sketch.sai
2015-10-11 10:07 - 2015-10-11 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2015-10-11 10:07 - 2015-10-11 10:07 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
2015-10-11 10:06 - 2015-10-11 10:06 - 48351624 _____ (Nawmal Technologies Inc ) C:\Users\Rachael\Downloads\nawmalMAKE_installer.exe
2015-10-10 22:02 - 2015-10-10 22:02 - 00000000 ____D C:\Program Files (x86)\BookWright
2015-10-10 14:32 - 2015-10-10 14:33 - 00000232 _____ C:\Users\Rachael\Downloads\Tweenies- Crocodile Tears [FULL EPISODE].mp4-4466363340-1374208-0.sfk
2015-10-09 23:06 - 2015-10-09 23:06 - 00032608 _____ C:\Users\Rachael\Downloads\Bembo Infant MT Std Regular.zip
2015-10-09 23:06 - 2014-12-27 09:25 - 00028136 _____ C:\Users\Rachael\Downloads\Bembo Infant MT Std Regular.otf
2015-10-07 17:31 - 2015-10-07 17:32 - 39991258 _____ C:\Users\Rachael\Downloads\BB- THE MESSY  ROOM.mp4.mp4
2015-10-05 21:41 - 2015-10-05 21:41 - 10655078 _____ C:\Users\Rachael\Downloads\Dropbox.zip
2015-10-04 21:04 - 2015-10-04 21:04 - 00002755 _____ C:\Users\Rachael\reflections.mid
2015-10-04 18:34 - 2015-10-04 18:34 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Steam
2015-10-04 16:32 - 2015-10-04 16:32 - 01092712 _____ C:\Users\Rachael\Downloads\mmd_eyecon_20151004.zip
2015-10-03 17:34 - 2015-10-03 17:36 - 00289360 _____ C:\Users\Rachael\Downloads\Kaiser Chiefs - Ruby.mp3.sfk
2015-10-03 16:38 - 2015-10-03 16:38 - 40613054 _____ C:\Users\Rachael\Downloads\Rocketboy and Toro - Cartoons for Kids - Episode 3- An Inspector Calls.mp4
2015-10-03 16:37 - 2015-10-03 16:37 - 41646510 _____ C:\Users\Rachael\Downloads\Rocketboy and Toro - Cartoons for Kids - Episode 2- Mallatese Chicken.mp4
2015-10-03 16:35 - 2015-10-03 16:35 - 42194519 _____ C:\Users\Rachael\Downloads\Rocketboy and Toro - Cartoons for Kids - Episode 1- Rocketboy Squared.mp4
2015-10-03 13:39 - 2015-10-03 13:41 - 00359240 _____ C:\Users\Rachael\Downloads\Refuge - Sing Up.mp3.sfk
2015-10-03 13:28 - 2015-10-03 13:28 - 00290047 _____ C:\Users\Rachael\Downloads\thcrap.zip
2015-10-02 18:42 - 2015-10-02 18:42 - 00024205 _____ C:\Users\Rachael\Downloads\Grease__We_Go_Together.mid
2015-10-02 18:41 - 2015-10-03 13:23 - 00000000 ___HD C:\Users\Rachael\AppData\Local\{ABBDEAEF-5AED-4c34-A22D-057A13C52D1E}
2015-10-02 18:07 - 2015-10-02 18:07 - 02434698 _____ C:\Users\Rachael\Downloads\KanColleViewer-master.zip
2015-10-02 16:34 - 2015-10-02 16:34 - 07063190 _____ C:\Users\Rachael\Downloads\10 Pop Medley.wma
2015-10-01 18:35 - 2015-10-01 18:35 - 00048597 _____ C:\Users\Rachael\Downloads\froggy.mid
2015-09-29 21:52 - 2015-09-29 21:52 - 00434411 _____ C:\Users\Rachael\Downloads\theme_aardvark_moodle29_2015092800.zip
2015-09-29 19:42 - 2015-09-29 19:42 - 00000000 ____D C:\Users\Public\Documents\sun
2015-09-29 19:41 - 2015-09-29 19:41 - 00286208 _____ C:\Users\Rachael\Downloads\deprivedareas-england.xls
2015-09-29 19:09 - 2015-09-29 19:09 - 08566477 _____ C:\Users\Rachael\Downloads\Video.zip
2015-09-27 21:04 - 2015-09-27 21:10 - 00311360 _____ C:\Users\Rachael\Downloads\What Fun - Let's get digital.mp3.sfk
2015-09-26 20:32 - 2015-09-26 20:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-26 20:32 - 2015-09-26 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-26 20:31 - 2015-09-26 20:31 - 01505304 _____ (Skype Technologies S.A.) C:\Users\Rachael\Downloads\SkypeSetup.exe
2015-09-26 10:41 - 2015-09-26 10:41 - 56501344 _____ (Oracle Corporation) C:\Users\Rachael\Downloads\jre-8u60-windows-x64.exe
2015-09-26 10:40 - 2015-09-26 10:40 - 00193131 _____ C:\Users\Rachael\Downloads\wordle-permissive.jar
2015-09-26 09:44 - 2015-09-26 09:44 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-26 09:44 - 2015-09-26 09:44 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-24 14:04 - 2015-09-24 14:10 - 00048597 _____ C:\Users\Rachael\froggy.mid
2015-09-21 18:05 - 2015-09-21 18:35 - 00958804 _____ C:\Users\Rachael\Downloads\composition.bak
2015-09-21 18:05 - 2015-09-21 18:05 - 00958842 _____ C:\Users\Rachael\Downloads\composition-02.bak
2015-09-21 17:45 - 2015-09-21 17:45 - 00046821 _____ C:\Users\Rachael\plastic frog.mid
2015-09-21 17:41 - 2015-09-21 19:27 - 00958804 _____ C:\Users\Rachael\Downloads\composition.cpr
2015-09-20 17:23 - 2015-09-20 17:27 - 00306032 _____ C:\Users\Rachael\Downloads\[COOL&CREATE] --------- Phantom Ensemble.mp3.sfk
2015-09-20 14:07 - 2015-09-20 14:14 - 00263552 _____ C:\Users\Rachael\Downloads\Night of Nights (Flowering nights remix)  By COOL&CREATE-BeatMARIO.mp3.sfk
2015-09-20 12:43 - 2015-09-20 12:43 - 02237743 _____ C:\Users\Rachael\Downloads\SamsaraCycleAudio_REV-B.zip
2015-09-19 17:59 - 2015-09-19 18:04 - 04888384 _____ C:\Users\Rachael\Downloads\Topsy and Tim Cartoon Full Episodes HD Collection.mp4.sfk
2015-09-19 17:39 - 2015-09-19 17:41 - 00397536 _____ C:\Users\Rachael\Downloads\videoplayback.mp4.sfk
2015-09-19 17:39 - 2015-09-19 17:39 - 23967592 _____ C:\Users\Rachael\Downloads\videoplayback.mp4
2015-09-19 17:37 - 2015-09-19 17:37 - 21951685 _____ C:\Users\Rachael\Downloads\The Wombles - Season 2, Episode 10 The Fruit Machine.mp4
2015-09-19 17:37 - 2015-09-19 17:37 - 21530572 _____ C:\Users\Rachael\Downloads\The Wombles - Season 2, Episode 17 Porridge for Breakfast.mp4
2015-09-19 11:43 - 2015-09-19 11:43 - 01695398 _____ C:\Users\Rachael\Downloads\01Intro.pptx
2015-09-18 17:25 - 2015-09-18 17:25 - 19432613 _____ C:\Users\Rachael\Downloads\Don't Hug Me I'm Scared 4.mp4
2015-09-18 16:39 - 2015-09-18 16:39 - 00129420 _____ C:\Users\Rachael\Downloads\block_fn_marking_moodle29_2015091600.zip
2015-09-16 18:43 - 2015-09-16 18:43 - 33392897 _____ C:\Users\Rachael\Downloads\DSK_Strings.zip
2015-09-15 21:46 - 2015-09-15 21:46 - 02081545 _____ C:\Users\Rachael\Downloads\origin.9950.zip
2015-09-15 20:55 - 2015-09-15 20:55 - 00016209 _____ C:\Users\Rachael\Downloads\hurt_2.mid
2015-09-15 20:44 - 2015-09-15 20:44 - 00028074 _____ C:\Users\Rachael\Downloads\thewire_tools_v2.2.zip
2015-09-15 18:59 - 2015-09-15 19:00 - 00022108 _____ C:\Users\Rachael\Downloads\christina_aguilera-hurt.mid
2015-09-15 18:58 - 2015-09-15 18:58 - 00000801 _____ C:\Users\Rachael\Downloads\ChristinaAguilera_-_Hurt__dawn031_20120518113113.mid
2015-09-15 18:52 - 2015-09-15 18:52 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\NuGet
2015-09-15 18:40 - 2015-09-15 18:40 - 00000526 _____ C:\Users\Public\Desktop\Ampps.lnk
2015-09-15 18:40 - 2015-09-15 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ampps
2015-09-15 16:46 - 2015-10-06 16:48 - 00000000 ____D C:\Users\Rachael\Documents\Visual Studio 2013
2015-09-15 16:45 - 2015-09-15 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-15 16:44 - 2015-09-15 16:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-15 16:42 - 2015-09-15 16:42 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2015-09-15 16:42 - 2015-09-15 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-09-15 16:42 - 2015-09-15 16:42 - 00000000 ____D C:\Program Files\Application Verifier
2015-09-15 16:42 - 2015-09-15 16:42 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2015-09-15 16:41 - 2015-09-15 16:41 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2015-09-15 16:41 - 2015-09-15 16:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-09-15 16:39 - 2015-09-15 16:39 - 00000000 ____D C:\ProgramData\NuGet
2015-09-15 16:39 - 2015-09-15 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-09-15 16:39 - 2015-09-15 16:39 - 00000000 ____D C:\Program Files (x86)\NuGet
2015-09-15 16:39 - 2015-09-15 16:39 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2015-09-15 16:37 - 2015-09-15 16:37 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2015-09-15 16:36 - 2015-09-15 16:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2015-09-15 16:35 - 2015-09-15 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-09-15 16:30 - 2015-09-15 16:30 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2015-09-14 21:05 - 2015-09-14 21:05 - 21845581 _____ C:\Users\Rachael\Downloads\gnu-social-a541533e043ba4e426237d4379ce089ea48a9b26.zip
2015-09-14 20:00 - 2015-09-14 20:00 - 00256167 _____ C:\Users\Rachael\Downloads\ishouvik_profile.zip
2015-09-14 19:16 - 2015-09-14 19:16 - 00964706 _____ C:\Users\Rachael\Downloads\time_theme (1).zip
2015-09-14 19:15 - 2015-09-14 19:15 - 02928681 _____ C:\Users\Rachael\Downloads\elgg_clean.zip
2015-09-14 19:11 - 2015-09-14 19:11 - 00316418 _____ C:\Users\Rachael\Downloads\profile_manager_v9.1.zip
2015-09-14 19:11 - 2015-09-14 19:11 - 00241820 _____ C:\Users\Rachael\Downloads\tabbed_profile.zip
2015-09-14 19:03 - 2015-09-14 19:03 - 03347302 _____ C:\Users\Rachael\Downloads\vrawa_responsive_theme_1_9(1).zip
2015-09-14 19:02 - 2015-09-14 19:02 - 01501520 _____ C:\Users\Rachael\Downloads\twitter_bootstrap.zip
2015-09-14 18:40 - 2015-09-14 18:40 - 31056468 _____ C:\Users\Rachael\Downloads\Dolphin-v.7.2.0.zip
2015-09-14 17:41 - 2015-09-14 17:41 - 00000115 _____ C:\Users\Rachael\Downloads\attachment_7023_55d01bb46bde7_55d01b8b380d0_csvoxwall.csv
2015-09-14 17:40 - 2015-09-14 17:40 - 17544704 _____ C:\Users\Rachael\Downloads\oxwall-1.8.0 (1).zip
2015-09-14 17:38 - 2015-09-14 17:38 - 29381274 _____ C:\Users\Rachael\Downloads\oxwall-public-5d1d768752b7.zip
2015-09-14 17:33 - 2015-09-14 17:48 - 00059319 _____ C:\Users\Rachael\Downloads\Book1.csv
2015-09-14 17:19 - 2015-09-14 17:20 - 07579109 _____ C:\Users\Rachael\Downloads\elgg-1.12.3.zip
2015-09-14 17:18 - 2015-09-14 17:18 - 07088086 _____ C:\Users\Rachael\Downloads\wordpress-4.3 (1).zip
2015-09-13 22:28 - 2015-09-13 22:28 - 07088086 _____ C:\Users\Rachael\Downloads\wordpress-4.3.zip
2015-09-13 22:05 - 2015-09-13 22:05 - 00049154 _____ C:\Users\Rachael\Downloads\csv_importer.8710.zip
2015-09-13 18:14 - 2015-09-13 18:14 - 00145533 _____ C:\Users\Rachael\Downloads\CLIP_new_kg-xf-ja_en_tc (2).rar
2015-09-13 17:59 - 2015-09-13 17:59 - 00745646 _____ C:\Users\Rachael\Downloads\mmd__artist__s_mannequin__dl_by_mmdfakewings18-d3if6dy.zip
2015-09-13 16:32 - 2015-09-13 16:32 - 02050204 _____ C:\Users\Rachael\Downloads\sai2-20150718-64bit-en (1).zip
2015-09-13 10:11 - 2015-09-13 10:11 - 06667640 _____ (Piriform Ltd) C:\Users\Rachael\Downloads\ccsetup509.exe
2015-09-13 10:11 - 2015-09-13 10:11 - 00002792 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-09-12 22:53 - 2015-09-12 22:53 - 05994262 _____ C:\Users\Rachael\Downloads\house 2.skb
2015-09-12 22:48 - 2015-09-12 22:48 - 09711125 _____ C:\Users\Rachael\Downloads\suburban+house+June+4.skp
2015-09-12 21:00 - 2015-09-12 21:00 - 00438985 _____ C:\Users\Rachael\Downloads\Be_Excellent (1).pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-12 17:22 - 2014-12-18 17:54 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-12 17:18 - 2014-12-31 15:18 - 00000935 _____ C:\WINDOWS\Tasks\EPSON XP-520 Series Update {57904915-685B-4AD7-B71C-525C83241D71}.job
2015-10-12 17:10 - 2014-12-31 15:10 - 00000935 _____ C:\WINDOWS\Tasks\EPSON XP-520 Series Update {84D0297A-BAAD-4AFB-BBCF-FD6728D9CF35}.job
2015-10-12 17:04 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-12 17:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-12 16:51 - 2015-02-06 18:00 - 01443262 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-12 16:45 - 2014-02-27 18:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-12 16:40 - 2013-12-25 11:40 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-12 16:37 - 2014-12-18 17:54 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-12 16:31 - 2014-08-27 16:28 - 00000000 ____D C:\Users\Rachael\AppData\Local\Adobe
2015-10-12 16:29 - 2013-12-25 11:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1663812213-1418400964-3040483373-1001
2015-10-12 16:28 - 2014-04-26 12:33 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4ACE676D-7565-4B13-8950-C834131739B3}
2015-10-12 16:27 - 2014-12-03 19:56 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-12 16:27 - 2014-11-21 21:59 - 00000000 ____D C:\Users\Rachael\AppData\Local\CrashDumps
2015-10-12 16:25 - 2014-12-17 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-10-12 16:25 - 2013-12-27 16:53 - 00000000 ____D C:\Users\Rachael\AppData\Local\TSVNCache
2015-10-12 16:24 - 2014-09-18 16:55 - 00000000 ___RD C:\Users\Rachael\Documents\OneDrive
2015-10-12 16:24 - 2013-12-25 11:40 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-11 22:06 - 2015-08-11 21:13 - 00741200 _____ C:\Users\Rachael\Documents\Wombles.veg
2015-10-11 22:04 - 2014-12-19 20:35 - 00000000 ____D C:\ProgramData\F-Secure
2015-10-11 21:43 - 2014-04-13 18:44 - 00000000 ____D C:\Users\Rachael
2015-10-11 21:34 - 2015-04-10 21:42 - 00000000 ____D C:\Users\Rachael\Documents\kipper
2015-10-11 21:26 - 2014-03-17 18:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-11 21:02 - 2014-12-03 19:56 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-11 20:47 - 2015-03-01 20:08 - 00000000 ____D C:\Users\Rachael\mbar
2015-10-11 20:46 - 2015-07-13 16:25 - 00000000 ____D C:\My Web Sites
2015-10-11 18:48 - 2013-12-25 16:36 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Audacity
2015-10-11 15:36 - 2014-01-12 16:41 - 00000000 ____D C:\Users\Rachael\AppData\Local\gtk-3.0
2015-10-11 15:19 - 2015-08-11 21:13 - 00741456 _____ C:\Users\Rachael\Documents\Wombles.veg.bak
2015-10-11 14:27 - 2014-01-03 18:19 - 00000000 ____D C:\Users\Rachael\Documents\MyPaint
2015-10-10 22:04 - 2014-01-01 21:43 - 00000000 ____D C:\Users\Rachael\.blurb
2015-10-10 22:03 - 2014-05-05 10:25 - 00000000 ____D C:\Users\Rachael\Documents\Blurb
2015-10-10 22:03 - 2014-05-05 10:25 - 00000000 ____D C:\Users\Rachael\AppData\Local\Blurb
2015-10-10 20:25 - 2015-08-18 22:43 - 00818096 _____ C:\Users\Rachael\Documents\tipsy tom.veg
2015-10-10 17:57 - 2015-03-29 20:15 - 00075520 _____ C:\Users\Rachael\Documents\test.veg
2015-10-10 17:12 - 2015-03-29 20:15 - 00075520 _____ C:\Users\Rachael\Documents\test.veg.bak
2015-10-10 15:20 - 2014-02-08 18:05 - 00000132 _____ C:\Users\Rachael\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-10-10 14:50 - 2014-06-29 12:46 - 00768944 _____ C:\Users\Rachael\Documents\Skipper.veg
2015-10-10 14:40 - 2015-08-09 22:47 - 01914216 _____ C:\Users\Rachael\Documents\tweenies.veg
2015-10-09 23:03 - 2014-03-21 23:19 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Fade In
2015-10-09 16:58 - 2013-12-25 18:07 - 01716736 ___SH C:\Users\Rachael\Downloads\Thumbs.db
2015-10-08 22:02 - 2014-01-01 17:37 - 00000000 ____D C:\Users\Rachael\.VirtualBox
2015-10-08 18:08 - 2014-06-29 12:13 - 00000000 ____D C:\Users\Rachael\VirtualBox VMs
2015-10-07 21:27 - 2015-06-17 12:51 - 01908112 _____ C:\Users\Rachael\Documents\tweenies.veg.bak
2015-10-07 20:52 - 2014-06-29 12:46 - 00768992 _____ C:\Users\Rachael\Documents\Skipper.veg.bak
2015-10-07 19:58 - 2015-08-18 22:43 - 00818128 _____ C:\Users\Rachael\Documents\tipsy tom.veg.bak
2015-10-07 17:26 - 2014-08-25 19:29 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Skype
2015-10-07 17:21 - 2014-08-25 19:29 - 00000000 ____D C:\ProgramData\Skype
2015-10-06 20:58 - 2013-12-25 11:28 - 00000000 ____D C:\Users\Rachael\AppData\Local\Packages
2015-10-06 20:58 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-05 16:45 - 2015-06-22 21:28 - 00000000 ____D C:\Program Files\Firefox Developer Edition
2015-10-05 16:34 - 2013-12-26 20:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-04 21:04 - 2013-12-25 16:03 - 00000000 ____D C:\Users\Rachael\Documents\Mixcraft Projects
2015-10-04 17:54 - 2015-03-09 16:23 - 00001790 _____ C:\WINDOWS\Sandboxie.ini
2015-10-04 10:40 - 2014-06-18 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-02 18:06 - 2015-04-28 19:31 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translations
2015-10-02 18:06 - 2015-04-26 10:13 - 00000816 _____ C:\Users\Rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KanColleViewer!.lnk
2015-10-01 19:16 - 2015-07-14 17:48 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
2015-10-01 19:11 - 2014-08-28 17:07 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Celemony Software GmbH
2015-09-30 20:01 - 2015-05-03 10:47 - 00003003 _____ C:\WINDOWS\setupact.log
2015-09-30 20:01 - 2015-05-03 10:46 - 00183462 _____ C:\WINDOWS\PFRO.log
2015-09-30 20:01 - 2014-04-13 18:39 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-30 20:01 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-30 20:00 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-29 19:10 - 2013-12-25 13:51 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\vlc
2015-09-28 17:51 - 2015-03-15 21:39 - 00256072 _____ C:\Users\Rachael\Documents\al  monkeh.veg
2015-09-27 22:11 - 2015-03-15 21:39 - 00256040 _____ C:\Users\Rachael\Documents\al  monkeh.veg.bak
2015-09-27 13:49 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-09-26 20:32 - 2014-08-25 19:29 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-26 09:45 - 2013-12-25 11:54 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-09-26 09:44 - 2015-07-19 16:39 - 00132656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2015-09-26 09:44 - 2015-04-16 09:13 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-09-26 09:44 - 2014-05-07 20:44 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-26 09:44 - 2013-12-25 11:54 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-26 09:44 - 2013-12-25 11:54 - 00448968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-26 09:44 - 2013-12-25 11:54 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-26 09:44 - 2013-12-25 11:54 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-09-26 09:44 - 2013-12-25 11:54 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-26 09:44 - 2013-12-25 11:54 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-09-26 09:42 - 2015-04-16 11:22 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-24 13:48 - 2013-12-25 19:57 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-21 18:27 - 2014-01-02 15:17 - 02624512 ___SH C:\Users\Rachael\Documents\Thumbs.db
2015-09-20 12:55 - 2014-01-29 21:15 - 00451584 ___SH C:\Users\Rachael\Thumbs.db
2015-09-20 12:44 - 2014-01-29 21:30 - 00000000 ____D C:\Program Files\VST
2015-09-19 13:06 - 2014-02-09 14:55 - 00000000 ____D C:\Users\Rachael\Documents\stickman
2015-09-17 18:12 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-16 16:24 - 2015-08-21 09:07 - 00000000 ___RD C:\Users\Rachael\OneDrive
2015-09-16 16:24 - 2014-09-11 14:02 - 00003098 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1663812213-1418400964-3040483373-1001
2015-09-15 19:09 - 2015-05-31 19:29 - 00000000 ___RD C:\Users\Rachael\Just Be
2015-09-15 16:43 - 2015-09-08 20:27 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-09-15 16:43 - 2015-09-08 20:26 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-09-15 16:43 - 2014-10-05 12:52 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-09-15 16:43 - 2014-08-19 17:40 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2015-09-15 16:43 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-15 16:43 - 2013-02-13 13:32 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-09-15 16:41 - 2014-10-05 12:49 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-09-15 16:41 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-15 16:38 - 2015-09-08 20:27 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2015-09-15 16:36 - 2015-09-08 20:14 - 00000000 ____D C:\WINDOWS\system32\1033
2015-09-15 16:30 - 2014-01-12 19:09 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-15 16:28 - 2014-04-14 03:31 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-09-14 21:35 - 2013-12-25 11:40 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-14 21:35 - 2013-12-25 11:40 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 17:19 - 2015-08-04 11:49 - 00000000 ____D C:\xampp
2015-09-13 18:39 - 2015-07-21 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIP STUDIO
2015-09-13 18:39 - 2013-02-13 13:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-13 18:32 - 2015-07-21 17:37 - 00000000 ____D C:\Users\Rachael\Documents\CELSYS_EN
2015-09-13 10:11 - 2014-12-20 23:51 - 00000710 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-13 09:42 - 2013-12-25 11:40 - 00000000 ____D C:\Users\Rachael\AppData\Local\Google
2015-09-12 22:55 - 2015-06-08 17:53 - 06022368 _____ C:\Users\Rachael\Downloads\house 2.skp
 
==================== Files in the root of some directories =======
 
2014-02-26 18:44 - 2011-10-31 11:16 - 1888256 _____ (Apache Software Foundation) C:\Program Files\xerces-c_3_1.dll
2015-06-22 20:57 - 2015-08-02 14:05 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-08 18:05 - 2015-10-10 15:20 - 0000132 _____ () C:\Users\Rachael\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-04 20:08 - 2015-08-30 12:19 - 0065588 _____ () C:\Users\Rachael\AppData\Roaming\Camdata.ini
2015-02-04 20:08 - 2015-08-30 12:19 - 0000408 _____ () C:\Users\Rachael\AppData\Roaming\CamLayout.ini
2015-02-04 20:08 - 2015-08-30 12:19 - 0000408 _____ () C:\Users\Rachael\AppData\Roaming\CamShapes.ini
2015-02-04 20:08 - 2015-08-30 12:19 - 0004522 _____ () C:\Users\Rachael\AppData\Roaming\CamStudio.cfg
2015-10-11 17:52 - 2015-10-11 17:52 - 0003207 _____ () C:\Users\Rachael\AppData\Local\recently-used.xbel
2015-07-09 17:02 - 2015-07-09 17:02 - 0017408 _____ () C:\Users\Rachael\AppData\Local\WebpageIcons.db
2013-12-29 11:41 - 2013-12-29 11:41 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
1999-07-07 01:00 - 1999-07-07 01:00 - 0000006 __RSH () C:\ProgramData\DE280AC2-0786-4476-96E5-D6E6370396FE
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 17:19
 
==================== End of FRST.txt ============================

 

I thought that I'd make a separate thread, though, in case my problem cause is different from theirs.

 

Thanks for your help.


Edited by MissPenguin, 12 October 2015 - 12:33 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 AM

Posted 13 October 2015 - 07:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
CHR Extension: (Avast Online Security) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
U0 gtiiuuv; C:\Windows\System32\drivers\dbsefa.sys [79064 2015-10-12] (Malwarebytes Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Windows\System32\drivers\dbsefa.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Is the issue still persisting?

p.s.
Please include in your next reply, the Addition.txt file that was created by the Farbar tool.

#3 RCLeahcar

RCLeahcar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:59 AM

Posted 13 October 2015 - 10:34 AM

Here is my fix result:
Fix result of Farbar Recovery Scan Tool (x64) Version:12-10-2015
Ran by Rachael (2015-10-13 16:17:47) Run:1
Running from C:\Users\Rachael\Desktop\FARBAR
Loaded Profiles: Rachael (Available Profiles: Rachael)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
CHR Extension: (Avast Online Security) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
U0 gtiiuuv; C:\Windows\System32\drivers\dbsefa.sys [79064 2015-10-12] (Malwarebytes Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Windows\System32\drivers\dbsefa.sys
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value removed successfully
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@TrendMicro.com/FFExtension" => key removed successfully
C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
gtiiuuv => service removed successfully
VBoxNetFlt => service removed successfully
C:\Windows\System32\drivers\dbsefa.sys => moved successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-13 16:22:59)
 
==> ATTENTION: System is not rebooted.
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 16:22:59 ====
 
 
And here is my Additions.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-10-2015 02
Ran by Rachael (2015-10-12 17:34:24)
Running from C:\Users\Rachael\Desktop
Windows 8.1 (X64) (2014-04-13 18:15:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1663812213-1418400964-3040483373-500 - Administrator - Disabled)
Guest (S-1-5-21-1663812213-1418400964-3040483373-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1663812213-1418400964-3040483373-1003 - Limited - Enabled)
Rachael (S-1-5-21-1663812213-1418400964-3040483373-1001 - Administrator - Enabled) => C:\Users\Rachael
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acoustica Mixcraft 7 (64ビット) (HKLM-x32\...\Mixcraft 7-64) (Version: 7.0.0.251 - Acoustica)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Ampps 3.3 (HKLM-x32\...\Ampps_is1) (Version:  - Softaculous Ltd.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5 (64-bit)) (Version: 2.5.6.7716 - )
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Bitnami WAMP Stack (HKLM-x32\...\Bitnami WAMP Stack 5.4.29-0) (Version: 5.4.29-0 - Bitnami)
Bitnami WAMP Stack (HKLM-x32\...\Bitnami WAMP Stack 5.6.12-0) (Version: 5.6.12-0 - Bitnami)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.74 - Blender Foundation)
Bome's Mouse Keyboard 2.00 (HKLM-x32\...\Bome's Mouse Keyboard_is1) (Version:  - Bome Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BookSmart® 3.4.5 3.4.5 (HKLM-x32\...\BookSmart® 3.4.5 3.4.5) (Version:  - Blurb, Inc)
BookWright version 1.0.34 (HKLM-x32\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.0.34 - Blurb, Inc.)
Boris Continuum Complete 9 OFX for Sony (64-Bit) (HKLM\...\{3DF67BF0-17E8-4537-951C-758102AB87F7}) (Version: 9.0.2005 - Boris FX, Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
CamStudio Lossless Codec v1.5 (HKLM-x32\...\camcodec) (Version: 1.5 - CamStudio)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)
CLIP STUDIO ACTION (HKLM-x32\...\{A1EFF737-455F-4736-A25D-B127447DCC3D}) (Version: 1.1.4 - CELSYS)
CLIP STUDIO COORDINATE (HKLM-x32\...\{00D399FC-4199-435D-BAE7-B9AE9993ACF2}) (Version: 1.1.4 - CELSYS)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Corel Painter 13 - IPM (Version: 14.0 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 14.0 - Corel Corporation) Hidden
Corel Painter 2015 (HKLM\...\_{DDB3F5F0-2583-426C-A652-8404AFF3A4D0}) (Version: 14.0.0.728 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.7.0 Beta - Alexandre Devilliers (aka Elbereth))
Dropbox (HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.05 - ASUSTeK Computer Inc.)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Stylus Photo R3000 Printer Uninstall (HKLM\...\Epson Stylus Photo R3000) (Version:  - SEIKO EPSON Corporation)
EPSON XP-520 Series Printer Uninstall (HKLM\...\EPSON XP-520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eSpeak version 1.48.04 (HKLM-x32\...\eSpeak_is1) (Version:  - )
eSpeakEdit version 1.48.15 (HKLM-x32\...\eSpeakEdit_is1) (Version:  - )
Fade In Professional Screenwriting Software (HKLM-x32\...\Fade In Professional Screenwriting Software Demo_is1) (Version:  - Fade In Professional Screenwriting Software)
ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileZilla Client 3.12.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
FireAlpaca 1.2.0 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.2.0 - firealpaca.com)
Firefox Developer Edition 43.0a2 (x64 en-GB) (HKLM\...\Firefox Developer Edition 43.0a2 (x64 en-GB)) (Version: 43.0a2 - Mozilla)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Genymotion version 2.3.1 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.1 - Genymobile)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM-x32\...\{CF772DD2-4767-49AE-B764-EACA6F6CD9AE}) (Version: 1.25.0286.7715 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Harmony Assistant (HKLM-x32\...\Harmony Assistant) (Version: 9.6.3i - Myriad SARL)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version:  - Image-Line)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.02 - iZotope, Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 5.3.0 - JPEXS)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodu Game Lab (HKLM-x32\...\{DB50DF5B-9562-4D55-B61C-A0AE8762E856}) (Version: 1.4.61 - Microsoft Research)
Krita Desktop (x64) 2.9.4.0 (HKLM\...\{1BE0298C-0A48-4371-8EF3-81002BF8132E}) (Version: 2.9.4.0 - Krita Foundation)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
LibreOffice 5.0.1.2 (HKLM-x32\...\{927AE35D-72BC-437D-BAC7-EE47D03DEE54}) (Version: 5.0.1.2 - The Document Foundation)
Little Alchemy (HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\littlealchemy-c7de5d8adcfd810d98ec68069ab57bd9) (Version: 1.0.11 - Recloak)
LMMS 1.1.3 (HKLM-x32\...\LMMS) (Version: 1.1.3 - LMMS Developers)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maxwell for SketchUp 2015 (HKLM-x32\...\{DEC405C1-CB23-4C20-948D-BF8631B7E8EE}) (Version: 3.1.0 - Next Limit Technologies)
Mbrola Tools 3.5 (HKLM-x32\...\MbrolaTools35_is1) (Version: 3.5 - FPMs TCTS Lab)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 14 CTP Redistributable (x64) - 14.0.22129 (HKLM-x32\...\{8a6c0ef2-b24e-4897-a1d7-367c3212a70b}) (Version: 14.0.22129.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Premium 2013 (HKLM-x32\...\{335b362f-f680-4aa4-8c0a-47bfdb5d242d}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MIDI Yoke (HKLM-x32\...\{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}) (Version: 1.75.53 - JOConnell)
MIDI-OX (HKLM-x32\...\{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}) (Version: 7.02.372 - MIDIOX Computing)
Movie Looks Vegas HD (HKLM-x32\...\Movie Looks Vegas HD) (Version:  - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.0.5756 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MultiEx Commander v3.2 b (HKLM-x32\...\ST6UNST #1) (Version:  - )
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MuseScore 2 (HKLM-x32\...\{703926DE-F24B-11E4-AA68-472FB664A5DC}) (Version: 2.0.1 - Werner Schweer and Others)
MusicLab RealGuitar (32-bit) (x32 Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealGuitar (64-bit) (Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab RealGuitar (HKLM-x32\...\{8acd5fa1-4229-4d1c-8128-69dd335c205c}) (Version: 3.1.0.7127 - MusicLab, Inc.)
MusicLab RealGuitar Sound Bank (x32 Version: 3.1.0.7127 - MusicLab, Inc.) Hidden
MusicLab Virtual Midi Driver (64-bit) (HKLM\...\{2B019162-86C7-4D14-AED0-2CB5110BA4FF}) (Version: 2.0.2.0 - MusicLab, Inc.)
MyPaint w64 version 1.2.0-beta.0 (HKLM-x32\...\MyPaint w64_is1) (Version: 1.2.0-beta.0 - Martin Renold and the MyPaint Development Team)
NaturalMotion endorphin 2.7.1 (HKLM-x32\...\NaturalMotion endorphin_is1) (Version:  - NaturalMotion Ltd.)
NewBlue Free Effects for Windows (HKLM-x32\...\NewBlue Free Effects for Windows) (Version: 1.4 - NewBlue)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.6 - Notepad++ Team)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
openCanvas 6.0.15 (64bit) (HKLM\...\{FD20E1D7-38A4-4A87-8E49-3BB06E4542E8}}_is1) (Version: 6.0.15 - PGN Inc.)
Oracle VM VirtualBox 5.0.0_BETA2 (HKLM\...\{6FDDAA7C-86D2-4648-8625-8FB79A25C646}) (Version: 5.0.0 - Oracle Corporation)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Painter 2015 - Contentx64 (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - Core (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - Corex64 (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - CT (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - DE (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - EN (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - FR (Version: 14.0 - Corel Corporation) Hidden
Painter 2015 - Setup Files (Version: 14.0 - Corel Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeaZip 5.5.3 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony)
Programmer's Notepad (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.4.0.2378 - Simon Steele)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Resource Hacker Version 4.2.4 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 436 - MIT Media Lab)
Scratch 2 Offline Editor (x32 Version: 255 - MIT Media Lab) Hidden
Screen Recorder Launcher (HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\ScreenRecorderLauncher) (Version: 1.7 - )
ShareX 10.0.0 (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.0.0 - ShareX Developers)
SketchUp 2015 (HKLM\...\{319CD380-1AAB-4CAD-BE1D-59189A780FA6}) (Version: 15.2.685 - Trimble Navigation Limited)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Speakonia (HKLM-x32\...\Speakonia_is1) (Version: 1.0.3.5 - CFS-Technologies)
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
Strong Bad - Strong Bad Episode 1 - Homestar Ruiner (HKLM-x32\...\Episode 1 - Homestar Ruiner) (Version: 1.0.0.10 - Telltale Games)
Strong Bad - Strong Bad Episode 2 - Strong Badia the Free (HKLM-x32\...\Episode 2 - Strong Badia the Free) (Version: 1.0.0.10 - Telltale Games)
Strong Bad - Strong Bad Episode 3 - Baddest of the Bands (HKLM-x32\...\Episode 3 - Baddest of the Bands) (Version: 1.0.0.10 - Telltale Games)
Strong Bad - Strong Bad Episode 4 - Dangeresque 3 (HKLM-x32\...\Episode 4 - Dangeresque 3) (Version: 1.0.0.10 - Telltale Games)
Strong Bad - Strong Bad Episode 5 - 8-Bit Is Enough (HKLM-x32\...\Episode 5 - 8-Bit Is Enough) (Version: 1.0.0.10 - Telltale Games)
Stykz for Windows 1.0.2 (HKLM-x32\...\{7E44C354-10A8-4214-9C56-F3F00775E415}_is1) (Version: 1.0.2 - Sons of Thunder Software, Inc.)
Sumotori Dreams (HKLM-x32\...\Sumotori Dreams) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
SWFRIP 0.4 (HKLM-x32\...\SWFRIP) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TortoiseSVN 1.8.10.26129 (64 bit) (HKLM\...\{A9E679EC-8FD4-49D8-A5A5-ACE462515A9E}) (Version: 1.8.26129 - TortoiseSVN)
Truck Dismount (remove only) (HKLM-x32\...\Rekkaturvat) (Version:  - )
Tux Paint 0.9.22 (HKLM-x32\...\Tux Paint_is1) (Version:  - New Breed Software)
Tux Paint Stamps 2014-08-23 (HKLM-x32\...\Tux Paint Stamps_is1) (Version:  - New Breed Software)
Unity Web Player (HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visualizer for SketchUp (HKLM\...\{3758A735-50FD-4033-B3F5-77F30ED63F87}) (Version: 1.3.13.0 - Imagination)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WebM Project Directshow Filters (HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\webmdshow) (Version:  - )
WebReaper v10 (HKLM-x32\...\WebReaper_is1) (Version: 10b - WebReaper.net)
WhoCrashed 5.50 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.11-0 - Bitnami)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
東方心綺楼 (HKLM-x32\...\{B641E348-377C-4819-B92F-03F1D35A7EE3}_is1) (Version:  - 黄昏フロンティア)
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1663812213-1418400964-3040483373-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rachael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1663812213-1418400964-3040483373-1001_Classes\CLSID\{24734139-2E14-88F8-FDDF-194FDB2B19C4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1663812213-1418400964-3040483373-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> d:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-1663812213-1418400964-3040483373-1001_Classes\CLSID\{F57AEC8E-0F8D-F866-ABE0-8EC6A26B5B17}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1663812213-1418400964-3040483373-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1663812213-1418400964-3040483373-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1663812213-1418400964-3040483373-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1663812213-1418400964-3040483373-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rachael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
09-10-2015 19:24:14 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2015-08-30 16:24 - 00000842 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1                   www.acoustica.com
127.0.0.1       localhost
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {17CED2B0-681D-47D0-A0ED-A68678B4E291} - System32\Tasks\EPSON XP-520 Series Update {84D0297A-BAAD-4AFB-BBCF-FD6728D9CF35} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {288595EE-6E28-4B07-8447-4840CB3728E6} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1663812213-1418400964-3040483373-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {2AF53894-A985-42DC-8C3F-27AC303A3CF6} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rachael2001@live.co.uk => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {360DFF14-1359-46AD-857C-622966F9CF34} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-29] (Adobe Systems Incorporated)
Task: {40013371-795E-47E0-8215-3FD9DDC180DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {5B03BFE0-1B56-428C-A785-D18D168EE9B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {5BAEA9FA-C038-44E8-9B44-AA203B420470} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {75F0DF1A-5D8D-431D-B66B-30BCBFAC24E3} - System32\Tasks\avastBCLRestartS-1-5-21-1663812213-1418400964-3040483373-1001 => Chrome.exe 
Task: {870540B7-AD7C-4952-8ABD-44AE5CDF42B1} - System32\Tasks\ASUS\ASUS Easy Update => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
Task: {9F610BB6-5FE3-47E8-9172-E8ED0BF61A77} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {A1A64BB7-ADEF-41E4-8B18-8CD9CF4A6DBC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {B0FEDEBA-B5F0-4AFF-8923-6AAAFDAB8242} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-26] (AVAST Software)
Task: {C28F5466-B34E-4D4F-B373-686916B47B59} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {C76DB0C3-3D0D-45CA-8C6B-1FEBDDD59C15} - System32\Tasks\BDAntiCryptoWallTask => C:\Users\Rachael\Downloads\BDAntiCryptoWall_Release.exe [2015-06-29] ()
Task: {EAB00FA6-1FD9-4CE8-80DE-38DC7863D2C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EDB68385-B975-4238-ABE9-CC2061D746BF} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
Task: {F9CDF4A0-2241-4A22-A85C-4B5330054176} - System32\Tasks\EPSON XP-520 Series Update {57904915-685B-4AD7-B71C-525C83241D71} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {FCD102F7-2F2A-44FE-B007-BA168F1FF0E3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-12] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-520 Series Update {57904915-685B-4AD7-B71C-525C83241D71}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE:/EXE:{57904915-685B-4AD7-B71C-525C83241D71} /F:UpdateWORKGROUP\RACHAEL$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-520 Series Update {84D0297A-BAAD-4AFB-BBCF-FD6728D9CF35}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNPE.EXE:/EXE:{84D0297A-BAAD-4AFB-BBCF-FD6728D9CF35} /F:UpdateWORKGROUP\RACHAEL$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-19 18:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-13 18:38 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-15 16:29 - 2015-08-12 04:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-17 22:31 - 2014-12-17 22:31 - 00076032 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-12-17 22:30 - 2014-12-17 22:30 - 00088832 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2015-07-09 18:32 - 2015-07-09 18:32 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () D:\Program Files\Notepad++\NppShell_06.dll
2015-10-08 16:20 - 2015-10-12 16:24 - 01208024 _____ () C:\Users\Rachael\AppData\Local\Temp\BDAntiCryptoWall\BDAntiCryptoWall.exe
2015-10-08 16:20 - 2015-10-12 16:24 - 00091648 _____ () C:\Users\Rachael\AppData\Local\Temp\BDAntiCryptoWall\BDMetrics.dll
2015-09-26 09:44 - 2015-09-26 09:44 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-26 09:44 - 2015-09-26 09:44 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-30 17:00 - 2015-09-30 17:00 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15093001\algo.dll
2015-10-11 11:29 - 2015-10-11 11:29 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101100\algo.dll
2015-09-26 09:44 - 2015-09-26 09:44 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-09 18:32 - 2015-07-09 18:32 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-12-17 21:53 - 2014-12-17 21:53 - 00065792 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2015-09-26 09:42 - 2015-09-24 03:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-26 09:42 - 2015-09-24 03:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2014-12-17 21:53 - 2014-12-17 21:53 - 00071936 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Rachael\Documents\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\Control Panel\Desktop\\Wallpaper -> D:\Comoc\kantai_collection___kaga_by_jakjak24-d8pd70c.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: asHmComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: AsusFanControlService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: EpsonBidirectionalService => 2
MSCONFIG\Services: FlexNet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: UNS => 2
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Andy"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "emsisoft anti-malware"
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\StartupApproved\Run: => "Epson Stylus Photo R3000"
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\StartupApproved\Run: => "KSS"
HKU\S-1-5-21-1663812213-1418400964-3040483373-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C8AA7184-D916-41F8-B764-80836EC0359B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{069074FA-9D0F-4A7F-8D07-64D105CF31CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B6AA3FAD-E910-446B-B0C6-095585FEA6DF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D27B9256-2738-41E8-B1A8-B4AD93F014DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{282FA5EB-B6C1-4191-86F5-98DF0A16AC4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8C1BF2FD-5C6B-4F88-BADC-FC9A42647FD8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{3F71E831-7FF7-45A1-83E0-E51222DF1552}] => (Allow) C:\Users\Rachael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{773D21ED-B7AD-4F6B-85F6-23226AB36385}] => (Allow) C:\Users\Rachael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BE7D68D0-3E54-4402-9410-EE4235362DD7}] => (Allow) C:\Users\Rachael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6492C09F-0DD3-4DB4-91CC-0CEDD9362B27}] => (Allow) C:\Users\Rachael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{BE745411-F392-4371-B3DF-BDF9B33F7CA4}C:\bitnami\wampstack-5.4.29-0\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wampstack-5.4.29-0\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{7E33A0CA-DD01-472D-BF44-916C3000FA9A}C:\bitnami\wampstack-5.4.29-0\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wampstack-5.4.29-0\apache2\bin\httpd.exe
FirewallRules: [{A5E6D54C-5389-4464-B77C-B6512EC95A3B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F49507DE-8EA1-4967-A61F-80E4EE12746C}] => (Allow) LPort=2869
FirewallRules: [{E123186E-546F-42A2-A84E-F0F4139828D9}] => (Allow) LPort=1900
FirewallRules: [{4C6EBBBF-257A-46BF-88AE-621712D9EE39}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{0D3A2706-685A-4D12-A92A-145983ED355A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A603A6E9-6E3B-4CD8-BB77-929845697036}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{88C5BD5B-10ED-4469-8DED-D28DC531913E}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{4CCC0B8B-91E5-4BF6-AF60-370A8BFC97C1}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D9F1D2DF-8396-4BAC-A629-D6A3E2CB2763}C:\users\rachael\documents\funny games\tabletop simulator.exe] => (Allow) C:\users\rachael\documents\funny games\tabletop simulator.exe
FirewallRules: [UDP Query User{9DA1429D-51F5-4AA5-99AA-8EFB55966584}C:\users\rachael\documents\funny games\tabletop simulator.exe] => (Allow) C:\users\rachael\documents\funny games\tabletop simulator.exe
FirewallRules: [{52E2C22B-31FE-49D4-871C-085722AB593C}] => (Block) C:\users\rachael\documents\funny games\tabletop simulator.exe
FirewallRules: [{C8082552-EC63-4BCF-8263-09B3207D2248}] => (Block) C:\users\rachael\documents\funny games\tabletop simulator.exe
FirewallRules: [{5A187C6F-348E-4A6A-86CE-5574373617C1}] => (Allow) C:\Users\Rachael\Documents\funny games\Crashtastic v0.4.1\iws.exe
FirewallRules: [{8E5149D3-EE61-42E1-8961-4E89141267E7}] => (Allow) C:\Users\Rachael\Documents\funny games\Crashtastic v0.4.1\iws.exe
FirewallRules: [{2709B731-9FC8-46A2-9801-ACD5FE2EA2F2}] => (Allow) C:\Users\Rachael\Documents\funny games\Crashtastic v0.4.1\iws.exe
FirewallRules: [{3B0CDEB5-493A-4F14-B3FE-E08030AD7104}] => (Allow) C:\Users\Rachael\Documents\funny games\Crashtastic v0.4.1\iws.exe
FirewallRules: [{A80505F5-53F6-4B8B-A3C8-361B0E43A2CE}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{F7BDCA14-7B4D-49DB-8D33-37D1F29CD8F1}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{20B99AFD-1991-4EB1-A855-FC97D32474CB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3A0434B0-ED26-4546-8FFA-E3918A4FC573}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E3B07490-FBF9-4AAA-9EA6-7465AC4964B3}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{6C4D758C-0193-45C9-9E1A-EC2ABEB7D27C}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{DE3A9CDC-43E7-4505-BB86-64D1CF7C91CB}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{3AD67A24-5AA8-4866-B1FE-203B1A47C098}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{30FCEA89-C458-4367-87E0-D60A30D9049D}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [{91CAFBBC-A5B9-481C-A89B-3EFE2AF937F2}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [{77959093-DD9A-4D5E-9736-74646BCC34B6}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{972D4E77-A970-487C-BF2C-BB433B8CAFB8}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{DE639E15-A935-46B8-B466-8E86EC340DF7}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{9B15458E-15F1-4AB0-B33C-C1FAB923855A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{B336F61B-C5AD-42B7-AF19-67FAE6B9A107}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{74A5C15F-35ED-4367-AEE7-C9B8EE722B97}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{A5B1AB6E-489D-44A4-9951-0C72E5FB3DC1}D:\ampps\mysql\bin\mysqld.exe] => (Allow) D:\ampps\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{0984F23E-7077-4E51-8DA7-95C5E335FC4B}D:\ampps\mysql\bin\mysqld.exe] => (Allow) D:\ampps\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{805B5666-4403-45EF-94EA-69EAA4A3AE62}D:\ampps\apache\bin\httpd.exe] => (Allow) D:\ampps\apache\bin\httpd.exe
FirewallRules: [UDP Query User{6435E5C1-56DB-4E9C-84EC-1A0FCA8392B3}D:\ampps\apache\bin\httpd.exe] => (Allow) D:\ampps\apache\bin\httpd.exe
FirewallRules: [TCP Query User{B6E2E982-47FD-4AF9-BBE4-232EB96AE945}D:\bitnami\wampstack-5.6.12-0\apache2\bin\httpd.exe] => (Allow) D:\bitnami\wampstack-5.6.12-0\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{451710A9-E0E1-42D8-89A2-79956617A00B}D:\bitnami\wampstack-5.6.12-0\apache2\bin\httpd.exe] => (Allow) D:\bitnami\wampstack-5.6.12-0\apache2\bin\httpd.exe
FirewallRules: [{E90A63C8-1597-4C48-A1EE-EB8951BD3076}] => (Allow) D:\Program Files\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{4F437440-23E9-4C39-ACA0-E31EDA16EF52}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0A4DEBE1-561A-4BAC-BAEB-3D902415745D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{92E4E820-B03B-47A2-870E-14BE32FD3D0A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{21A9C4D4-A957-497E-AD51-914C8EF53465}D:\videos\microsoft\tabletop.simulator.v5.1.1\tabletop.simulator.v5.1.1\tabletop simulator.exe] => (Block) D:\videos\microsoft\tabletop.simulator.v5.1.1\tabletop.simulator.v5.1.1\tabletop simulator.exe
FirewallRules: [UDP Query User{321B1222-9624-4F29-BF12-1E7AEAAA1625}D:\videos\microsoft\tabletop.simulator.v5.1.1\tabletop.simulator.v5.1.1\tabletop simulator.exe] => (Block) D:\videos\microsoft\tabletop.simulator.v5.1.1\tabletop.simulator.v5.1.1\tabletop simulator.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/12/2015 05:33:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/12/2015 04:33:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/12/2015 04:26:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x0eedfade
Fault offset: 0x00014598
Faulting process id: 0xf00
Faulting application start time: 0xEPUHelp.exe0
Faulting application path: EPUHelp.exe1
Faulting module path: EPUHelp.exe2
Report Id: EPUHelp.exe3
Faulting package full name: EPUHelp.exe4
Faulting package-relative application ID: EPUHelp.exe5
 
Error: (10/11/2015 09:20:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/11/2015 08:52:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/11/2015 08:52:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/11/2015 08:52:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/11/2015 08:52:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.
 
Error: (10/11/2015 12:49:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x0eedfade
Fault offset: 0x00014598
Faulting process id: 0x1714
Faulting application start time: 0xEPUHelp.exe0
Faulting application path: EPUHelp.exe1
Faulting module path: EPUHelp.exe2
Report Id: EPUHelp.exe3
Faulting package full name: EPUHelp.exe4
Faulting package-relative application ID: EPUHelp.exe5
 
Error: (10/11/2015 09:50:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EPUHelp.exe, version: 1.0.0.31, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0x0eedfade
Fault offset: 0x00014598
Faulting process id: 0xfc4
Faulting application start time: 0xEPUHelp.exe0
Faulting application path: EPUHelp.exe1
Faulting module path: EPUHelp.exe2
Report Id: EPUHelp.exe3
Faulting package full name: EPUHelp.exe4
Faulting package-relative application ID: EPUHelp.exe5
 
 
System errors:
=============
Error: (10/12/2015 04:37:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (10/11/2015 10:06:43 PM) (Source: DCOM) (EventID: 10010) (User: RACHAEL)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (10/11/2015 10:02:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252.
 
Error: (10/11/2015 09:15:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/11/2015 08:53:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/11/2015 08:53:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Rachael\AppData\Local\Temp\ehdrv.sys
 
Error: (10/11/2015 08:53:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/11/2015 08:53:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Rachael\AppData\Local\Temp\ehdrv.sys
 
Error: (10/11/2015 08:53:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (10/11/2015 08:53:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Rachael\AppData\Local\Temp\ehdrv.sys
 
 
CodeIntegrity:
===================================
  Date: 2015-06-25 13:53:03.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-25 13:53:03.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-25 13:53:02.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-25 13:53:02.437
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-25 13:53:02.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-25 13:53:01.817
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-25 13:53:01.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-25 13:53:01.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-25 13:53:00.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-25 13:53:00.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3330S CPU @ 2.70GHz
Percentage of memory in use: 51%
Total physical RAM: 8140.38 MB
Available physical RAM: 3987.8 MB
Total Virtual: 11685.81 MB
Available Virtual: 6872.03 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:149.56 GB) (Free:21.12 GB) NTFS
Drive d: (Data) (Fixed) (Total:762.31 GB) (Free:539.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F0CB5C7A)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 RCLeahcar

RCLeahcar
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:59 AM

Posted 13 October 2015 - 03:09 PM

Thanks for your help! :)

So far the Temp1 thing hasn't happened since I did this, but I'll let you know if it happens again.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 AM

Posted 14 October 2015 - 08:42 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 AM

Posted 20 October 2015 - 07:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users